|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Loki sekaisin, apuuva
|
|
|
Grizzlyr
Newbie
|
12. toukokuuta 2008 @ 19:12 |
Linkki tähän viestiin
|
Jostain syystä sain tänään combofixin toimimaan, tässä loki ja uusi hjt loki
ComboFix 08-05-09.1 - Björn 2008-05-12 18:53:38.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1888 [GMT 3:00]
Running from: C:\Users\Björn\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.
2008-05-12 00:04 . 2008-05-12 00:05 <DIR> d-------- C:\Program Files\Panda Security
2008-05-11 13:21 . 2008-05-11 13:21 <DIR> d-------- C:\Users\All Users\Uniblue
2008-05-11 13:21 . 2008-05-11 13:21 <DIR> d-------- C:\ProgramData\Uniblue
2008-05-11 11:52 . 2008-05-11 15:51 <DIR> d-------- C:\fixwareout
2008-05-10 21:30 . 2008-05-10 21:30 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-10 19:22 . 2008-05-10 19:22 <DIR> d-------- C:\Program Files\CCleaner
2008-05-09 18:03 . 2008-05-09 18:09 524,288 --ahs---- C:\Users\Björn\NTUSER.DAT{0181a0e4-1dd9-11dd-be97-001c255617a6}.TMContainer00000000000000000002.regtrans-ms
2008-05-09 18:03 . 2008-05-09 18:09 524,288 --ahs---- C:\Users\Björn\NTUSER.DAT{0181a0e4-1dd9-11dd-be97-001c255617a6}.TMContainer00000000000000000002.regtrans-ms
2008-05-09 18:03 . 2008-05-12 07:07 524,288 --ahs---- C:\Users\Björn\NTUSER.DAT{0181a0e4-1dd9-11dd-be97-001c255617a6}.TMContainer00000000000000000001.regtrans-ms
2008-05-09 18:03 . 2008-05-12 07:07 524,288 --ahs---- C:\Users\Björn\NTUSER.DAT{0181a0e4-1dd9-11dd-be97-001c255617a6}.TMContainer00000000000000000001.regtrans-ms
2008-05-09 18:03 . 2008-05-12 07:07 65,536 --ahs---- C:\Users\Björn\NTUSER.DAT{0181a0e4-1dd9-11dd-be97-001c255617a6}.TM.blf
2008-05-09 18:03 . 2008-05-12 07:07 65,536 --ahs---- C:\Users\Björn\NTUSER.DAT{0181a0e4-1dd9-11dd-be97-001c255617a6}.TM.blf
2008-05-08 19:46 . 2008-05-08 19:46 <DIR> d-------- C:\Users\Björn\AppData\Roaming\Malwarebytes
2008-05-08 19:46 . 2008-05-08 19:46 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-08 19:46 . 2008-05-08 19:46 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-08 19:46 . 2008-05-08 23:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 19:46 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-08 19:46 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-07 20:51 . 2008-05-07 20:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 20:23 . 2008-05-11 21:59 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-07 20:23 . 2008-05-11 21:59 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-07 19:35 . 2008-05-11 13:21 <DIR> d-------- C:\Users\Björn\AppData\Roaming\Uniblue
2008-05-07 19:08 . 2008-05-10 17:18 <DIR> d--hs---- C:\Users\Björn\!
2008-05-07 19:08 . 2008-05-10 17:18 <DIR> d--hs---- C:\Users\Björn\!
2008-05-04 14:21 . 2008-05-04 14:21 <DIR> d-------- C:\Program Files\Incomplete
2008-05-03 13:49 . 2005-11-03 04:39 245,504 --a------ C:\Windows\System32\drivers\Dr71WU.sys
2008-04-29 16:44 . 2008-04-29 16:44 0 --ah----- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-04-29 16:43 . 2008-04-29 16:43 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-29 16:36 . 2007-09-17 15:53 21,632 --a------ C:\Windows\System32\drivers\pccsmcfd.sys
2008-04-29 16:35 . 2008-05-11 22:33 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-04-29 16:35 . 2008-04-29 16:35 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-21 20:09 . 2008-04-21 20:09 <DIR> d-------- C:\Users\All Users\Nokia
2008-04-21 20:09 . 2008-04-21 20:09 <DIR> d-------- C:\ProgramData\Nokia
2008-04-18 18:41 . 2008-04-18 18:41 <DIR> d-------- C:\Users\Björn\AppData\Roaming\AdobeUM
2008-04-13 12:28 . 2007-04-09 13:23 28,040 --a------ C:\Windows\System32\mdimon.dll
2008-04-13 12:28 . 2008-04-13 12:28 390 --a------ C:\Windows\ODBC.INI
2008-04-13 12:27 . 2008-04-13 12:27 <DIR> d-------- C:\Windows\PCHEALTH
2008-04-13 12:27 . 2008-04-13 12:27 <DIR> d-------- C:\Program Files\Microsoft.NET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 15:56 1,572,864 --sha-w C:\Users\Björn\NTUSER.DAT
2008-05-12 15:56 1,572,864 --sha-w C:\Users\Björn\NTUSER.DAT
2008-05-12 15:36 --------- d-----w C:\Program Files\Packard Bell Data Secure
2008-05-11 18:59 --------- d---a-w C:\ProgramData\TEMP
2008-05-11 18:59 --------- d-----w C:\ProgramData\Symantec
2008-05-11 18:19 --------- d-----w C:\ProgramData\Google Updater
2008-05-11 10:21 --------- d-----w C:\Users\Björn\AppData\Roaming\Uniblue
2008-05-09 15:07 --------- d-----w C:\Program Files\D-Link
2008-05-08 21:29 --------- d-----w C:\Program Files\Java
2008-05-08 16:46 --------- d-----w C:\Users\Björn\AppData\Roaming\Malwarebytes
2008-05-04 10:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 06:52 --------- d-----w C:\Program Files\Nokia
2008-05-01 15:12 --------- d-s---w C:\Users\Björn\AppData\Roaming\Microsoft
2008-04-29 13:44 --------- d-----w C:\Users\Björn\AppData\Roaming\PC Suite
2008-04-29 13:43 --------- d-----w C:\Users\Björn\AppData\Roaming\Nokia
2008-04-29 13:43 --------- d-----w C:\ProgramData\PC Suite
2008-04-29 13:34 --------- d-----w C:\ProgramData\Installations
2008-04-19 04:49 --------- d-----w C:\Users\Björn\AppData\Roaming\Adobe
2008-04-18 15:41 --------- d-----w C:\Users\Björn\AppData\Roaming\AdobeUM
2008-04-13 09:13 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-13 09:13 --------- d-----w C:\Program Files\Microsoft Works
2008-04-09 14:20 --------- d-----w C:\Program Files\Windows Mail
2008-04-03 16:28 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-02 11:11 --------- d-----w C:\Program Files\Common Files\Java
2008-03-26 20:15 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-03-26 20:15 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-03-26 20:15 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-03-23 07:17 --------- d-----w C:\Program Files\Logitech
2008-03-23 07:17 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-21 20:10 --------- d-----w C:\Program Files\Steam
2008-03-21 20:07 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-21 20:06 --------- d-----w C:\Program Files\ATI
2008-03-21 17:11 --------- d-----w C:\Users\Björn\AppData\Roaming\Earthsim
2008-03-21 17:11 --------- d-----w C:\ProgramData\Earthsim
2008-03-21 17:11 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 16:55 --------- d-----w C:\ProgramData\ATI
2008-03-21 16:51 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 15:25 --------- d-----w C:\Users\Björn\AppData\Roaming\Ahead
2008-03-21 15:10 --------- d-----w C:\Program Files\Ahead
2008-03-21 15:08 --------- d-----w C:\ProgramData\Ahead
2008-03-21 15:08 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-21 13:24 --------- d-----w C:\Users\Björn\AppData\Roaming\CyberLink
2008-03-20 20:02 --------- d-----w C:\Program Files\PC-Diag
2008-03-20 17:45 --------- d-----w C:\Program Files\DIFX
2008-03-20 17:28 --------- d-----w C:\Users\Björn\AppData\Roaming\Logitech
2008-03-20 17:28 --------- d-----w C:\ProgramData\LogiShrd
2008-03-20 17:26 --------- d-----w C:\Users\Björn\AppData\Roaming\InstallShield
2008-03-20 17:26 --------- d-----w C:\ProgramData\Logitech
2008-03-20 17:26 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-03-20 15:54 174 --sha-w C:\Program Files\desktop.ini
2008-03-20 15:47 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-20 15:47 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-20 15:47 --------- d-----w C:\Program Files\Windows Journal
2008-03-20 15:47 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-20 15:47 --------- d-----w C:\Program Files\Windows Calendar
2008-03-20 15:46 --------- d-----w C:\Program Files\Windows Defender
2008-03-20 15:23 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-20 15:23 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-20 13:59 --------- d-----w C:\Users\Björn\AppData\Roaming\Google
2008-03-20 13:58 --------- d-----w C:\Program Files\Google
2008-03-20 13:52 --------- d-----w C:\Program Files\eSobi
2008-03-19 21:33 --------- d-----w C:\Users\Björn\AppData\Roaming\eSobi
2008-03-19 20:30 --------- d-----w C:\ProgramData\InstallShield
2008-03-19 20:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 20:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-19 19:48 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-19 19:45 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-19 19:45 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-19 19:45 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-19 19:45 --------- d-----w C:\Program Files\Symantec
2008-03-19 18:19 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-19 15:50 --------- d-----w C:\ProgramData\eSobi
2008-03-19 15:32 --------- d-----w C:\Users\Björn\AppData\Roaming\Macromedia
2008-03-19 15:32 --------- d-----w C:\Users\Björn\AppData\Roaming\ATI
2008-03-19 15:31 --------- d-----w C:\Users\Björn\AppData\Roaming\Identities
2008-03-19 15:31 --------- d-----w C:\ProgramData\CyberLink
2008-03-19 15:30 --------- d-----w C:\Program Files\Acer Arcade Live
2008-03-06 08:14 831,048 ----a-w C:\Windows\System32\WudfUpdate_01005.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-26 03:10 372,736 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-02-26 03:10 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-02-26 03:09 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-02-26 03:09 315,392 ----a-w C:\Windows\System32\atipdlxx.dll
2008-02-26 03:09 253,952 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-02-26 03:09 245,760 ----a-w C:\Windows\System32\Oemdspif.dll
2008-02-26 03:08 655,360 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-02-26 03:00 1,499,136 ----a-w C:\Windows\System32\atidxx32.dll
2008-02-26 02:55 3,074,048 ----a-w C:\Windows\System32\atiumdag.dll
2008-02-26 02:47 9,662,464 ----a-w C:\Windows\System32\atioglxx.dll
2008-02-26 02:40 4,084,736 ----a-w C:\Windows\System32\atiumdva.dll
2008-02-26 02:29 47,104 ----a-w C:\Windows\System32\amdpcom32.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 10:33 1233920]
"Acer Tour Reminder"="" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-20 16:55 68856]
"Packard Bell Data Secure"="C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 16:15 2361856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 10:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 14:04 4423680 C:\Windows\RtHDVCpl.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 07:44 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 07:42 22696]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 20:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 10:04 464168]
"Skytel"="Skytel.exe" [2007-03-16 10:06 1822720 C:\Windows\SkyTel.exe]
"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 23:24 178280]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-16 04:39 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\Windows\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 16:03 93208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-16 04:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 2:44:06 PM 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [4/17/2007 4:09:28 AM 528384]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/20/2008 4:55:53 PM 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [3/20/2008 8:26:24 PM 789008]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [4/17/2007 4:13:50 AM 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C0B04953-9D63-4886-9FEE-B20972592777}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{64C52DD3-2977-4C34-BDA1-8FD96179DF00}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{F42A10AE-D383-4A78-9E05-64BBC84376C5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{A0E22BD1-9D17-41A4-BF50-419B503C50D0}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{E59634F8-1C07-40AC-84E1-E301FBC238EE}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{DFFF3429-DA90-43DB-898C-FAEEFE3F39E2}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{5F06C73B-3B46-4ED5-983C-2880071833B2}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{1955E669-BE1F-4C13-B854-FB32F2900974}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A8757501-B402-4C19-AD10-EA4697A9512B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{4F598B98-058E-4DF9-9FCA-0ECFCA98167C}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie
"{5A952D69-25D8-4741-86C2-E52E79A43CEF}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program
"{B0451F20-D90C-4F10-8788-C238622245FB}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D33FE755-34C5-4BA1-927B-4F22579ECB35}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 18:23]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 22:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 22:52]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 10:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 10:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 10:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-03-12 09:30]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 16:24]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-05 04:54]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 10:04]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 08:53]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 15:39]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-21 19:57]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 17:28:58 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Björn.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-05-12 13:25:12 C:\Windows\Tasks\User_Feed_Synchronization-{A11C9E5D-FD74-42F6-A835-B13E49199FFD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 18:56:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-12 18:57:45
ComboFix-quarantined-files.txt 2008-05-12 15:57:40
Pre-Run: 187,009,171,456 bytes free
Post-Run: 188,216,160,256 bytes free
268 --- E O F --- 2008-04-09 14:20:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:04, on 12.5.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 10091 bytes
|
|
Hujo
Suspended permanently
|
12. toukokuuta 2008 @ 19:19 |
Linkki tähän viestiin
|
Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita ponnahtava rapport ? muistion sisältö viestiketjuusi.
Löytyy myös C:\rapport.txt
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
(AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
silloin ne saattavat varoittaa käyttäjää.
Voiko tietsikka koskaan toimia?
|
|
Grizzlyr
Newbie
|
12. toukokuuta 2008 @ 21:23 |
Linkki tähän viestiin
|
|
Ei tämä generoi minkäänlaista lokia. Eikö ole aihetta vai onko niin että tää ei toimi, odotin tunnin verran
|
|
Hujo
Suspended permanently
|
12. toukokuuta 2008 @ 21:29 |
Linkki tähän viestiin
|
|
niin laitoi 1 ja painoit enter
Voiko tietsikka koskaan toimia?
|
|
Grizzlyr
Newbie
|
12. toukokuuta 2008 @ 21:32 |
Linkki tähän viestiin
|
|
Joo näin tein, task managerista kyllä näin että ohjelma pyöri, mutta ei kai lokin tekeminen näin kauan voi kestää?
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
12. toukokuuta 2008 @ 21:54 |
Linkki tähän viestiin
|
|
eipä kestä..
Voiko tietsikka koskaan toimia?
|
|
