|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Hijackthis-logi ja ilmeisesti sama messenger-virus kuin joillain muilla
|
|
AfterDawn Addict
|
29. toukokuuta 2008 @ 23:09 |
Linkki tähän viestiin
|
|
==>> J3pp3
==>> wuttila
Laittakaa uusi aihe viesteille.
Ei pysy lapasessa samalla topicilla.
(:)
|
|
Nordis
Newbie
|
31. toukokuuta 2008 @ 11:37 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:42, on 31.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\AutoInstall\ZD1211_Auto_Install_CD_Only_Gen_0ACE2011\AutoEJCD.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\pelit\steam\steam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\winudpmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AutoEJCD_0ACE2011] C:\Program Files\AutoInstall\ZD1211_Auto_Install_CD_Only_Gen_0ACE2011\AutoEJCD.EXE /VID=0ACE /PID=2011
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\pelit\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1183811530484
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 8929 bytes
ComboFix 08-05-29.1 - Samu 2008-05-31 11:21:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1267 [GMT 3:00]
Running from: C:\Documents and Settings\Samu\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Samu\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\winudspm.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
C:\WINDOWS\BM3ba0b2bd.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\service.exe
C:\WINDOWS\system32\awtqqOhh.dll
C:\WINDOWS\system32\awtsPJDw.dll
C:\WINDOWS\system32\bnlwmawm.dll
C:\WINDOWS\system32\bovchrni.dll
C:\WINDOWS\system32\ddcAppqq.dll
C:\WINDOWS\system32\ddcDvsPG.dll
C:\WINDOWS\system32\hgGVMDvW.dll
C:\WINDOWS\system32\hgGwXqPj.dll
C:\WINDOWS\system32\imsosmml.dll
C:\WINDOWS\system32\inrhcvob.ini
C:\WINDOWS\system32\jrmdvoxe.dll
C:\WINDOWS\system32\ljJDVmNE.dll
C:\WINDOWS\system32\mwamwlnb.ini
C:\WINDOWS\system32\nluvxagl.dll
C:\WINDOWS\system32\nnnkHyaX.dll
C:\WINDOWS\system32\nnnnOeBQ.dll
C:\WINDOWS\system32\opnnoppO.dll
C:\WINDOWS\system32\pmnKbcaa.dll
C:\WINDOWS\system32\qoMDuUmn.dll
C:\WINDOWS\system32\rkfuktgb.dll
C:\WINDOWS\system32\tsvkrxfq.ini
C:\WINDOWS\system32\vjoqeucx.ini
C:\WINDOWS\system32\vytstmmp.dll
C:\WINDOWS\system32\XayHknnn.ini
C:\WINDOWS\system32\XayHknnn.ini2
C:\WINDOWS\system32\xcueqojv.dll
C:\WINDOWS\system32\xxywVnol.dll
C:\WINDOWS\system32\yayXQgeE.dll
C:\WINDOWS\winudspm.exe
C:\WINDOWS\wkssvr.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.
2008-05-30 19:23 . 2008-05-30 22:12 60,132 --a------ C:\dcsi.exe
2008-05-30 16:55 . 2008-05-30 19:08 86,498 --a------ C:\Documents and Settings\Samu\setup.exe
2008-05-30 05:39 . 2008-05-30 05:39 83,400 --a------ C:\ahakk.exe
2008-05-30 04:43 . 2008-05-30 05:39 83,400 -r-hs---- C:\WINDOWS\winudpmgr.exe
2008-05-29 22:03 . 2008-05-29 22:03 96,768 --------- C:\is15480.exe
2008-05-29 21:11 . 2008-05-29 21:11 91,522 --a------ C:\daf.exe
2008-05-29 20:36 . 2008-05-29 20:42 249,496 --a------ C:\sexy.exe
2008-05-29 20:18 . 2008-05-29 20:18 86,340 --a------ C:\img.com
2008-05-29 19:37 . 2008-05-29 19:37 40,960 --a------ C:\dsdc.exe
2008-05-29 15:35 . 2008-05-29 22:06 60,132 --a------ C:\ddc.exe
2008-05-29 15:14 . 2008-05-29 18:12 56,832 --a------ C:\fa.com
2008-05-29 04:39 . 2008-05-29 15:17 40,960 --a------ C:\d.exe
2008-05-28 23:47 . 2008-05-28 23:47 214,528 --a------ C:\vundoFIX.exe
2008-05-28 20:26 . 2008-05-28 20:26 40,960 --a------ C:\dczi.exe
2008-05-28 20:14 . 2008-05-30 22:15 96,768 --------- C:\is154890.exe
2008-05-27 23:36 . 2008-05-27 23:36 40,960 --a------ C:\dcis.exe
2008-05-27 23:25 . 2008-05-27 23:25 40,960 --a------ C:\dciz.exe
2008-05-27 22:52 . 2008-05-28 04:40 56,832 --a------ C:\sexy.com
2008-05-27 22:40 . 2008-05-30 22:47 60,132 --a------ C:\dci.exe
2008-05-18 18:55 . 2008-05-18 18:55 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-05-18 18:54 . 2008-05-18 18:54 240 --a------ C:\WINDOWS\RomeTW.ini
2008-05-04 22:56 . 2008-05-04 22:56 <DIR> d-------- C:\Program Files\Rockstar Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 08:28 --------- d-----w C:\Documents and Settings\Samu\Application Data\skypePM
2008-05-31 08:28 --------- d-----w C:\Documents and Settings\Samu\Application Data\Skype
2008-05-28 20:47 214,528 ----a-w C:\vundoFIX.exe
2008-05-25 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 20:14 --------- d-----w C:\Documents and Settings\Samu\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-03 17:25 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-04-07 20:54 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-23 00:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-06-13 10:23 249,496 --sha-r C:\WINDOWS\system32\telecms.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Steam"="d:\pelit\steam\steam.exe" [2008-03-29 22:52 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 81920]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 16:20 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-06 15:32 949376]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"AutoEJCD_0ACE2011"="C:\Program Files\AutoInstall\ZD1211_Auto_Install_CD_Only_Gen_0ACE2011\AutoEJCD.exe" [2004-08-11 19:02 40960]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 16:34 868352]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 15:44 36864]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 15:44 1953792]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe" [2007-01-05 12:39 597504]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe" [2006-12-29 04:54 363008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14 270648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Windows UDP Control"="winudspm.exe" []
"Windows UDP Control Center"="winudpmgr.exe" [2008-05-30 05:39 83400 C:\WINDOWS\winudpmgr.exe]
"Windows svchost"="service.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-07 12:49:57 692224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Pelit\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\telecms.exe"=
S3 ZD1211U(ZyXEL);ZyXEL G-220F 802.11g Wireless USB Adapter Driver (USB)(ZyXEL);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-02-24 16:41]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 07:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 11:28:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\SoftwareDistribution\Download\c286b650f35378bdc0c45de56f787772\update\update.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-31 11:31:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-31 08:31:02
Pre-Run: 14,748,454,912 bytes free
Post-Run: 16,340,840,448 bytes free
198 --- E O F --- 2008-05-17 00:00:49
Onkos tässä jotain feelua?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 31. toukokuuta 2008 @ 11:39
|
AfterDawn Addict
|
31. toukokuuta 2008 @ 12:37 |
Linkki tähän viestiin
|
==>> Nordis
Lainaus, alkuperäisen viestin kirjoitti kalminen:
Ei pysy lapasessa samalla topicilla.
Klikkaa TÄNNE
.
(:)
|
|
