Netti pätkii

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

perjantai 25.7.2025 / 18:47

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > netti pätkii

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Netti pätkii

Siirry:

Kirjoittaja

Viesti

jtp43

Suspended due to non-functional email address

25. huhtikuuta 2007 @ 15:18

Linkki tähän viestiin

Logfile of HijackThis v1.99.1
Scan saved at 18:53:10, on 25.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NPF Messenger.lnk = ?
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Netti ei pysy päällä.Kaikki mahdolliset virus ohjelmat on ajettu,java päivitetty,levy eheytty,ccleaner on myös käytössä löytyiskö tosta lokista jotain

[ + lainaa]

Auttaja

Suspended permanently

25. huhtikuuta 2007 @ 16:05

Linkki tähän viestiin

ei löydy

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list

jtp43

Suspended due to non-functional email address

25. huhtikuuta 2007 @ 17:58

Linkki tähän viestiin

"Omistaja" - 07-04-25 21:47:58 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Omistaja\"

((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))

2007-04-25 19:35 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-04-25 18:18 6,112 -ra------ C:\WINDOWS\system32\drivers\k600cm.sys
2007-04-25 18:17 5,744 -ra------ C:\WINDOWS\system32\drivers\k600wh.sys
2007-04-25 18:17 <KANSIO> d-------- C:\WINDOWS\LastGood
2007-04-25 17:12 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-25 17:12 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-04-25 17:11 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2007-04-24 22:12 218,112 --a------ C:\Program Files\HijackThis_v1.99.1.exe
2007-04-24 21:55 <KANSIO> d-------- C:\Downloads
2007-04-24 21:55 <KANSIO> d-------- C:\Bases
2007-04-24 21:54 <KANSIO> d-------- C:\Kaspersky
2007-04-05 21:41 <KANSIO> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2007-04-05 21:38 <KANSIO> d-------- C:\Program Files\ReflexiveArcade
2007-04-05 21:38 <KANSIO> d-------- C:\Program Files\Mystery Case Files Ravenhearst

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-25 21:44 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\skype
2007-04-25 19:35 -------- d-------- C:\Program Files\divx
2007-04-25 18:53 6586 --a------ C:\Program Files\hijackthis.log
2007-04-25 18:49 -------- d-------- C:\Program Files\mozilla thunderbird
2007-04-25 17:53 11278 --a------ C:\WINDOWS\mozver.dat
2007-04-25 17:41 5 --a------ C:\NPF_USER.DAT
2007-04-25 17:12 -------- d-------- C:\Program Files\Common Files\teleca shared
2007-04-23 18:25 -------- d-------- C:\Program Files\dc++
2007-04-22 19:27 428 --a------ C:\DOCUME~1\Omistaja\APPLIC~1\wklnhst.dat
2007-04-19 21:55 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\vso
2007-04-16 16:58 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\openoffice.org2
2007-03-30 17:02 -------- d-------- C:\Program Files\yahoo!
2007-03-25 11:28 75822 --a------ C:\WINDOWS\system32\perfc00b.dat
2007-03-25 11:28 375934 --a------ C:\WINDOWS\system32\perfh00b.dat
2007-03-22 23:47 46344 --a------ C:\WINDOWS\nssetdefaultbrowser.exe
2007-03-22 19:40 -------- d-------- C:\Program Files\visualtooltip
2007-03-22 19:40 -------- d-------- C:\Program Files\styler
2007-03-22 19:40 -------- d-------- C:\Program Files\microsoft windows vista upgrade advisor
2007-03-22 19:40 -------- d-------- C:\Program Files\lclock
2007-03-20 20:55 -------- d-------- C:\Program Files\skype
2007-03-17 20:39 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\stardock
2007-03-17 16:44 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-13 19:06 -------- d--h----- C:\Program Files\installshield installation information
2007-03-13 19:06 -------- d-------- C:\Program Files\norman
2007-03-13 18:51 -------- d-------- C:\Program Files\google
2007-03-11 17:22 -------- d-------- C:\Program Files\Common Files\scanner
2007-03-11 17:19 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\netscape
2007-03-11 13:51 -------- d-------- C:\Program Files\yamicsoft
2007-03-08 18:38 578048 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 18:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 18:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 18:34 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-04 20:45 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\divx
2007-03-04 14:05 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\real
2007-03-03 20:39 -------- d-------- C:\Program Files\netscape
2007-03-03 19:50 774144 --a------ C:\Program Files\rnginterstitial.dll
2007-03-03 18:20 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\template
2007-03-03 18:06 -------- d-------- C:\Program Files\oo2-soikko-windows-1.1.2
2007-03-03 17:54 -------- d-------- C:\Program Files\openoffice.org 2.1
2007-03-03 15:54 -------- d-------- C:\Program Files\windows media connect 2
2007-03-03 00:27 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\bsplayer pro
2007-03-03 00:13 -------- d-------- C:\Program Files\nimocodec pack
2007-03-02 22:01 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\olympus
2007-03-02 21:01 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\lavasoft
2007-03-02 20:58 87608 --a------ C:\DOCUME~1\Omistaja\APPLIC~1\ezpinst.exe
2007-03-02 20:58 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-02 20:58 47360 --a------ C:\DOCUME~1\Omistaja\APPLIC~1\pcouffin.sys
2007-03-02 20:58 34 --a------ C:\DOCUME~1\Omistaja\APPLIC~1\pcouffin.log
2007-03-02 20:58 1144 --a------ C:\DOCUME~1\Omistaja\APPLIC~1\pcouffin.inf
2007-03-02 20:58 1074 --a------ C:\DOCUME~1\Omistaja\APPLIC~1\pcouffin.cat
2007-03-02 20:23 -------- d-------- C:\Program Files\tukicd
2007-03-02 20:14 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\help
2007-03-02 20:01 -------- d-------- C:\Program Files\pixela
2007-03-02 20:00 -------- d-------- C:\Program Files\quicktime
2007-03-02 19:56 -------- d-------- C:\Program Files\microsoft works
2007-03-02 19:45 -------- dr------- C:\Program Files\program files
2007-03-02 19:44 -------- d-------- C:\Program Files\windows nt
2007-03-02 19:43 -------- d-------- C:\Program Files\picasa2
2007-03-02 19:43 -------- d-------- C:\Program Files\online services
2007-03-02 19:42 -------- d-------- C:\Program Files\movie maker
2007-03-02 19:41 -------- d-------- C:\Program Files\messenger
2007-03-02 19:35 -------- d-------- C:\Program Files\disc2phone
2007-03-02 19:35 -------- d-------- C:\Program Files\Common Files\xing shared
2007-03-02 19:35 -------- d-------- C:\Program Files\Common Files\real
2007-03-02 19:35 -------- d-------- C:\Program Files\Common Files\mozilla.org
2007-03-02 19:35 -------- d-------- C:\Program Files\ccleaner
2007-03-02 19:34 -------- d-------- C:\Program Files\lexmark 510 series
2007-03-02 19:34 -------- d-------- C:\Program Files\lavasoft
2007-03-02 19:34 -------- d-------- C:\Program Files\intervideo
2007-03-02 19:34 -------- d-------- C:\Program Files\ifi
2007-03-02 19:33 -------- d-------- C:\Program Files\microsoft games
2007-03-02 19:32 -------- d-------- C:\Program Files\olympus
2007-03-02 19:30 -------- d-------- C:\Program Files\vso
2007-03-02 19:30 -------- d-------- C:\Program Files\sony ericsson
2007-03-02 19:30 -------- d-------- C:\Program Files\real
2007-03-02 19:29 -------- d-------- C:\Program Files\webteh
2007-03-02 19:15 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\intervideo
2007-03-02 19:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-02 19:12 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\thunderbird
2007-03-02 19:12 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\talkback
2007-03-02 18:13 -------- d-------- C:\Program Files\western digital technologies
2007-03-02 18:13 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\google
2007-03-02 00:07 -------- d-------- C:\Program Files\Common Files\speechengines
2007-03-02 00:07 -------- d-------- C:\Program Files\Common Files\odbc
2007-03-02 00:06 62 --ahs---- C:\DOCUME~1\Omistaja\APPLIC~1\desktop.ini
2007-03-01 22:41 -------- d-------- C:\Program Files\microsoft frontpage
2007-03-01 22:40 0 -rahs---- C:\MSDOS.SYS
2007-03-01 22:40 0 -rahs---- C:\IO.SYS
2007-03-01 22:40 0 --a------ C:\CONFIG.SYS
2007-03-01 22:40 0 --------- C:\AUTOEXEC.BAT
2007-03-01 22:39 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-01 22:39 -------- d-------- C:\Program Files\Common Files\mssoap
2007-03-01 22:38 -------- d-------- C:\Program Files\msn gaming zone
2007-02-23 07:29 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-02-23 07:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 07:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 07:29 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-02-23 07:29 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-02-23 07:29 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-02-23 07:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 07:25 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 07:25 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 07:25 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 07:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 07:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-02-23 07:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 07:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-02-23 07:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 07:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 07:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 07:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-16 04:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-05 23:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"Norman ZANDA"="C:\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-25 21:50:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-25 21:50:39
C:\ComboFix-quarantined-files.txt ... 07-04-25 21:50

[ + lainaa]

Auttaja

Suspended permanently

26. huhtikuuta 2007 @ 04:19

Linkki tähän viestiin