|
WinSys2.exe
|
|
|
baNkog
Newbie
|
29. tammikuuta 2008 @ 18:44 |
Linkki tähän viestiin
|
|
onko kyseinen prosessi virus? Aattelin kysästä koska tollainen prosessi on ilmaantunut yht'äkkiä tässä lähipäivinä...
A.H
|
|
kelari
Senior Member
|
29. tammikuuta 2008 @ 19:09 |
Linkki tähän viestiin
|
|
Google kertoo että onpi örkki!!1
|
|
tomato71
Suspended due to non-functional email address
|
29. tammikuuta 2008 @ 20:27 |
Linkki tähän viestiin
|
www.virustorjunta.net
|
|
baNkog
Newbie
|
30. tammikuuta 2008 @ 18:38 |
Linkki tähän viestiin
|
|
formatoisin koneen ja asensin sunbletin palomurin ja avastin taustasuojauksen, mutta kun aloin lataamaan windowsin automaattisia päivityksiä ja aloin asentamaan niitä nii sunblet alkoi varoittamaan kyseisestä "WinSys2" tiedostosta ja esti pääsyn kunnes vähän ajan päästä katsoin prosesseja niin siellä pyörikin WinSys2.exe!?! eli oiskos jotai konstia millä ton sais koneelta pois kokonaan ja alkää antako mitään englannin kielistä urlia vaa antakaa vaikka suomeksi jotai neuvoja.
A.H
|
|
RIVER2
Account closed as per user's own request
|
30. tammikuuta 2008 @ 19:56 |
Linkki tähän viestiin
|
Lataa Hijacthis TÄSTÄ käynnistä se ja klikkaa Do a System Scan only
Etsi se prosessi sieltä listalta, merkkaa se raksilla ja paina Fix Checked ja nyt sen pitäis olla poissa.
GeForce 8800 gts 320 Mt (OC 600/850) | 500 Gt Seagate | C2D E6750 3,00 GHz (Boxed) | 4 Gt DDR2 muistia | 600 watin Zalman | Abit IP35-E emo | Win XP Pro | Hiiri: Logitech MX-518 |
Ohjeet sensuurin kiertoon |
|
infs
Junior Member
|
2. helmikuuta 2008 @ 23:38 |
Linkki tähän viestiin
|
Mulla löytyy koneelta 2kpl Winsys2.exe tiedostoa.
toinen on c:\windows\system32 kansiossa ja toinen c:\windows\system32\ReinstallBackups\0015\DriverFiles
HJT ei niitä löydä mut se johtunee siitä, että oon joskus ton winsys2.exe:n disablennu msconfig:lla. Kysymys oliskin kannattaako poistaa ja lähteekö iha pelkällä deletellä?
hulapaloo
|
|
tomato71
Suspended due to non-functional email address
|
3. helmikuuta 2008 @ 00:21 |
Linkki tähän viestiin
|
laita hjt-loki niin katotaan jos se on kutsunu kavereita kylään :D
www.virustorjunta.net
|
|
infs
Junior Member
|
3. helmikuuta 2008 @ 00:27 |
Linkki tähän viestiin
|
logia:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:13:40, on 3.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\program files\steam\steam.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5766 bytes
hulapaloo
|
|
infs
Junior Member
|
3. helmikuuta 2008 @ 01:17 |
Linkki tähän viestiin
|
ei ainakaa jotilla virukseksi tunnista =/
screeni
vaan en edes muista sitä suurta viisautta miksi joskus olen ton startupista poistan =) Kone ainaki suht vakaasti hyrräilee et ei se hurjan ilkeä liene.
hulapaloo
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 3. helmikuuta 2008 @ 01:37
|
Junior Member
1 tuotearvio
|
3. helmikuuta 2008 @ 03:12 |
Linkki tähän viestiin
|
|
kyllä se kuule ilkeä on :D jos ei nyt, niin tässä kohta.
suna kyllä hankkiutusin tosta eroon ja ääkkiä.
OCZ GameXStream 600w
Intel Core 2 Quad Q6600 G0@3.0ghz
Abit IP35
EVGA Geforce 8800GTS G92 Core/Shader/Memory - 740/1825/1080
G.Skill 2GB 800mhz dual
Western Digital 500GB
Samsung DVD/RW dual layer
Logitech G5 Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 3. helmikuuta 2008 @ 03:13
|
|
tomato71
Suspended due to non-functional email address
|
3. helmikuuta 2008 @ 09:42 |
Linkki tähän viestiin
|
1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
www.virustorjunta.net
|
|
infs
Junior Member
|
3. helmikuuta 2008 @ 13:53 |
Linkki tähän viestiin
|
ComboFix 08-02.03.1 - infs 2008-02-03 13:49:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1244 [GMT 2:00]
Running from: C:\Documents and Settings\infs\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\install.exe
C:\WINDOWS\system32\winsys.exe
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-02-02 23:53 . 2008-02-02 23:53 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-02 23:22 . 2008-02-02 23:22 <DIR> d-------- C:\Program Files\Uniblue
2008-02-02 23:22 . 2008-02-02 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-01 23:30 . 2008-02-01 23:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 21:20 . 2008-02-01 21:20 <DIR> d-------- C:\Documents and Settings\infs\Application Data\Grisoft
2008-02-01 21:18 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:45 . 2008-01-30 19:45 <DIR> d-------- C:\Documents and Settings\infs\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-12 20:09 . 1996-03-21 09:54 1,078 --a------ C:\WINDOWS\PLMTUNST.ICO
2008-01-12 20:09 . 1996-03-21 09:49 1,078 --a------ C:\WINDOWS\PLAYMATE.ICO
2008-01-12 19:53 . 2008-01-12 19:56 117 --a------ C:\WINDOWS\PLAYMATE.INI
2008-01-12 02:25 . 2008-01-18 20:39 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-01-07 18:30 . 2008-01-07 18:30 <DIR> d---s---- C:\Documents and Settings\infs\UserData
2008-01-07 04:15 . 1996-12-11 12:22 69,632 --a------ C:\WINDOWS\UNINSTCC.EXE
2008-01-07 04:14 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-01-07 04:00 . 2008-01-07 04:00 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-07 04:00 . 2008-01-07 04:00 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-06 00:20 . 2008-01-06 00:21 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-01-06 00:20 . 2008-01-06 10:38 <DIR> d-------- C:\Documents and Settings\infs\Application Data\DAEMON Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 11:51 --------- d-----w C:\Program Files\mIRC
2008-02-03 11:49 --------- d-----w C:\Documents and Settings\infs\Application Data\uTorrent
2008-02-03 07:12 --------- d-----w C:\Documents and Settings\infs\Application Data\AVG7
2008-02-02 21:41 --------- d-----w C:\Program Files\Steam
2008-02-02 21:41 --------- d-----w C:\Documents and Settings\infs\Application Data\OpenOffice.org2
2008-02-02 21:22 --------- d-----w C:\Documents and Settings\infs\Application Data\Uniblue
2008-02-01 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 17:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 20:03 --------- d-----w C:\Program Files\Winamp
2008-01-20 20:50 --------- d-----w C:\Program Files\DivX
2008-01-05 22:16 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-20 15:58 --------- d-----w C:\Documents and Settings\infs\Application Data\Skype
2007-12-17 20:51 --------- d-----w C:\Program Files\WinSCP
2007-12-15 17:30 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-15 17:08 --------- d-----w C:\Program Files\Microsoft Games
2007-12-12 11:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-12 11:41 --------- d--h--r C:\Documents and Settings\infs\Application Data\SecuROM
2007-12-12 11:36 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-12 11:36 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-12 11:36 --------- d-----w C:\Program Files\OpenAL
2007-12-08 18:02 4,000 ----a-w C:\ao.dat
2007-12-08 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-05 03:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-05 03:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-05 03:34 118,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-12-06 13:16 1266936]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-03 15:54 486856]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 08:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-10-28 16:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 09:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 09:58 69632]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 23:52 579072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32 61440]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 14:00 158208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52 8531968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-01 09:00 219136]
C:\Documents and Settings\infs\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-28 16:52 8531968 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 11:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-04-02 04:20 12288 C:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
--a------ 2006-04-29 10:36 208896 C:\WINDOWS\system32\winsys2.exe
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2006-04-18 14:53]
*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 12:44:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-16 21:20:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 13:51:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
.
Completion time: 2008-02-03 13:51:43
ComboFix-quarantined-files.txt 2008-02-03 11:51:41
.
2008-01-20 00:59:48 --- E O F ---
hulapaloo
|
|
infs
Junior Member
|
3. helmikuuta 2008 @ 13:55 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:47, on 3.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\program files\steam\steam.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5726 bytes
hulapaloo
|
|
tomato71
Suspended due to non-functional email address
|
3. helmikuuta 2008 @ 14:48 |
Linkki tähän viestiin
|
moi
Varmistu ensin, että piilotiedostot on näkyvillä.
Piilotiedostot näkyviin
Mene --> tänne
Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.
C:\WINDOWS\PLAYMATE.INI
Lähetä skannin tulokset seuraavassa viestissäsi.
Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne + virustotalin tulos ja uusi hjt-loki.
www.virustorjunta.net
|
|
infs
Junior Member
|
3. helmikuuta 2008 @ 21:20 |
Linkki tähän viestiin
|
ComboFix 08-02.03.1 - infs 2008-02-03 21:14:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1110 [GMT 2:00]
Running from: C:\Documents and Settings\infs\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\infs\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-02-02 23:53 . 2008-02-02 23:53 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-02 23:22 . 2008-02-02 23:22 <DIR> d-------- C:\Program Files\Uniblue
2008-02-02 23:22 . 2008-02-02 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-01 23:30 . 2008-02-01 23:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 21:20 . 2008-02-01 21:20 <DIR> d-------- C:\Documents and Settings\infs\Application Data\Grisoft
2008-02-01 21:18 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:45 . 2008-01-30 19:45 <DIR> d-------- C:\Documents and Settings\infs\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-12 20:09 . 1996-03-21 09:54 1,078 --a------ C:\WINDOWS\PLMTUNST.ICO
2008-01-12 20:09 . 1996-03-21 09:49 1,078 --a------ C:\WINDOWS\PLAYMATE.ICO
2008-01-12 19:53 . 2008-01-12 19:56 117 --a------ C:\WINDOWS\PLAYMATE.INI
2008-01-12 02:25 . 2008-01-18 20:39 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-01-07 18:30 . 2008-01-07 18:30 <DIR> d---s---- C:\Documents and Settings\infs\UserData
2008-01-07 04:15 . 1996-12-11 12:22 69,632 --a------ C:\WINDOWS\UNINSTCC.EXE
2008-01-07 04:14 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-01-07 04:00 . 2008-01-07 04:00 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-07 04:00 . 2008-01-07 04:00 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-06 00:20 . 2008-01-06 00:21 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-01-06 00:20 . 2008-01-06 10:38 <DIR> d-------- C:\Documents and Settings\infs\Application Data\DAEMON Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 19:14 --------- d-----w C:\Documents and Settings\infs\Application Data\uTorrent
2008-02-03 11:51 --------- d-----w C:\Program Files\mIRC
2008-02-03 07:12 --------- d-----w C:\Documents and Settings\infs\Application Data\AVG7
2008-02-02 21:41 --------- d-----w C:\Program Files\Steam
2008-02-02 21:41 --------- d-----w C:\Documents and Settings\infs\Application Data\OpenOffice.org2
2008-02-02 21:22 --------- d-----w C:\Documents and Settings\infs\Application Data\Uniblue
2008-02-01 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 17:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 20:03 --------- d-----w C:\Program Files\Winamp
2008-01-20 20:50 --------- d-----w C:\Program Files\DivX
2008-01-05 22:16 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-20 15:58 --------- d-----w C:\Documents and Settings\infs\Application Data\Skype
2007-12-17 20:51 --------- d-----w C:\Program Files\WinSCP
2007-12-15 17:30 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-15 17:08 --------- d-----w C:\Program Files\Microsoft Games
2007-12-12 11:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-12 11:41 --------- d--h--r C:\Documents and Settings\infs\Application Data\SecuROM
2007-12-12 11:36 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-12 11:36 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-12 11:36 --------- d-----w C:\Program Files\OpenAL
2007-12-08 18:02 4,000 ----a-w C:\ao.dat
2007-12-08 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-05 03:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-05 03:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-05 03:34 118,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-12-06 13:16 1266936]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-03 15:54 486856]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 08:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-10-28 16:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 09:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 09:58 69632]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 23:52 579072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32 61440]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 14:00 158208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52 8531968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-01 09:00 219136]
C:\Documents and Settings\infs\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-28 16:52 8531968 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 11:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-04-02 04:20 12288 C:\Program Files\Winamp\Winampa.exe
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2006-04-18 14:53]
*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 12:44:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-16 21:20:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 21:16:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
.
Completion time: 2008-02-03 21:16:43
ComboFix-quarantined-files.txt 2008-02-03 19:16:41
ComboFix2.txt 2008-02-03 11:51:44
.
2008-01-20 00:59:48 --- E O F ---
hulapaloo
|
|
infs
Junior Member
|
3. helmikuuta 2008 @ 21:21 |
Linkki tähän viestiin
|
Scan taken on 03 Feb 2008 19:07:33 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Edit. toi playmate.ini tod näkösesti tullu tommosen Jenny McCarthy DVD:n asentaman ohjelman mukana. poistin sen kyl välittömästi mut selkeesti jääny ainaki playmate.exe ja ini sinne =)
hulapaloo
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 3. helmikuuta 2008 @ 21:31
|
|
infs
Junior Member
|
3. helmikuuta 2008 @ 21:26 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:56, on 3.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\program files\steam\steam.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5696 bytes
hulapaloo
|
|
tomato71
Suspended due to non-functional email address
|
3. helmikuuta 2008 @ 21:41 |
Linkki tähän viestiin
|
moi
näyttää hyvältä,varmistetaan vielä...
[size=11]Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.[list]
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi
www.virustorjunta.net
|
|
infs
Junior Member
|
3. helmikuuta 2008 @ 22:01 |
Linkki tähän viestiin
|
joo meen kattelee superbowlit kaverille sil aikaa ku toi skannaa =P
Edit. Mahtava SupaBowl takana mut kapersky ei ollu kauheen positiivine
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 04, 2008 6:36:23 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/02/2008
Kaspersky Anti-Virus database records: 546420
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
N:\
Scan Statistics:
Total number of scanned objects: 151690
Number of viruses found: 10
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 03:40:30
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\infs\Application Data\OpenOffice.org2\user\uno_packages\cache\log.txt Object is locked skipped
C:\Documents and Settings\infs\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\common.rdb Object is locked skipped
C:\Documents and Settings\infs\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.component.PackageRegistryBackend\Windows_x86.rdb Object is locked skipped
C:\Documents and Settings\infs\Application Data\OpenOffice.org2\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db Object is locked skipped
C:\Documents and Settings\infs\Application Data\OpenOffice.org2\user\uno_packages\cache\uno_packages.db Object is locked skipped
C:\Documents and Settings\infs\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\infs\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\infs\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\infs\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\infs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\infs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\infs\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\infs\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
C:\Documents and Settings\infs\Local Settings\Temp\jar_cache9334.tmp Object is locked skipped
C:\Documents and Settings\infs\Local Settings\Temp\Perflib_Perfdata_dc.dat Object is locked skipped
C:\Documents and Settings\infs\Local Settings\Temp\~DF4F07.tmp Object is locked skipped
C:\Documents and Settings\infs\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\infs\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\infs\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\SteamApps\winui.gcf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP164\A0020408.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP195\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9E7AC6AA-1D98-4FCB-A32E-95E919777522}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_250.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP195\change.log Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_1_ep_25_-_conspiracy.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_1_ep_26_-_the_neutral_zone.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_2_ep_03_-_elementary_dear_data.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_2_ep_07_-_unnatural_selection.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_2_ep_12_-_the_royale.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_2_ep_17_-_samaritan_snare.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_2_ep_18_-_up_the_long_ladder.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_2_ep_21_-_peak_performance.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_3_ep_13_-_deja_q.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_4_ep_06_-_legacy.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_6_ep_07_rascals.avi Object is locked skipped
E:\star_trek_-_the_next_generation\star_trek_tng_-_season_7_ep_05_gambit_part_ii.avi Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP195\change.log Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP195\change.log Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP195\change.log Object is locked skipped
J:\Asennetut\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
J:\Asennetut\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
J:\Asennetut\mirc621.exe NSIS: infected - 2 skipped
J:\Rojut\Nero 7.8.5.0 Ultra Edition Enhanced + Keymaker\Nero-7.8.5.0_eng.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
J:\Rojut\Nero 7.8.5.0 Ultra Edition Enhanced + Keymaker\Nero-7.8.5.0_eng.exe RAR: infected - 1 skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP45\A0003656.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP45\A0003656.exe/data.rar/patch.exe Infected: Trojan.Win32.Agent.qt skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP45\A0003656.exe/data.rar/crack.exe Infected: Trojan.Win32.Inject.br skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP45\A0003656.exe/data.rar/install.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP45\A0003656.exe/data.rar Infected: Trojan-Downloader.Win32.Agent.brf skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP45\A0003656.exe RarSFX: infected - 5 skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP81\A0011290.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.vd skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP81\A0011290.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.qn skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP81\A0011290.exe/data.rar/crack.exe Infected: Trojan-Dropper.Win32.Small.ayg skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP81\A0011290.exe/data.rar Infected: Trojan-Dropper.Win32.Small.ayg skipped
J:\System Volume Information\_restore{388EA4B0-05F3-490F-B538-1EC5D2D6E1EB}\RP81\A0011290.exe RarSFX: infected - 4 skipped
J:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP195\change.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP195\change.log Object is locked skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
L:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP195\change.log Object is locked skipped
Scan process completed.
Tiivistettynä:
Number of viruses found: 10
Number of infected objects: 18
hulapaloo
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 4. helmikuuta 2008 @ 06:38
|
|
infs
Junior Member
|
5. helmikuuta 2008 @ 03:32 |
Linkki tähän viestiin
|
|
pieni uppaus, että tomsku huomaa tän =)
Edit. Deletoin noi parit installaatio exet mitkä kaperskyn mukaan sisäls viruksia ja ku ne muutenki oli turhia. Lisäks otin ton system restoren pois päältä ja reboottasin koneen notta noi restore pointteihin jääneet pöpöt sain pois. Uusi kapersky on käynnissä näyttää puolesssa välissä paljo paremmalta. Laitan logit kun saan valmiiksi. Javatki säädin uusiks.
hulapaloo
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 5. helmikuuta 2008 @ 09:52
|
|
SHovi
Newbie
|
5. helmikuuta 2008 @ 12:46 |
Linkki tähän viestiin
|
|
Olen harrastanut hieman selvän näkemistä (yhdyssana?), veikkaan että sulla BanKog on näytönohjaimena MSI:n tekele? Meneekö pahasti pieleen?
Veikkaan myös, että koneeltasi löytyy winsys.exe fileja, joissa on ikonina vihreä juokseva ukko?
|
|
SHovi
Newbie
|
5. helmikuuta 2008 @ 15:20 |
Linkki tähän viestiin
|
|
Mites sulla infs, löytyykö sulta MSI:n tekemä näytönohjain?
|
|
infs
Junior Member
|
5. helmikuuta 2008 @ 15:22 |
Linkki tähän viestiin
|
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 3:18:29 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 549196
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
N:\
Scan Statistics:
Total number of scanned objects: 138502
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 05:21:13
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\infs\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\infs\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\infs\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\infs\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\infs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\infs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\infs\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\infs\Local Settings\History\History.IE5\MSHist012008020520080206\index.dat Object is locked skipped
C:\Documents and Settings\infs\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\infs\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\infs\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\SteamApps\winui.gcf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_244.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Jack's.Teen.America.5.XXX.DVDRiP.x264-ShAQ\Jack's.Teen.America.5.XXX.DVDRiP.x264-ShAQ.CD1.mp4 Object is locked skipped
E:\NFL.Super.Bowl.XLII.2008.02.03.Giants.VS.Patriots.HDTV.XVID-BAJSKORV\CD1\nfl.super.bowl.xlii.2008.02.03.giants.vs.patriots.hdtv.xvid.cd1-bajskorv.r18 Object is locked skipped
E:\NFL.Super.Bowl.XLII.2008.02.03.Giants.VS.Patriots.HDTV.XVID-BAJSKORV\CD2\nfl.super.bowl.xlii.2008.02.03.giants.vs.patriots.hdtv.xvid.cd2-bajskorv.rar Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP1\change.log Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP1\change.log Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP1\change.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP1\change.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{FAFA7E73-0D79-4890-A32C-2B431FB8F559}\RP1\change.log Object is locked skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:50, on 5.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\OO Software\Defrag Professional\oodcnt.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 6199 bytes
hulapaloo
|
|
infs
Junior Member
|
5. helmikuuta 2008 @ 15:24 |
Linkki tähän viestiin
|
hulapaloo
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 5. helmikuuta 2008 @ 15:32
|
|
Mainos
|
|
|
|
SHovi
Newbie
|
5. helmikuuta 2008 @ 18:24 |
Linkki tähän viestiin
|
Ammuskelin noita vihreitä ukkoja eilen koko illan kaikilla haulikkoa pienemmillä aseilla, lisäksi googlasin raivolla noista winsys jutuista lisätietoja, jolloin törmäsin myös tähän keskusteluun.
Illan ammunnan tulos oli, että osuin HIJackthis softalla NVIDIA kuvansäätöohjelmaa päähän.
Vaikka googlella löytyi vaikka mitä troijalais juttuja, niin totuus taitaa olla, että winsys ja winsys2 tiedostot liittyvät MSI/NVIDIA näytönohjaimien ylikellotus ohjelmiin?
Tänään hain uudet ajurit näytönohjaimeen MSI:n kotisivuilta ja YLLÄTYS YLLÄTYS, sieltä ne pienet vihreät miehet tulleet on! Ajuripaketti sisälsi siis kaikkien muiden tiedostojen lisäksi, juuri nuo winsys.exe ja winsys2.exe tiedostot.
Offtopiccina: Osaisisiko joku kertoa, miten saa korjattua win- explorerin? Mulla se kaatuu aina hakutoiminnossa parin minuutin kuluttua?
|
