|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
HJT-loki (ongelmia työpöydän kanssa)
|
|
|
gammax
Newbie
|
27. toukokuuta 2008 @ 21:46 |
Linkki tähän viestiin
|
Viittiskö joku kattoo tän lokin, kun on nyt sellainen probleema, että kun windows aukeaa ja työpöytä tulee esille, se häviää hetken kuluttua ja palaa taas takaisin. Tätä jatkuu sitten jonkin aikaa kunnes se ei enää ilmestykkään. Jos tehtävien hallinnasta katsoo prosesseja niin siellä explorer.exe näkyy välillä ja välillä taas ei...
Itse lokiin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:08, on 27.5.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\imapi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://avustaja.sonera.fi/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7048 bytes
---------------------------------------------------------------------
EDIT: Lisään tähän vielä ton combofix lokin, jos siitä jotai hyötyä on.
ComboFix 08-05-26.2 - Jorma 2008-05-28 12:13:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1035.18.93 [GMT 3:00]
Running from: C:\Documents and Settings\Jorma\Työpöytä\Työpöytä-ohjelmat\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\efcBUKCS.dll
C:\WINDOWS\system32\jPopYcfe.ini2
C:\WINDOWS\system32\SCKUBcfe.ini
C:\WINDOWS\system32\SCKUBcfe.ini2
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-04-28 to 2008-05-28 )))))))))))))))))
.
2008-05-27 21:36 . 2008-05-27 21:36 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-27 16:07 . 2008-05-27 18:14 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-27 16:07 . 2008-05-27 18:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 15:37 . 2008-05-27 15:37 <KANSIO> d-------- C:\VundoFix Backups
2008-05-27 13:41 . 2008-05-27 13:41 58,368 --a------ C:\WINDOWS\system32\pmnlljGA.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 13:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 13:07 --------- d-----w C:\Documents and Settings\Jorma\Application Data\Spybot - Search & Destroy
2008-05-27 10:41 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-16 05:28 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-01 15:20 --------- d-----w C:\Program Files\Java
2008-03-29 15:15 --------- d-----w C:\Documents and Settings\Jorma\Application Data\Grisoft
2008-03-29 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-27_15.53.39.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 12:50:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 09:16:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2002-12-11 13:16:58 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2005-01-28 13:25:32 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
- 2007-12-21 02:11:47 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
+ 2006-08-02 21:35:49 286,720 ----a-w C:\WINDOWS\system32\ati2cqag.dll
- 2007-12-21 03:08:18 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
+ 2006-08-02 22:08:06 258,048 ----a-w C:\WINDOWS\system32\ati2dvag.dll
- 2007-12-21 02:59:09 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
+ 2006-08-02 22:02:31 41,984 ----a-w C:\WINDOWS\system32\ati2edxx.dll
- 2007-12-21 02:58:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
+ 2006-08-02 22:02:23 86,016 ----a-w C:\WINDOWS\system32\ati2evxx.dll
- 2007-12-21 02:57:27 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
+ 2006-08-02 22:01:21 401,408 ----a-w C:\WINDOWS\system32\ati2evxx.exe
- 2007-12-21 02:59:17 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
+ 2006-08-02 22:02:36 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
- 2007-12-21 02:47:35 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
+ 2006-08-02 21:55:58 2,373,088 ----a-w C:\WINDOWS\system32\ati3duag.dll
- 2007-12-21 02:56:27 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
+ 2006-08-02 22:00:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
- 2007-12-21 03:09:31 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
+ 2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
- 2007-11-27 19:34:14 160,289 ----a-w C:\WINDOWS\system32\atiicdxx.dat
+ 2006-08-02 20:14:07 133,246 ----a-w C:\WINDOWS\system32\atiicdxx.dat
- 2007-12-21 03:02:40 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
+ 2006-08-02 22:12:18 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
- 2007-12-21 02:20:17 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
+ 2006-08-02 21:41:16 208,896 ----a-w C:\WINDOWS\system32\atikvmag.dll
- 2007-12-21 02:53:18 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
+ 2007-05-18 01:39:54 7,610,368 ----a-w C:\WINDOWS\system32\atioglx2.dll
- 2007-12-21 02:20:47 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
+ 2006-08-02 21:45:24 5,136,384 ----a-w C:\WINDOWS\system32\atioglxx.dll
- 2007-12-21 02:15:04 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
+ 2007-05-18 01:14:21 46,592 ----a-w C:\WINDOWS\system32\atiok3x2.dll
- 2007-12-21 02:59:39 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
+ 2006-08-02 22:02:58 114,688 ----a-w C:\WINDOWS\system32\atipdlxx.dll
- 2007-12-21 02:18:12 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
+ 2006-08-02 21:40:09 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
- 2007-12-21 02:35:44 887,724 ----a-w C:\WINDOWS\system32\ativva6x.dat
+ 2007-05-18 01:30:41 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
- 2007-12-21 02:36:04 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
+ 2006-08-02 21:51:50 2,354,720 ----a-w C:\WINDOWS\system32\ativvaxx.dll
+ 2008-05-27 13:00:36 446,464 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-12-21 02:17:25 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
+ 2006-08-02 21:38:37 45,056 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
- 2007-12-21 03:53:20 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
+ 2006-08-02 22:07:51 1,681,920 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
- 2001-10-05 14:31:20 45,568 ----a-w C:\WINDOWS\system32\iyuv_32.dll
+ 2001-10-09 12:00:00 45,568 ----a-w C:\WINDOWS\system32\iyuv_32.dll
+ 2005-07-19 13:39:20 79,552 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Download.dll
+ 2005-07-19 13:39:22 59,072 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Download.exe
- 2002-09-09 12:14:00 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2002-09-09 12:24:26 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
- 2007-12-21 02:59:26 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
+ 2006-08-02 22:02:42 77,824 ----a-w C:\WINDOWS\system32\Oemdspif.dll
- 2008-03-30 11:02:24 43,820 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-27 12:53:20 43,820 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 11:02:24 52,558 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-05-27 12:53:20 52,558 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-03-30 11:02:24 321,198 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-27 12:53:20 321,198 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-30 11:02:24 292,998 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-05-27 12:53:20 292,998 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-05-27 15:14:11 65,944 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2001-10-05 14:31:38 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
+ 2001-10-09 12:00:00 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{166BCB27-FCFD-4588-9BDB-44FC6A02EF35}]
2008-05-27 13:41 58368 --a------ C:\WINDOWS\System32\pmnlljGA.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 15:13 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-09-20 16:50 1404928]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 22:05 344064]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 16:28 182952]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 16:27 895600]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 15:13 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{166BCB27-FCFD-4588-9BDB-44FC6A02EF35}"= C:\WINDOWS\System32\pmnlljGA.dll [2008-05-27 13:41 58368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlljGA]
pmnlljGA.dll 2008-05-27 13:41 58368 C:\WINDOWS\system32\pmnlljGA.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\System32\drivers\fsdfw.sys [2007-08-27 16:27]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 16:27]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 16:27]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2007-08-27 16:27]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 16:27]
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jorma\LOCALS~1\Temp\asbp2poa.sys []
S3 bdacap;%BdaSWCapture.DeviceDesc%;C:\WINDOWS\System32\drivers\bdacap.sys [2006-05-18 10:01]
S3 CTSFSYN;Creative SoundFont Synth;C:\WINDOWS\System32\drivers\ctsfsyn.sys [2004-08-24 10:03]
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\System32\DRIVERS\GLKbFilter.sys [2006-01-06 09:55]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 12:17:15
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\pmnlljGA.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Common\FNRB32.exe
C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-05-28 12:19:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 09:19:02
ComboFix2.txt 2008-05-27 12:54:02
Pre-Run: 31,473,807,360 tavua vapaana
Post-Run: 31,462,572,032 tavua vapaana
194
Alustavat kiitokset jo näin alkuun!!!
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 28. toukokuuta 2008 @ 12:23
|
|
gammax
Newbie
|
28. toukokuuta 2008 @ 15:42 |
Linkki tähän viestiin
|
|
^up... NOstin tätä ylemmäs ku noi mese virukset työns mut jo tonne kakkos sivulle.:(
|
|
