|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Kone hidastunut ja käynnistys kestää SmitfraudFix+Hjt
|
|
Junior Member
|
3. heinäkuuta 2008 @ 15:41 |
Linkki tähän viestiin
|
Työkaverin läppäri kriittisen avun tarpeessa...
Kone (hp Compaq nc8430) on vähitellen hidastunut, ja Wintoosan (XP SP2) käynnistys kestää aienpaa pidenpään.
Sakannsin koneen jo Bandalla(ei löytänyt mitään), eheytin kovalevyn, puhdistin Ccleanerilla. Auttakaa viisaammat.
E: Ajoin combofixin joka löysi Starware...jotain tiedostoja.
Tässä päivitetyt tulokset.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:20, on 2008-07-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mittamiehet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.0.25\SmrtShpr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.25\SmrtShpr.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pmt-mittaus.local
O17 - HKLM\Software\..\Telephony: DomainName = pmt-mittaus.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pmt-mittaus.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pmt-mittaus.local
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
--
End of file - 5854 bytes
SmitFraudFix
SmitFraudFix v2.328
Scan done at 10:19:16.64, 2008-07-04
Run from C:\Documents and Settings\gpsmittaus\Omat tiedostot\Yll?pito\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\gpsmittaus
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\gpsmittaus\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GPSMIT~1\Suosikit
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetXtreme Gigabit Ethernet - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.140.5
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F7E965CF-DC59-4ADB-BE4D-DEF49C387054}: DhcpNameServer=192.168.140.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F7E965CF-DC59-4ADB-BE4D-DEF49C387054}: DhcpNameServer=192.168.140.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F7E965CF-DC59-4ADB-BE4D-DEF49C387054}: DhcpNameServer=192.168.140.5
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.140.5
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.140.5
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.140.5
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
ComboFix
ComboFix 08-07-03.3 - gpsmittaus 2008-07-04 10:03:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1570 [GMT 3:00]
Running from: C:\Documents and Settings\gpsmittaus\Omat tiedostot\Ylläpito\ComboFix.exe
Command switches used :: C:\Documents and Settings\gpsmittaus\Omat tiedostot\Ylläpito\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
D:\WINDOWS\system32\rqRHyyYs.dll
D:\WINDOWS\system32\ukmlmrcl.dll
D:\WINDOWS\system32\vturs.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-04 to 2008-07-04 )))))))))))))))))
.
2008-07-04 09:21 . 2008-07-04 09:21 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 09:21 . 2008-07-04 09:21 <KANSIO> d-------- C:\Documents and Settings\gpsmittaus\Application Data\Malwarebytes
2008-07-04 09:21 . 2008-07-04 09:21 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 09:21 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-04 09:21 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-03 15:27 . 2008-07-03 15:27 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-03 15:22 . 2008-07-03 15:22 1,290 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-03 15:01 . 2008-07-03 15:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-03 15:01 . 2008-07-03 15:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-03 13:55 . 2008-07-03 13:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 11:32 . 2008-07-03 11:40 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-17 03:38 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-17 03:38 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 17:24 . 2008-06-10 17:25 <KANSIO> d-------- C:\Program Files\Mobile Partner
2008-06-10 17:24 . 2007-08-24 19:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-06-10 17:24 . 2007-08-24 19:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 19:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-28 17:00 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-12-28 17:00 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-07-25 07:49 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}]
2007-09-03 16:44 1160688 --a------ C:\Program Files\SmartShopper\Bin\2.0.25\SmrtShpr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 11:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^BTTray.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Panorama Maker 3.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Panorama Maker 3.lnk
backup=C:\WINDOWS\pss\Panorama Maker 3.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
--a------ 2006-01-16 22:01 53248 C:\WINDOWS\system32\accelerometerST.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
--a------ 2007-01-25 18:50 321072 C:\Program Files\Panda Software\Panda Antivirus 2007\ApVxdWin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-02-22 08:03 40960 C:\Program Files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-09-15 11:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWS myPrintMileage Agent]
--a------ 2004-10-31 06:47 102400 C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-03-02 15:39 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-21 17:13 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-20 15:51 1187840 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-01-23 16:11 802816 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-02-15 15:43 892928 C:\WINDOWS\SMINST\Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-05-06 14:06 716800 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2005-05-20 11:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-11-10 21:04 761945 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-01-30 04:00 88203 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
--a------ 2007-07-06 15:51 177152 C:\WINDOWS\system32\mqrt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2006-08-22 01:00]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 13:46]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 16:26]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2003-12-19 13:44]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2006-11-30 15:59]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2006-11-30 15:59]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce90fd35-3625-11dd-a290-001b77247b60}]
\Shell\AutoRun\command - F:\AutoRun.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 10:04:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-04 10:05:01
ComboFix-quarantined-files.txt 2008-07-04 07:04:57
Pre-Run: 43,894,206,464 tavua vapaana
Post-Run: 44,229,001,216 tavua vapaana
143 --- E O F --- 2008-07-01 00:01:11
Kiitokset molemilta auttaville vsaille jo etukäteen.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 4. heinäkuuta 2008 @ 10:38
|
|
