HJT-loki (ongelmia työpöydän kanssa)

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by gammax, May 27, 2008.

  1. gammax

    gammax Member

    Joined:
    May 27, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Viittiskö joku kattoo tän lokin, kun on nyt sellainen probleema, että kun windows aukeaa ja työpöytä tulee esille, se häviää hetken kuluttua ja palaa taas takaisin. Tätä jatkuu sitten jonkin aikaa kunnes se ei enää ilmestykkään. Jos tehtävien hallinnasta katsoo prosesseja niin siellä explorer.exe näkyy välillä ja välillä taas ei...
    Itse lokiin

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:37:08, on 27.5.2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    D:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\imapi.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://avustaja.sonera.fi/sdccommon/download/tgctlcm.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 7048 bytes

    ---------------------------------------------------------------------
    EDIT: Lisään tähän vielä ton combofix lokin, jos siitä jotai hyötyä on.


    ComboFix 08-05-26.2 - Jorma 2008-05-28 12:13:17.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1035.18.93 [GMT 3:00]
    Running from: C:\Documents and Settings\Jorma\Työpöytä\Työpöytä-ohjelmat\ComboFix.exe
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\efcBUKCS.dll
    C:\WINDOWS\system32\jPopYcfe.ini2
    C:\WINDOWS\system32\SCKUBcfe.ini
    C:\WINDOWS\system32\SCKUBcfe.ini2

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-28 to 2008-05-28 )))))))))))))))))
    .

    2008-05-27 21:36 . 2008-05-27 21:36 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-05-27 16:07 . 2008-05-27 18:14 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-27 16:07 . 2008-05-27 18:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-27 15:37 . 2008-05-27 15:37 <KANSIO> d-------- C:\VundoFix Backups
    2008-05-27 13:41 . 2008-05-27 13:41 58,368 --a------ C:\WINDOWS\system32\pmnlljGA.dll

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-27 13:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-27 13:07 --------- d-----w C:\Documents and Settings\Jorma\Application Data\Spybot - Search & Destroy
    2008-05-27 10:41 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-16 05:28 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-04-01 15:20 --------- d-----w C:\Program Files\Java
    2008-03-29 15:15 --------- d-----w C:\Documents and Settings\Jorma\Application Data\Grisoft
    2008-03-29 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-27_15.53.39.29 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-27 12:50:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-28 09:16:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2002-12-11 13:16:58 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
    + 2005-01-28 13:25:32 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
    - 2007-12-21 02:11:47 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    + 2006-08-02 21:35:49 286,720 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    - 2007-12-21 03:08:18 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    + 2006-08-02 22:08:06 258,048 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    - 2007-12-21 02:59:09 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    + 2006-08-02 22:02:31 41,984 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    - 2007-12-21 02:58:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    + 2006-08-02 22:02:23 86,016 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    - 2007-12-21 02:57:27 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    + 2006-08-02 22:01:21 401,408 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    - 2007-12-21 02:59:17 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    + 2006-08-02 22:02:36 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    - 2007-12-21 02:47:35 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
    + 2006-08-02 21:55:58 2,373,088 ----a-w C:\WINDOWS\system32\ati3duag.dll
    - 2007-12-21 02:56:27 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    + 2006-08-02 22:00:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    - 2007-12-21 03:09:31 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    + 2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    - 2007-11-27 19:34:14 160,289 ----a-w C:\WINDOWS\system32\atiicdxx.dat
    + 2006-08-02 20:14:07 133,246 ----a-w C:\WINDOWS\system32\atiicdxx.dat
    - 2007-12-21 03:02:40 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    + 2006-08-02 22:12:18 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    - 2007-12-21 02:20:17 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
    + 2006-08-02 21:41:16 208,896 ----a-w C:\WINDOWS\system32\atikvmag.dll
    - 2007-12-21 02:53:18 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
    + 2007-05-18 01:39:54 7,610,368 ----a-w C:\WINDOWS\system32\atioglx2.dll
    - 2007-12-21 02:20:47 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
    + 2006-08-02 21:45:24 5,136,384 ----a-w C:\WINDOWS\system32\atioglxx.dll
    - 2007-12-21 02:15:04 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    + 2007-05-18 01:14:21 46,592 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    - 2007-12-21 02:59:39 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    + 2006-08-02 22:02:58 114,688 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    - 2007-12-21 02:18:12 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    + 2006-08-02 21:40:09 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    - 2007-12-21 02:35:44 887,724 ----a-w C:\WINDOWS\system32\ativva6x.dat
    + 2007-05-18 01:30:41 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
    - 2007-12-21 02:36:04 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    + 2006-08-02 21:51:50 2,354,720 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    + 2008-05-27 13:00:36 446,464 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    - 2007-12-21 02:17:25 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    + 2006-08-02 21:38:37 45,056 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    - 2007-12-21 03:53:20 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    + 2006-08-02 22:07:51 1,681,920 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    - 2001-10-05 14:31:20 45,568 ----a-w C:\WINDOWS\system32\iyuv_32.dll
    + 2001-10-09 12:00:00 45,568 ----a-w C:\WINDOWS\system32\iyuv_32.dll
    + 2005-07-19 13:39:20 79,552 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Download.dll
    + 2005-07-19 13:39:22 59,072 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Download.exe
    - 2002-09-09 12:14:00 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
    + 2002-09-09 12:24:26 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
    - 2007-12-21 02:59:26 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    + 2006-08-02 22:02:42 77,824 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    - 2008-03-30 11:02:24 43,820 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-05-27 12:53:20 43,820 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-30 11:02:24 52,558 ----a-w C:\WINDOWS\system32\perfc00B.dat
    + 2008-05-27 12:53:20 52,558 ----a-w C:\WINDOWS\system32\perfc00B.dat
    - 2008-03-30 11:02:24 321,198 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-05-27 12:53:20 321,198 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-30 11:02:24 292,998 ----a-w C:\WINDOWS\system32\perfh00B.dat
    + 2008-05-27 12:53:20 292,998 ----a-w C:\WINDOWS\system32\perfh00B.dat
    + 2008-05-27 15:14:11 65,944 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
    - 2001-10-05 14:31:38 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
    + 2001-10-09 12:00:00 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
    .
    -- Snapshot reset to current date --
    .
    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{166BCB27-FCFD-4588-9BDB-44FC6A02EF35}]
    2008-05-27 13:41 58368 --a------ C:\WINDOWS\System32\pmnlljGA.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 15:13 13312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-09-20 16:50 1404928]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 22:05 344064]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
    "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 16:28 182952]
    "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 16:27 895600]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 15:13 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{166BCB27-FCFD-4588-9BDB-44FC6A02EF35}"= C:\WINDOWS\System32\pmnlljGA.dll [2008-05-27 13:41 58368]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlljGA]
    pmnlljGA.dll 2008-05-27 13:41 58368 C:\WINDOWS\system32\pmnlljGA.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
    "msacm.mpegacm"= mpegacm.acm
    "msacm.ulmp3acm"= ulmp3acm.acm

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\System32\drivers\fsdfw.sys [2007-08-27 16:27]
    R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 16:27]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 16:27]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2007-08-27 16:27]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 16:27]
    S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jorma\LOCALS~1\Temp\asbp2poa.sys []
    S3 bdacap;%BdaSWCapture.DeviceDesc%;C:\WINDOWS\System32\drivers\bdacap.sys [2006-05-18 10:01]
    S3 CTSFSYN;Creative SoundFont Synth;C:\WINDOWS\System32\drivers\ctsfsyn.sys [2004-08-24 10:03]
    S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\System32\DRIVERS\GLKbFilter.sys [2006-01-06 09:55]

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-28 12:17:15
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\pmnlljGA.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\F-Secure\Common\FNRB32.exe
    C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.exe
    C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\taskmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-28 12:19:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-28 09:19:02
    ComboFix2.txt 2008-05-27 12:54:02

    Pre-Run: 31,473,807,360 tavua vapaana
    Post-Run: 31,462,572,032 tavua vapaana

    194

    Alustavat kiitokset jo näin alkuun!!!
     
    Last edited: May 28, 2008
    gammax, May 27, 2008
    #1
  2. gammax

    gammax Member

    Joined:
    May 27, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    ^up... NOstin tätä ylemmäs ku noi mese virukset työns mut jo tonne kakkos sivulle.:(
     
    gammax, May 28, 2008
    #2

Share This Page