Mato kiusaa, tässä hjt-log

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Pahvi0, Jun 9, 2008.

  1. Pahvi0

    Pahvi0 Member

    Joined:
    Jun 9, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Eli tässä hjt-logini. Saastunut ilmeisestikin on, mutta kuinka ryönästä eroon? ComboFixistä valittelee, ettei ole kelvollinen win32 sovellus.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:58:55, on 9.6.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\PowerArchiver\PASTARTER.EXE
    C:\WINDOWS\winudmr.exe
    C:\WINDOWS\winudpmr.exe
    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
    O4 - HKLM\..\Run: [Windows Control Center] winudpmr.exe
    O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152222684875
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C543AAC3-6868-4BE7-8983-6D296260F4FE}: NameServer = 195.148.49.100,195.148.49.110
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    --
    End of file - 9002 bytes
     
    Pahvi0, Jun 9, 2008
    #1
  2. Pahvi0

    Pahvi0 Member

    Joined:
    Jun 9, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    ComboFix suostui sittemmin toimimaan, tässä sen log.

    ComboFix 08-06-08.8 - Ville 2008-06-09 22:21:02.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.608 [GMT 3:00]
    Running from: C:\Documents and Settings\Ville\Työpöytä\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Ville\Application Data\inst.exe
    C:\Documents and Settings\Ville\Application Data\macromedia\Flash Player\#SharedObjects\XW3RNW3B\www.broadcaster.com
    C:\Documents and Settings\Ville\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\Documents and Settings\Ville\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\p.exe
    C:\WINDOWS\system32\opnmLffC.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-09 to 2008-06-09 )))))))))))))))))
    .

    2008-06-09 22:31 . 2008-06-09 22:31 33,792 --a------ C:\WINDOWS\system32\fcccaWmJ.dll
    2008-06-09 22:17 . 2008-06-09 22:17 33,792 --a------ C:\WINDOWS\system32\fccbCsTL.dll
    2008-06-09 22:07 . 2008-06-09 22:07 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-09 22:07 . 2008-06-09 22:07 <KANSIO> d-------- C:\Documents and Settings\Ville\Application Data\Malwarebytes
    2008-06-09 22:07 . 2008-06-09 22:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-09 22:07 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-09 22:07 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-09 21:35 . 2008-06-09 21:35 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-06-09 21:22 . 2008-06-09 22:18 29,342 --a------ C:\lp.exe
    2008-06-09 21:22 . 2008-06-09 21:22 29,342 --a------ C:\gf.exe
    2008-06-09 08:46 . 2008-06-09 08:46 29,342 --a------ C:\pf.exe
    2008-06-08 23:10 . 2008-06-09 04:35 29,342 --a------ C:\Documents and Settings\Ville\ps.exe
    2008-06-08 23:07 . 2008-06-08 23:10 29,342 -r-hs---- C:\WINDOWS\winudmr.exe
    2008-06-08 23:07 . 2008-06-09 04:35 29,342 --a------ C:\ps.exe
    2008-06-08 23:03 . 2008-06-08 23:03 29,339 -r-hs---- C:\WINDOWS\winudpmr.exe
    2008-06-08 22:21 . 2008-06-08 22:21 18,587 --a------ C:\Documents and Settings\Ville\packed.exe
    2008-06-08 18:37 . 2008-06-08 18:37 2,231 --a------ C:\is154890.exe
    2008-05-19 16:19 . 2008-05-19 16:19 <KANSIO> d-------- C:\Documents and Settings\Ville\.onnet

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-09 19:32 --------- d-----w C:\Documents and Settings\Ville\Application Data\OpenOffice.org2
    2008-06-09 18:35 --------- d-----w C:\Program Files\PowerArchiver
    2008-06-09 07:35 --------- d-----w C:\Documents and Settings\Ville\Application Data\uTorrent
    2008-06-08 23:35 --------- d-----w C:\Documents and Settings\Ville\Application Data\BSplayer Pro
    2008-05-13 21:27 --------- d-----w C:\Documents and Settings\Ville\Application Data\AdobeUM
    2008-04-27 11:25 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-04-26 21:14 --------- d-----w C:\Program Files\SopCast
    2008-04-22 11:53 --------- d-----w C:\Documents and Settings\Ville\Application Data\Autodesk
    2008-04-22 11:38 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
    2008-04-22 11:38 --------- d-----w C:\Program Files\AnswerWorks 4.0
    2008-04-22 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
    2008-04-22 11:34 --------- d-----w C:\Program Files\Autodesk
    2008-04-21 10:44 --------- d-----w C:\Program Files\Cradle Of Rome
    2008-04-20 20:57 --------- d-----w C:\Documents and Settings\Ville\Application Data\InstallShield Installation Information
    2008-04-20 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-15 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2008-04-11 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-13 12:14 107,888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-02-06 16:54 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2008-02-05 18:35 22,328 ----a-w C:\Documents and Settings\Ville\Application Data\PnkBstrK.sys
    2007-06-17 07:48 47,360 ----a-w C:\Documents and Settings\Ville\Application Data\pcouffin.sys
    .

    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2005-02-16 17:48 225280]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 01:29 165784]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
    "PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-03-20 23:39 141352]
    "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 16:08 136136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-01-19 11:18 65024 C:\WINDOWS\SOUNDMAN.EXE]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 21:36 262401]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-07 01:42 98304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 12:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
    "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [ ]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
    "nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
    "Windows UDP Control"="winudspm.exe" []
    "Windows Control Center"="winudpmr.exe" [2008-06-08 23:03 29339 C:\WINDOWS\winudpmr.exe]
    "Windows Controls Center"="winudmr.exe" [2008-06-08 23:10 29342 C:\WINDOWS\winudmr.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 00:18 443968]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{3CA60057-9277-49C0-8D64-280DBAD9C3E1}"= C:\WINDOWS\system32\fcccaWmJ.dll [2008-06-09 22:31 33792]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccaWmJ]
    fcccaWmJ.dll 2008-06-09 22:31 33792 C:\WINDOWS\system32\fcccaWmJ.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "C:\\Program Files\\Trillian\\trillian.exe"=
    "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
    "E:\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
    "G:\\Wolfenstein - Enemy Territory\\ET.exe"=
    "C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "G:\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
    "C:\\Program Files\\Media Player Classic\\mplayerc.exe"=
    "G:\\THQ\\Dawn Of War\\W40k.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "G:\\MtG\\Program\\Manalink.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "G:\\MtG\\Program\\Magic.exe"=
    "G:\\Madden NFL 08\\mainapp.exe"=
    "G:\\Defcon\\defcon.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
    "G:\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22493:TCP"= 22493:TCP:BitComet 22493 TCP
    "22493:UDP"= 22493:UDP:BitComet 22493 UDP

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-14 21:36]
    R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2005-01-19 11:18]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-04-14 21:36]
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-09-20 21:00]
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-09-20 21:00]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6976764-45b0-11db-949f-806d6172696f}]
    \Shell\AutoRun\command - D:\AutoPlay.exe

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-09 22:30:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\system32\fcccaWmJ.dll 33792 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\fcccaWmJ.dll
    -> C:\WINDOWS\system32\hgGwVPFW.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Sygate\SPF\Smc.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
    C:\Program Files\MSN Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-09 22:41:18 - machine was rebooted [Ville]
    ComboFix-quarantined-files.txt 2008-06-09 19:41:12

    Pre-Run: 15,509,360,640 tavua vapaana
    Post-Run: 20,926,402,560 tavua vapaana

    189 --- E O F --- 2008-05-16 20:45:32
     
    Pahvi0, Jun 9, 2008
    #2

Share This Page