vähemmän oman pääoman

Magazine
Go Back   Tietokone Juice > Computer Software > Virusten, vakoiluohjelmien & Security
Reload this Page

Malware loki

Rekisteröidy Sivustokartta Spy Käyttäjälista Lahjoita Haku Today's Posts Mark Forums Read Foorumin säännöt

Register


 Default 

Malware loki




Reply
 
Thread Tools
  #1  
Old 1 maaliskuu 2008, 05:05
Jäsen
  
Default Malware loki

Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu klo 12:00:44, on 01.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ McAfee \ MBK \ MBackMonitor.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcshield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ Program Files \ McAfee \ msK \ MskSrver.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ Explorer.exe
c: \ PROGRA ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ Program Files \ TomTom HOME 2 \ HOMERunner.exe
C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ m3SrchMn.exe
C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ mwsoemon.exe
C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ jusched.exe
C: \ WINDOWS \ System32 \ rundll32.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Cyberlink \ Power2Go \ Power2GoExpress.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ Program Files \ Belkin \ F5D8053 \ Belkinwcui.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ jucheck.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ CCleaner \ CCleaner.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://uk.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Asetukset, ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - (00A6FAF6-072E-44cf-8957-5838F569A31D) - C: \ Program Files \ MyWebSearch \ SrchAstt \ 1.bin \ MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O3 - Toolbar: My Web Search - (07B18EA9-A523-4961-B6BB-170DE4475CCA) - C: \ Program Files \ MyWebSearch \ bar \ 1.bin \ MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [MBkLogOnHook] C: \ Program Files \ McAfee \ MBK \ LogOnHook.exe
O4 - HKLM \ .. \ Run: [TomTomHOME.exe] "C: \ Program Files \ TomTom HOME 2 \ HOMERunner.exe"-s
O4 - HKLM \ .. \ Run: [My Web Search Bar Search Soveltamisala Monitor] "C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ m3SrchMn.exe" / m = 2 / w
O4 - HKLM \ .. \ Run: [MyWebSearch Email Plugin] C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ mwsoemon.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / tausta
O4 - HKCU \ .. \ Run: [MyWebSearch Email Plugin] C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ mwsoemon.exe
O4 - HKCU \ .. \ Run: [Power2GoExpress] "C: \ Program Files \ Cyberlink \ Power2Go \ Power2GoExpress.exe" / Startup
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C: \ Program Files \ Belkin \ F5D8053 \ Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra yhteydessä valikkotoimintoa: & Search -- http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O8 - Extra yhteydessä valikkotoimintoa: E & Vie Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikros ~ 3 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.pcservicecall.co.uk
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4C39376E-FA9D-4349-BACC-D305C1750EF3) (EPUImageControl Class) -- http://sell-vehicle.ebay.co.uk/image..._v1-0-3-50.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (A90A5822-F108-45AD-8482-9BC8B12DD539) (Crucial cpcScan) -- http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Liitteet Control) -- http://by121fd.bay121.hotmail.msn.co...x/HMAtchmt.ocx
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (5D3D0EC7-51D8-414d-81B8-BB319A5A73C4): NameServer = 192.168.0.1
O23 - Service: McAfee Application Installer Cleanup (0287341204362868) (0287341204362868mcinstcleanup) - McAfee, Inc. - C: \ WINDOWS \ TEMP \ 028734 ~ 1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C: \ Program Files \ McAfee \ MBK \ MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C: \ Program Files \ McAfee \ msK \ MskSrver.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C: \ Program Files \ Microsoft SQL Server \ 80 \ Tools \ Binn \ sqladhlp.exe (file missing)
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
--
End of file - 7858 bytes

PUHDISTUS COMPLETE - (3,135 sekuntia)
-------------------------------------------------- ----------------------------------------
5.71MB poistettu.
-------------------------------------------------- ----------------------------------------
Tiedot tiedostot on poistettu
-------------------------------------------------- ----------------------------------------
IE Temporary Internet Files (421 kuvaa) 5.70MB
C: \ Documents and Settings \ Bann \ Cookies \ bann@int.sitestat [1]. Txt 103 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ mediaplex [2]. Txt 85 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ tietokoneella mehu [2]. Txt 808 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@www.burstnet [2]. Txt 77 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ elää [2]. Txt 504 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@rad.live [2]. Txt 690 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ tribalfusion [2]. Txt 330 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ msn [1]. Txt 345 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ adecn [1]. Txt 214 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ mainontaa [1]. Txt 283 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@d3.zedo [1]. Txt 72 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@ads.pointroll [1]. Txt 668 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ Zedo [1]. Txt 408 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ 888 [2]. Txt 155 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@eas.apm.emediate [1]. Txt 289 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ interclick [2]. Txt 414 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@rotator.its.adjuggler [1]. Txt 113 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@p.live [1]. Txt 102 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ yahoo [1]. Txt 82 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ DoubleClickin [1]. Txt 89 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@int.sitestat [2]. Txt 99 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@login.live [2]. Txt 180 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@h.live [1]. Txt 68 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@rotator.adjuggler [2]. Txt 205 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@www.iefjios [1]. Txt 90 tavua
C: \ Documents and Settings \ Bann \ Cookies \ Bann @ atdmt [2]. Txt 101 tavua
C: \ Documents and Settings \ Bann \ Cookies \ bann@ad.yieldmanager [2]. Txt 1.06KB
C: \ Documents and Settings \ Bann \ Application Data \ Sun \ Java \ Deployment \ cache \ javapi \ v1.0 \ jar \ JVM impro.jar-51fad18-787f377f.idx 153 tavua
C: \ Documents and Settings \ Bann \ Application Data \ Sun \ Java \ Deployment \ cache \ javapi \ v1.0 \ jar \ JVM vers.jar-4b6e6f5b-4dc46c65.idx 152 tavua
C: \ Documents and Settings \ Bann \ Application Data \ Macromedia \ Flash Player \ # SharedObjects \ 99SH2MHK \ interclick.com \ ud.s oli 139 tavua
C: \ Documents and Settings \ Bann \ Application Data \ Macromedia \ Flash Player \ macromedia.com \ support \ flashplayer \ sys \ # int erclick.com \ settings.sol 84 tavua
C: \ Documents and Settings \ Bann \ Application Data \ Macromedia \ Flash Player \ macromedia.com \ support \ flashplayer \ sys \ sett ings.sol 380 tavua
-------------------------------------------------- ----------------------------------------
  #2  
Old 1 maaliskuu 2008, 09:14
Jäsen
  
Default Malware loki

Olet saanut MyWebSearch asennettu joka on adware / spyware, katso, voitko poistaa sen Lisää / poista sovellus. Jos ei

Laita valintamerkki ensi näihin ja klikkaa "vahvistaa checked"

O4 - HKLM \ .. \ Run: [My Web Search Bar Search Soveltamisala Monitor] "C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ m3SrchMn.exe" / m = 2 / w
O4 - HKLM \ .. \ Run: [MyWebSearch Email Plugin] C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ mwsoemon.exe
R3 - URLSearchHook: (no name) - (00A6FAF6-072E-44cf-8957-5838F569A31D) - C: \ Program Files \ MyWebSearch \ SrchAstt \ 1.bin \ MWSSRCAS.DLL
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
  #3  
Old 1 maaliskuu 2008, 11:23
Moderator Group
  
Default Malware loki

Sitten jälkeinen uusi Hijackthis loki.
__________________
  #4  
Old 1 maaliskuu 2008, 14:19
Jäsen
  
Default Malware loki

Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu klo 17:37:28, on 01.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ McAfee \ MBK \ MBackMonitor.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcshield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ Program Files \ McAfee \ msK \ MskSrver.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ Explorer.exe
c: \ PROGRA ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ Program Files \ TomTom HOME 2 \ HOMERunner.exe
C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ m3SrchMn.exe
C: \ WINDOWS \ System32 \ rundll32.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ Program Files \ Cyberlink \ Power2Go \ Power2GoExpress.exe
C: \ Program Files \ Belkin \ F5D8053 \ Belkinwcui.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ jucheck.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://uk.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Asetukset, ProxyOverride = 127.0.0.1
O4 - HKLM \ .. \ Run: [MBkLogOnHook] C: \ Program Files \ McAfee \ MBK \ LogOnHook.exe
O4 - HKLM \ .. \ Run: [TomTomHOME.exe] "C: \ Program Files \ TomTom HOME 2 \ HOMERunner.exe"-s
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [My Web Search Bar Search Soveltamisala Monitor] "C: \ PROGRA ~ 1 \ MYWEBS ~ 1 \ bar \ 1.bin \ m3SrchMn.exe" / m = 2 / w
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / tausta
O4 - HKCU \ .. \ Run: [Power2GoExpress] "C: \ Program Files \ Cyberlink \ Power2Go \ Power2GoExpress.exe" / Startup
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C: \ Program Files \ Belkin \ F5D8053 \ Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra yhteydessä valikkotoimintoa: & Search -- http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O8 - Extra yhteydessä valikkotoimintoa: E & Vie Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikros ~ 3 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.pcservicecall.co.uk
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4C39376E-FA9D-4349-BACC-D305C1750EF3) (EPUImageControl Class) -- http://sell-vehicle.ebay.co.uk/image..._v1-0-3-50.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (A90A5822-F108-45AD-8482-9BC8B12DD539) (Crucial cpcScan) -- http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Liitteet Control) -- http://by121fd.bay121.hotmail.msn.co...x/HMAtchmt.ocx
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (5D3D0EC7-51D8-414d-81B8-BB319A5A73C4): NameServer = 192.168.0.1
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C: \ Program Files \ McAfee \ MBK \ MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C: \ Program Files \ McAfee \ msK \ MskSrver.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C: \ Program Files \ Microsoft SQL Server \ 80 \ Tools \ Binn \ sqladhlp.exe (file missing)
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
--
End of file - 6847 bytes
  #5  
Old 1 maaliskuu 2008, 14:31
Moderator Group
  
Default Malware loki

Oletko lähettämistä suunnilleen sama logs / tietokone kahdessa kierteet?
__________________
Reply

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Yhteydenotto -- Yksityisyydensuoja -- Sivukartta -- Ylös

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO on vBSEO © 2009, indeksoitavuutta, Inc.