|
Hinnavaatlus
:: Foorum
:: Uudised
:: Ärifoorumid
:: HV F1 ennustusvõistlus
:: Pangalink
:: Telekavad
:: HV toote otsing
|
|
| autor |
sõnum   |
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
27.12.2008 10:24
|
|
|
| laurx kirjutas: |
jah.
tänud.
edit:
veel 1 masin
http://www.speedyshare.com/354254995.html
4 aastat ilma tõrjeta dial up i taga tiksunud w2k sp3 mis sai just uuendatud ja avasti peale, combofix viskas j2llegi kolm faili minema. |
Mõlemad logid korras.
_________________
 |
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
   |
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
 |
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
27.12.2008 10:29
|
|
|
Jah
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DelBHO('{8F0A4A9D-35AE-4A89-9671-A53FAEBF8F4F}');
DelBHO('{8eb8b0ae-b706-419a-a5d6-e39c5e888ae8}');
QuarantineFile('crypts.dll','');
QuarantineFile('nNeeCRIY.dll','');
QuarantineFile('C:\WINDOWS\system32\jrscgaxm.dll','');
QuarantineFile('C:\WINDOWS\system32\yaywWMDv.dll','');
QuarantineFile('C:\WINDOWS\system32\nNeeCRIY.dll','');
QuarantineFile('C:\WINDOWS\system32\crypts.dll','');
QuarantineFile('C:\WINDOWS\Nnopej.dll','');
QuarantineFile('C:\WINDOWS\eqatacokuvomuyi.dll','');
QuarantineFile('C:\Documents and Settings\Steven\Application Data\Adobe\Player.exe','');
QuarantineFile('C:\DOCUME~1\Steven\LOCALS~1\Temp\winloggn.exe','');
QuarantineFile('c:\docume~1\steven\locals~1\temp\winloggn.exe','');
QuarantineFile('c:\documents and settings\steven\application data\adobe\player.exe','');
QuarantineFile('c:\windows\temp\6ac9.tmp','');
DeleteFile('c:\windows\temp\6ac9.tmp');
BC_DeleteFile('c:\windows\temp\6ac9.tmp');
DeleteFile('c:\documents and settings\steven\application data\adobe\player.exe');
BC_DeleteFile('c:\documents and settings\steven\application data\adobe\player.exe');
DeleteFile('c:\docume~1\steven\locals~1\temp\winloggn.exe');
BC_DeleteFile('c:\docume~1\steven\locals~1\temp\winloggn.exe');
DeleteFile('C:\DOCUME~1\Steven\LOCALS~1\Temp\winloggn.exe');
BC_DeleteFile('C:\DOCUME~1\Steven\LOCALS~1\Temp\winloggn.exe');
DeleteFile('C:\Documents and Settings\Steven\Application Data\Adobe\Player.exe');
BC_DeleteFile('C:\Documents and Settings\Steven\Application Data\Adobe\Player.exe');
DeleteFile('C:\WINDOWS\eqatacokuvomuyi.dll');
BC_DeleteFile('C:\WINDOWS\eqatacokuvomuyi.dll');
DeleteFile('C:\WINDOWS\Nnopej.dll');
BC_DeleteFile('C:\WINDOWS\Nnopej.dll');
DeleteFile('C:\WINDOWS\system32\crypts.dll');
BC_DeleteFile('C:\WINDOWS\system32\crypts.dll');
DeleteFile('C:\WINDOWS\system32\nNeeCRIY.dll');
BC_DeleteFile('C:\WINDOWS\system32\nNeeCRIY.dll');
DeleteFile('C:\WINDOWS\system32\yaywWMDv.dll');
BC_DeleteFile('C:\WINDOWS\system32\yaywWMDv.dll');
BC_DeleteFile('C:\WINDOWS\system32\jrscgaxm.dll');
DeleteFile('C:\WINDOWS\system32\jrscgaxm.dll');
DeleteFile('nNeeCRIY.dll');
BC_DeleteFile('nNeeCRIY.dll');
BC_DeleteFile('crypts.dll');
DeleteFile('crypts.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end. |
See on skript. Teema teine postitus seletab mis sellega teha.
_________________
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
laurx
HV Guru
liitunud: 24.03.2004
|
|
27.12.2008 12:57
|
|
|
avast leidis sealt seest veel ühe asja muidugi. muidu tundub, et asi on ok jah. masin võiks veel paar aastakest segamatult tiksuda iseenesest.
_________________
Ketas, ketta, ketast, kettasse, kettas, kettast, kettale, kettal, kettalt, kettaks, kettani, kettana, kettata, kettaga. <--SPIKKER
O: lenovo X200/201 https://foorum.hinnavaatlus.ee/viewtopic.php?t=793868&highlight=
Mulle helistades pead teadma, et kõned salvestatakse. |
|
| Kommentaarid: 969 loe/lisa |
Kasutajad arvavad: |
|
:: |
3 :: |
0 :: |
642 |
|
| tagasi üles |
|
|
maxtor1
HV veteran
liitunud: 06.02.2007
|
|
| Kommentaarid: 110 loe/lisa |
Kasutajad arvavad: |
|
:: |
2 :: |
1 :: |
91 |
|
| tagasi üles |
|
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
27.12.2008 22:40
|
|
|
D:\WINDOWS\system32\ShellExt\CopyToSendTo.dll
Kahtlane. VTs lase läbi ja vaata mis tulemuseks on. www.virustotal.com
Samuti
D:\WINDOWS\system32\mmm.exe
Hetkel skript:
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('D:\WINDOWS\System32\Drivers\aoehpvu3.SYS','');
DeleteFile('D:\WINDOWS\System32\Drivers\aoehpvu3.SYS');
BC_DeleteFile('D:\WINDOWS\System32\Drivers\aoehpvu3.SYS');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end. |
Nende kahe faili VT tulemused võiksid mulle siia postitada. Siis teeks ehk uue skripti.
_________________
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
Dinkz
Kreisi kasutaja
liitunud: 31.03.2008
|
|
| Kommentaarid: 25 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
25 |
|
| tagasi üles |
|
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
28.12.2008 13:19
|
|
|
Korras 
_________________
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
Red_Label
HV vaatleja
liitunud: 09.01.2004
|
|
| tagasi üles |
|
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
31.12.2008 19:41
|
|
|
Korras
_________________
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
London
HV vaatleja
liitunud: 01.10.2008
|
|
| tagasi üles |
|
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
01.01.2009 19:53
|
|
|
Paistab korras 
_________________
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
maxtor1
HV veteran
liitunud: 06.02.2007
|
|
| Kommentaarid: 110 loe/lisa |
Kasutajad arvavad: |
|
:: |
2 :: |
1 :: |
91 |
|
| tagasi üles |
|
|
mikk36
HV Guru
liitunud: 21.02.2004
|
|
| Kommentaarid: 85 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
2 :: |
78 |
|
| tagasi üles |
|
|
rasmus_r
HV kasutaja
liitunud: 05.08.2007
|
|
| Kommentaarid: 38 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
36 |
|
| tagasi üles |
|
|
RaidoR
Kreisi kasutaja
liitunud: 28.05.2006
|
|
| Kommentaarid: 52 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
50 |
|
| tagasi üles |
|
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
08.01.2009 20:01
|
|
|
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
DelBHO('{F5684E92-6CBA-4FC6-8B1F-031F2404A7E7}');
QuarantineFile('C:\WINDOWS\system32\pmnkJbYO.dll','');
DelBHO('{42029c27-bf92-4d33-b94a-a747518aece7}');
QuarantineFile('qoMGApOi.dll','');
QuarantineFile('C:\WINDOWS\system32\qoMGApOi.dll','');
QuarantineFile('c:\windows\system32\zubayoro.dll','');
QuarantineFile('C:\WINDOWS\system32\yozezuna.dll','');
QuarantineFile('C:\WINDOWS\system32\tedegeru.dll','');
QuarantineFile('C:\WINDOWS\system32\mivalivo.dll','');
DeleteFile('C:\WINDOWS\system32\mivalivo.dll');
BC_DeleteFile('C:\WINDOWS\system32\mivalivo.dll');
DeleteFile('C:\WINDOWS\system32\tedegeru.dll');
BC_DeleteFile('C:\WINDOWS\system32\tedegeru.dll');
DeleteFile('C:\WINDOWS\system32\yozezuna.dll');
BC_DeleteFile('C:\WINDOWS\system32\yozezuna.dll');
DeleteFile('c:\windows\system32\zubayoro.dll');
BC_DeleteFile('c:\windows\system32\zubayoro.dll');
DeleteFile('C:\WINDOWS\system32\qoMGApOi.dll');
BC_DeleteFile('C:\WINDOWS\system32\qoMGApOi.dll');
DeleteFile('qoMGApOi.dll');
BC_DeleteFile('qoMGApOi.dll');
DeleteFile('C:\WINDOWS\system32\pmnkJbYO.dll');
BC_DeleteFile('C:\WINDOWS\system32\pmnkJbYO.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end. |
Mingid kahtlased asjad
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\ProgramData\Tray stupid meet.257sh','');
QuarantineFile('C:\ProgramData\Okay comp comp.551t82','');
DeleteFile('C:\ProgramData\Okay comp comp.551t82');
BC_DeleteFile('C:\ProgramData\Okay comp comp.551t82');
BC_DeleteFile('C:\ProgramData\Tray stupid meet.257sh');
DeleteFile('C:\ProgramData\Tray stupid meet.257sh');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end. |
_________________
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
laurx
HV Guru
liitunud: 24.03.2004
|
|
10.01.2009 14:47
|
|
|
combofix i logi, mille peale speedyshare mu juurt närima saatis.
 Spoiler
omboFix 09-01-09.03 - sten 2009-01-10 14:16:50.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1257.1.1033.18.1022.824 [GMT 2:00]
Running from: c:\documents and settings\sten\Desktop\ComboFix.exe
AV: F-Secure PSB for Workstations 7.22 *On-access scanning disabled* (Updated)
FW: F-Secure PSB for Workstations 7.22 *disabled*
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\sten\Local Settings\Temporary Internet Files\plot.log
c:\windows\system32\divx.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.
2009-01-09 20:54 . 2009-01-09 20:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 20:54 . 2009-01-09 20:54 <DIR> d-------- c:\documents and settings\sten\Application Data\Malwarebytes
2009-01-09 20:54 . 2009-01-09 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-09 20:54 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 20:54 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 19:18 . 2008-12-30 19:18 <DIR> d-------- c:\documents and settings\sten\Application Data\Media Player Classic
2008-12-30 19:17 . 2008-12-30 19:17 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-13 10:30 . 2008-04-13 17:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-13 10:30 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-13 10:30 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-12-13 10:30 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-12 08:37 . 2008-10-03 12:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 09:57 --------- d-----w c:\program files\F-Secure
2008-12-30 09:42 --------- d-----w c:\documents and settings\All Users\Application Data\fssg
2008-12-09 07:12 --------- d-----w c:\documents and settings\sten\Application Data\F-Secure
2008-12-02 14:05 --------- d-----w c:\documents and settings\sten\Application Data\U3
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"ControlCenter"="c:\program files\IBM fingerprint software\ctlcntr.exe" [2005-04-13 286821]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-11 344064]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2005-04-27 90112]
"QCTRAY"="c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 745472]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 932448]
"TpShocks"="TpShocks.exe" [2005-04-06 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2004-11-12 c:\windows\system32\TP4EX.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]
BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-05-25 565309]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-04-13 01:39 110179 c:\program files\IBM fingerprint software\psfus.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 12:07 262144 c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 05:11 24576 c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli pwdmon
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2004-08-06 11:10 442368 c:\program files\IBM\Messages By IBM\ibmmessages.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 01:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-28 01:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 21:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 13:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-08-31 59808]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2008-08-27 59776]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2008-08-27 14208]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-08-27 11520]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure\HIPS\fshs.sys [2008-08-31 70752]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2008-08-27 2432]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2008-08-27 4608]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-08-27 4442]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-08-31 72288]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2008-08-27 6016]
R4 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-04-27 63616]
R4 SmiHlp;SMI helper driver;c:\program files\IBM fingerprint software\smihlp.sys [2005-04-13 3328]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2008-08-27 12288]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1980-01-01 14336]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2008-08-31 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2008-08-31 25184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-01-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-04-14 10:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delfi.ee/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\sten\Application Data\Mozilla\Firefox\Profiles\f3snh2d6.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 14:24:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
c:\program files\IBM fingerprint software\psfus.dll
c:\program files\Common Files\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll
- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\pwdmon.dll
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Virtual Token\vtserver.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\fsgk32.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\windows\system32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\progra~1\ThinkPad\CONNEC~1\QCTRAY.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\F-Secure\Common\FSLAUNCHER1.EXE
.
**************************************************************************
.
Completion time: 2009-01-10 14:27:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-10 12:27:18
Pre-Run: 55 771 475 968 bytes free
Post-Run: 55,271,043,072 bytes free
189 --- E O F --- 2009-01-09 18:13:49
|
kaks tükki tulevad veel,
_________________
Ketas, ketta, ketast, kettasse, kettas, kettast, kettale, kettal, kettalt, kettaks, kettani, kettana, kettata, kettaga. <--SPIKKER
O: lenovo X200/201 https://foorum.hinnavaatlus.ee/viewtopic.php?t=793868&highlight=
Mulle helistades pead teadma, et kõned salvestatakse. |
|
| Kommentaarid: 969 loe/lisa |
Kasutajad arvavad: |
|
:: |
3 :: |
0 :: |
642 |
|
| tagasi üles |
|
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
10.01.2009 15:15
|
|
|
| laurx kirjutas: |
combofix i logi, mille peale speedyshare mu juurt närima saatis.
kaks tükki tulevad veel, |
Korras
_________________
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
laurx
HV Guru
liitunud: 24.03.2004
|
|
10.01.2009 15:18
|
|
|
http://www.speedyshare.com/896888536.html
miski avz. combo juba natuke kasis seda masinat.
_________________
Ketas, ketta, ketast, kettasse, kettas, kettast, kettale, kettal, kettalt, kettaks, kettani, kettana, kettata, kettaga. <--SPIKKER
O: lenovo X200/201 https://foorum.hinnavaatlus.ee/viewtopic.php?t=793868&highlight=
Mulle helistades pead teadma, et kõned salvestatakse. |
|
| Kommentaarid: 969 loe/lisa |
Kasutajad arvavad: |
|
:: |
3 :: |
0 :: |
642 |
|
| tagasi üles |
|
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
10.01.2009 16:10
|
|
|
Korras nagu Norras 
_________________
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
laurx
HV Guru
liitunud: 24.03.2004
|
|
10.01.2009 17:17
|
|
|
http://www.speedyshare.com/745547668.html
viimane. ka siin combo juba natu mudistas.
_________________
Ketas, ketta, ketast, kettasse, kettas, kettast, kettale, kettal, kettalt, kettaks, kettani, kettana, kettata, kettaga. <--SPIKKER
O: lenovo X200/201 https://foorum.hinnavaatlus.ee/viewtopic.php?t=793868&highlight=
Mulle helistades pead teadma, et kõned salvestatakse. |
|
| Kommentaarid: 969 loe/lisa |
Kasutajad arvavad: |
|
:: |
3 :: |
0 :: |
642 |
|
| tagasi üles |
|
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
Trwind55
Kreisi kasutaja
liitunud: 21.04.2003
|
|
| Kommentaarid: 19 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
1 :: |
18 |
|
| tagasi üles |
|
|
laurx
HV Guru
liitunud: 24.03.2004
|
|
11.01.2009 13:29
|
|
|
http://www.speedyshare.com/965417938.html
gmeri logi. pole teda ene kasutanud. peab natu 'ppima,et tema olemusest aru saama hakata.
_________________
Ketas, ketta, ketast, kettasse, kettas, kettast, kettale, kettal, kettalt, kettaks, kettani, kettana, kettata, kettaga. <--SPIKKER
O: lenovo X200/201 https://foorum.hinnavaatlus.ee/viewtopic.php?t=793868&highlight=
Mulle helistades pead teadma, et kõned salvestatakse. |
|
| Kommentaarid: 969 loe/lisa |
Kasutajad arvavad: |
|
:: |
3 :: |
0 :: |
642 |
|
| tagasi üles |
|
|
Lord Ami
HV veteran
liitunud: 13.01.2006
|
|
11.01.2009 16:26
|
|
|
Korras.
Korras.
Põhimõtteliselt kui GMER arvuti ära on kontrollinud, siis on seal rootkiti(de) puhul punaseid kirjeid. Nende peal tuleb teha parem klõps ja valida Delete ja Disable service. Selles logis neid aga polnud.
GMER on siis hea abiline kui tegemist on TDSSServ rootkitiga, mis ei lase netis eriti ringi käiia (eriti arvuti turvalisusega seonduvatel lehtedel)
_________________
|
|
| Kommentaarid: 54 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
49 |
|
| tagasi üles |
|
|
|
:: KKK
:: otsing 
:: statistika
:: kasutajate nimekiri
:: kasutajate grupid
:: registreeri
