Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Psexesvc:exe


  • This topic is locked This topic is locked
1 reply to this topic

#1 mariska

mariska

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Location:Turku
  • Local time:04:05 PM

Posted 24 February 2008 - 10:46 AM

Hi,hoping u can help me with problem.Well,i managed to download this fake/virused file and whatever i try i just cannot delete it.When i try i get a notice saying file or part of it is in use.My comp just started freezing/crashing and has generally been whirring and acting weird,and its not possible to be connected for too long without re-booting because of freezing.
I've done all the usual scans eg.kaperskey,panda,avg,sas but they don't find anything.i scanned with trend housecall and it found some malware,and hopefully deleted them.
There is also the question of PSEXESVC.EXE. that appeared in the reg. when it wasw never there before,i understand this is used by worms/trojans etc.to a exploit a computer.
I ran combofix and this removed PSEXESVC.EXE from the registry but problems still persist.that dodgy file is still present and refuses to budge.
I almost forgot to mention i have ran SDfix and Smithfraudfix also...but i haven't the logs..
Here is my hjt log and combofix log.....thanks.ATTENTION,SINCE I WROTE THIS THE PROBLEMS SEEMS TO BE RESOLVED.I USED KILLBOX TO DELETE THE FILE AND EVERYTHINGSEEMS NOW O.K.....CASE CLOSED...THANKS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:47, on 25.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Christian\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124300608156
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124300776359
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 8813 bytes

ComboFix 08-02-25.2 - Christian 2008-02-25 11:17:00.6 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.806 [GMT 2:00]
Running from: C:\Documents and Settings\Christian\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-25 to 2008-02-25 )))))))))))))))))
.

2008-02-24 22:47 . 2008-02-25 10:42 <KANSIO> d-------- C:\Documents and Settings\Christian\.housecall6.6
2008-02-24 21:47 . 2008-02-24 21:48 <KANSIO> d-------- C:\Program Files\Panda Security
2008-02-24 21:25 . 2008-02-24 21:25 <KANSIO> d-------- C:\fsaua.data
2008-02-24 21:21 . 2008-02-24 21:21 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-24 21:21 . 2008-02-24 21:21 <KANSIO> d-------- C:\Documents and Settings\Christian\Application Data\Malwarebytes
2008-02-24 21:21 . 2008-02-24 21:21 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-24 19:53 . 2008-02-24 19:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-24 19:52 . 2008-02-24 19:52 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-24 19:48 . 2008-02-22 18:44 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-24 19:48 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-24 19:31 . 2008-02-24 19:31 <KANSIO> d-------- C:\Documents and Settings\Christian\DoctorWeb
2008-02-24 16:53 . 2008-02-24 16:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-24 16:53 . 2008-02-24 16:53 2,553 --a------ C:\WINDOWS\unins000.dat
2008-02-24 11:52 . 2008-02-24 11:52 <KANSIO> d-------- C:\Program Files\Common Files\xing shared
2008-02-23 20:08 . 2008-02-23 20:08 <KANSIO> d-------- C:\Documents and Settings\Christian\Application Data\vlc
2008-02-23 20:07 . 2008-02-23 20:07 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-02-17 11:32 . 2008-02-17 11:57 <KANSIO> d-------- C:\Program Files\AVI to DVD Maker
2008-02-16 20:39 . 2008-02-16 20:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-16 18:05 . 2008-02-17 14:04 <KANSIO> d-------- C:\Program Files\VSO
2008-02-16 18:05 . 2008-02-17 14:04 <KANSIO> d-------- C:\Documents and Settings\Christian\Application Data\Vso
2008-02-16 18:05 . 2008-02-16 18:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-16 18:05 . 2008-02-17 14:04 47,360 --a------ C:\Documents and Settings\Christian\Application Data\pcouffin.sys
2008-01-25 20:07 . 2008-01-25 20:07 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 09:10 --------- d-----w C:\Documents and Settings\Christian\Application Data\Skype
2008-02-24 19:11 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-24 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 14:43 --------- d-----w C:\Program Files\DC++
2008-02-24 09:52 --------- d-----w C:\Program Files\Real
2008-02-24 09:51 --------- d-----w C:\Program Files\Common Files\Real
2008-02-23 18:08 --------- d-----w C:\Documents and Settings\Christian\Application Data\vlc
2008-02-17 12:04 --------- d-----w C:\Documents and Settings\Christian\Application Data\Vso
2008-02-16 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-14 10:55 49,651 ----a-w C:\WINDOWS\Fonts\Tempus sans ITC.zip
2007-08-27 09:33 20,972 ----a-w C:\WINDOWS\Fonts\agentorange.zip
2007-04-21 17:10 283,553,138 ----a-w C:\Program Files\PSE_40_WWE_TRYBUY.zip
2007-01-16 19:04 1,499,615 ----a-w C:\Program Files\wpo6demo.exe
2006-09-22 13:04 1,802,698 ----a-w C:\Program Files\Sony Cybershot DSCS40 41 MP Digital Camera with 3x Manual.pdf
2005-12-25 12:10 8,553,472 ----a-w C:\Program Files\AudioConverter.exe
2005-06-23 20:06 6,677,264 ----a-w C:\Program Files\awmaw.exe
2005-05-14 19:43 315,624 ----a-w C:\Program Files\dxwebsetup.exe
2005-05-13 15:09 35,113,704 ----a-w C:\Program Files\directx_9c_redist.exe
2005-04-15 19:20 302,680 ----a-w C:\Program Files\ac3filter_0_70b.exe
2005-04-01 17:56 2,591,640 ----a-w C:\Program Files\DCPlusPlus-0.673.exe
2005-03-29 11:53 37,189 ----a-w C:\Program Files\DC++ 0[1][1].673 Finnish.xml
2005-03-27 19:47 2,495,484 ----a-w C:\Program Files\DCPlusPlus-0.670.exe
2004-11-24 18:46 1,519 ----a-w C:\Program Files\Paint.lnk
2004-07-22 07:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 19:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 19:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 11:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 06:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 06:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 01:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 01:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 00:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2002-06-04 01:24 40,960 ----a-w C:\Program Files\auto.exe
2007-04-24 11:02 5 --sha-w C:\WINDOWS\system32\ffddeeb4_d.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 23:18 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-04-22 18:04 57344 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-04-22 18:05 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-04-22 18:05 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 03:48 275800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-24 11:50 185896]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 10:10:00 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 19:29]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 00:13]
S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 19:27]
S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 19:41]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 01:39]

.
'Ajoitetut tehtävät'-kansion sisältö
"2007-10-21 08:29:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-02 16:39:27 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1180177087.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-02-21 22:00:33 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ELISAT~2\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~2\ANTI-V~1\report.txt
"2008-02-25 08:56:18 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 11:20:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-25 11:21:41
.
2008-02-13 15:48:27 --- E O F ---

Edited by mariska, 25 February 2008 - 06:39 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:05 AM

Posted 25 February 2008 - 09:53 AM

ATTENTION,SINCE I WROTE THIS THE PROBLEMS SEEMS TO BE RESOLVED.I USED KILLBOX TO DELETE THE FILE AND EVERYTHINGSEEMS NOW O.K.....CASE CLOSED...THANKS


Thanks for informing us.

Should you find other problems, please open a new topic.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users