Joku ärsyttävä virus kiusaa :l Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:07:30, on 29.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe I:\WINDOWS\system32\nvsvc32.exe I:\WINDOWS\SYSTEM32\CTXFISPI.EXE I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\wuauclt.exe I:\Program Files\Valve\Steam\Steam.exe I:\WINDOWS\explorer.exe I:\WINDOWS\system32\wscntfy.exe I:\Program Files\Trend Micro\HijackThis\HijackThis.exe I:\Program Files\MSN Messenger\msnmsgr.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nTrayFw] I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [tray.exe] "I:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "I:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Steam] I:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: LimeWire On Startup.lnk = I:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185622284375 O21 - SSODL: printers - {5E4DAC6C-3422-4E76-98F2-4C6AAB5A08C6} - libcintles3.dll (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe -- End of file - 3213 bytes
Mulle siis joku lähetti jonkun tiedoston messengerissä, avasin sen. Nytten se välillä lähettää muille tyypeille jotain ihme viestejä, ja tiedoston jossa on se virus. Aika ärsyttävä .
