|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Can you please help me? - HJT log included
Hello, im new on the forums. i've noticed that my computer was running pretty slow lately and was reccomended by my friend that you guys fix computers very well. I wanted some help because im not too good with computers. Heres a HJT log included as you requested.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 오전 11:01:30, on 2009-05-21 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\dldwcoms.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Baram\npk\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CKAgent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: 야후! 툴바 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: ShopEnuri Reward - {0050FB41-02E4-4180-82B1-9387526B8BBB} - C:\Program Files\ShopEnr\shopenr.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Dell 도구 모음 - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EsqBrowserUI - {EE8D781C-615D-48B7-9DC8-AF05B1537769} - C:\WINDOWS\system32\EsqBrowserUI.dll O2 - BHO: Gulf Class - {FFDE727F-3330-45EB-B9F9-C1668E6E08B2} - C:\Program Files\Nate\AddressSearch\sch.dll O3 - Toolbar: 야후! 툴바 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Dell 도구 모음 - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ntasvr] "C:\Program Files\Nate\AddressSearch\ntasvr.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ProxyFirewall] C:\Program Files\ProxyFirewall\ProxyFirewall.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Logitech . 제품 등록.lnk = C:\Program Files\Common Files\Logishrd\eReg\Common\eReg.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nm...MStarter25.cab O16 - DPF: {17E9F830-9CFB-4381-BFDA-A25C6C7DCD2C} (CNeopleInstallAXCtlKor10 Object) - http://d-fighter.nefficient.co.kr/sa...r/dnf_real.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab O16 - DPF: {270EC7A6-4096-469B-865C-F9678A2C742B} (EasyPayX Control) - http://www.payzone.co.kr/EasyPayX/EasyPayX.cab O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab O16 - DPF: {318CA127-12CF-4386-B2F1-564D0600E6C9} (CNeopleInstallAXCtlKor10 Object) - http://d-fighter.nefficient.co.kr/sa.../dnf_first.cab O16 - DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} (KT ICS Download Component) - http://tales.nexon.com/tales2/pds/tales/AddOn.cab O16 - DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} (CommonWebStarter Control) - http://sunonline.hangame.com/WebRun/...WebStarter.cab O16 - DPF: {65132E5B-B5AD-4AF2-A98A-09F52E51810C} (Nanmola File Share Control 5) - http://www.nanmola.com/mmsv/NanmolaControl.CAB O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...b.2008.1.8.cab O16 - DPF: {8852138D-88A9-4836-B2EA-7DCEBCAA46B5} (CSpecInvestigator Object) - http://www.mabinogi.com/c3/Common/mabisrm.cab O16 - DPF: {8B92E3B3-6D67-48A3-9B7D-5983396A2D48} (Wk_setup Control) - https://www.wonderking.co.kr/gamestart/wk_setup.cab O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab O16 - DPF: {9542B8D8-F8F1-449A-9FA4-833C846E7B51} (NanMola File Share Control 5) - http://www.nanmola.com/mmsv/NanMolaControl.CAB O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) - O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab O16 - DPF: {A2086024-A082-453D-BFBA-0B29B2C7ABFB} (CNeopleInstallAXCtlKor9 Object) - http://d-fighter.nefficient.co.kr/sa...r/dnf_real.cab O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist...fyLauncher.cab O16 - DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} (SignGATE Class) - http://download.signgate.com/downloa...AxSignGATE.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/Daum...ab?ver=2,0,0,4 O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://id.hangame.com/common/HanSetup1020.cab O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NM...wnloaderEx.cab O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - http://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://cafe.naver.com/common/activex/NaverAXGuide.cab O23 - Service: Apple 모바일 장비 (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour 서비스 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Baram\npk\npkcmsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12583 bytes |
#2
|
||||
|
||||
Hi JaeyoungC and welcome. Your Hijack This log indicates that your operating system is infected but I need to see more comprehensive logs to be able to help you. Before you provide them, you need to know that I have made a personal decision not to help anyone who has peer to peer software installed on their computers (and this includes Bit Torrent software) so if you want my help, please uninstall any such programs now and reboot.
Go here and download DDS to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Please do not run any programs other than those that I suggest or install any new software while I am helping you. |
#3
|
|||
|
|||
as you have requested i uninstalled peer to peer software i could find. please tell me if there are anymore.
DDS (Ver_09-05-14.01) - NTFSx86 Run by Jae Young Choi at 1:07:13.71 on 2009-05-22 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2045.1466 [GMT 9:00] AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Nate\AddressSearch\ntasvr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Baram\npk\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\webemctl32.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jae Young Choi\Desktop\dds.scr C:\WINDOWS\system32\conime.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.naver.com/ uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = 128.223.8.112:3124 uURLSearchHooks: 야후! 툴바: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mWinlogon: Taskman=calwjfdj.exe BHO: ShopEnuri Reward: {0050fb41-02e4-4180-82b1-9387526b8bbb} - c:\program files\shopenr\shopenr.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Dell 도구 모음: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: IWebInterception Class: {bfddbdbb-f62c-4d4a-b574-59d276f47196} - c:\program files\click to tweak [basic]\WebInterception.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EsqBrowserUI: {ee8d781c-615d-48b7-9dc8-af05b1537769} - c:\windows\system32\EsqBrowserUI.dll BHO: Gulf Class: {ffde727f-3330-45eb-b9f9-c1668e6e08b2} - c:\program files\nate\addresssearch\sch.dll TB: 야후! 툴바: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Dell 도구 모음: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe" uRun: [ProxyFirewall] c:\program files\proxyfirewall\ProxyFirewall.exe mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE" mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ntasvr] "c:\program files\nate\addresssearch\ntasvr.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE |
#4
|
|||
|
|||
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\log ite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll Trusted Zone: d-fighter.com Trusted Zone: d-fighter.com\www Trusted Zone: nexon.com\df Trusted Zone: nexon.com\df.nexon.com,dflogin.nexon.com,login.df Trusted Zone: nexon.com\dflogin Trusted Zone: nexon.com\login.df DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter25.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17E9F830-9CFB-4381-BFDA-A25C6C7DCD2C} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/dnf_hg/installer/dnf_real.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {270EC7A6-4096-469B-865C-F9678A2C742B} - hxxp://www.payzone.co.kr/EasyPayX/EasyPayX.cab DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} - hxxp://s.nx.com/activex/public_new/nxpm.cab DPF: {318CA127-12CF-4386-B2F1-564D0600E6C9} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/installer/dnf_first.cab DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://tales.nexon.com/tales2/pds/tales/AddOn.cab DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} - hxxp://sunonline.hangame.com/WebRun/CommonWebStarter.cab DPF: {65132E5B-B5AD-4AF2-A98A-09F52E51810C} - hxxp://www.nanmola.com/mmsv/NanmolaControl.CAB DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2008.1.8.cab DPF: {8852138D-88A9-4836-B2EA-7DCEBCAA46B5} - hxxp://www.mabinogi.com/c3/Common/mabisrm.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8B92E3B3-6D67-48A3-9B7D-5983396A2D48} - hxxps://www.wonderking.co.kr/gamestart/wk_setup.cab DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab DPF: {9542B8D8-F8F1-449A-9FA4-833C846E7B51} - hxxp://www.nanmola.com/mmsv/NanMolaControl.CAB DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxp://ahnlabdownload.nefficient.co.kr/asp/cab/mkdplus.cab DPF: {A2086024-A082-453D-BFBA-0B29B2C7ABFB} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/dnf_hg/installer/dnf_real.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} - hxxp://download.signgate.com/download/certmgt/AxSignGATE.cab DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4 DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1020.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} - hxxp://download.netmarble.net/web/NMGameCheck/NetmarbleDownloaderEx.cab DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://cafe.naver.com/common/activex/NaverAXGuide.cab Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jaeyou~1\applic~1\mozilla\firefox\prof iles\e9z3iikb.default\ FF - plugin: c:\documents and settings\all users\application data\nexon\ngm\npNxGame.dll FF - plugin: c:\documents and settings\jae young choi\application data\mozilla\firefox\profiles\e9z3iikb.default\ext ensions\acqvplayer@sanstream.co.jp\plugins\npAcqVP layer.dll FF - plugin: c:\documents and settings\jae young choi\application data\mozilla\firefox\profiles\e9z3iikb.default\ext ensions\justintvpublisher@justin.tv\platform\winnt _x86-msvc\plugins\npjustintvpublish.dll FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPGomtvx_nie.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-5-15 1051136] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [2009-2-21 55152] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxp flt.sys [2005-2-19 205328] R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-23 290889] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpr eflt.sys [2005-2-19 36368] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-4-26 262215] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-16 24652] R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2009-5-12 12600] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-3 33752] S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\jae young choi\desktop\moonlight\moonlight engine\money1280.sys --> c:\documents and settings\jae young choi\desktop\moonlight\moonlight engine\Money1280.sys [?] S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2008-11-21 34744] S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2008-11-21 6784] S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2 kfNT.sys [2008-12-23 131456] S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2 Nadr.sys [2008-12-23 79104] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-3 32512] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2009-1-13 19504] S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2009-1-13 83160] S3 XDva225;XDva225;\??\c:\windows\system32\xdva225.sy s --> c:\windows\system32\XDva225.sys [?] S4 dldw_device;dldw_device;c:\windows\system32\dldwco ms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?] S4 dldwCATSCustConnectService;dldwCATSCustConnectServ ice;c:\windows\system32\spool\drivers\w32x86\3\dld wserv.exe [2009-2-4 99568] S4 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] S4 MSDTCT;Distributed Transaction;c:\windows\system32\hxgzboi.exe [2009-5-16 36864] S4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656] =============== Created Last 30 ================ 2009-05-20 17:18 36,864 a------- c:\windows\system32\calwjfdj.exe 2009-05-20 17:18 24,576 a------- c:\windows\system32\hijjeune.exe 2009-05-20 17:18 234,833 a------- c:\windows\system32\rornhrnt.exe 2009-05-19 09:47 299,008 -------- c:\windows\system32\webemctl32.exe 2009-05-18 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webcammax 2009-05-18 21:27 <DIR> --d----- c:\program files\WebcamMax 2009-05-18 13:09 <DIR> --d----- c:\program files\common files\HanGameAvatar 2009-05-16 22:55 102,160 -------- c:\windows\system32\Vb6ko.dll 2009-05-16 22:55 249,856 a------- c:\windows\system32\EsqBrowserUI.dll 2009-05-16 22:55 36,864 a------- c:\windows\system32\kbbvobmt.exe 2009-05-16 22:55 36,864 a------- c:\windows\system32\hxgzboi.exe 2009-05-16 22:55 2,820,696 a------- c:\windows\jomsmit8.exe 2009-05-15 13:54 <DIR> --d----- c:\docume~1\jaeyou~1\applic~1\Webcammax 2009-05-14 12:02 <DIR> --d----- C:\HanPurple |
#5
|
|||
|
|||
2009-05-14 12:02 151,552 a------- c:\windows\system32\PubPlugin.dll
2009-05-12 12:11 12,600 a------- c:\windows\system32\JRSUKD25.SYS 2009-05-12 12:11 124,216 a------- c:\windows\system32\CKAgent.exe 2009-05-12 10:25 <DIR> --d----- c:\docume~1\jaeyou~1\applic~1\RenPy 2009-05-11 01:02 <DIR> --d----- c:\program files\Umile 2009-05-11 00:47 296,472 a------- c:\windows\system32\NaverFDL.exe 2009-05-11 00:47 292,376 a------- c:\windows\system32\NaverFile.ocx 2009-05-09 01:15 <DIR> --d----- c:\program files\AviSynth 2.5 2009-05-09 01:15 <DIR> --d----- c:\program files\nzellsoft 2009-05-07 06:52 <DIR> --d----- c:\program files\The KMPlayer 2009-05-07 05:34 <DIR> --d----- c:\program files\common files\CyberLink 2009-05-07 05:32 <DIR> --d----- c:\windows\SxsCaPendDel 2009-05-07 05:32 29,480 a------- c:\windows\system32\msxml3a.dll 2009-05-06 15:03 <DIR> --d----- C:\DVDVideoSoft 2009-05-06 15:01 <DIR> --d----- c:\program files\AskBarDis 2009-05-06 15:00 <DIR> --d----- c:\program files\DVDVideoSoft 2009-05-06 15:00 <DIR> --d----- c:\program files\common files\DVDVideoSoft 2009-04-28 16:06 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_0 1_07_00.Wdf 2009-04-28 16:06 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_010 07.Wdf 2009-04-28 16:05 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00. Wdf 2009-04-28 15:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_010 07.Wdf 2009-04-28 15:58 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf 2009-04-28 15:58 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll 2009-04-28 15:56 465,920 -c------ c:\windows\system32\dllcache\imapi2fs.dll 2009-04-28 15:56 62,976 -c------ c:\windows\system32\dllcache\cdrom.sys 2009-04-28 15:56 465,920 -------- c:\windows\system32\imapi2fs.dll 2009-04-28 15:56 317,952 -c------ c:\windows\system32\dllcache\imapi2.dll 2009-04-28 15:56 317,952 -------- c:\windows\system32\imapi2.dll 2009-04-28 02:47 <DIR> --d----- C:\Netgear 2009-04-27 17:50 54,800 a------- c:\windows\system32\CMStarter_Eng.dll 2009-04-27 17:50 12,490,256 a------- c:\windows\system32\CMStarter_Kor.dll 2009-04-27 17:50 329,232 a------- c:\windows\system32\CMStarterCore.exe ==================== Find3M ==================== 2009-05-21 19:31 34,744 a------- c:\windows\system32\JRSKD24.sys 2009-05-12 12:11 632,120 a------- c:\windows\system32\CKSetup32.exe 2009-05-07 05:31 505,128 a------- c:\windows\system32\msvcp71.dll 2009-05-07 05:31 353,576 a------- c:\windows\system32\msvcr71.dll 2009-05-03 13:13 359 a------- c:\program files\DNFTestInstallPerformance.txt 2009-04-18 09:32 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf 2009-04-18 09:32 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf 2009-04-18 09:32 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf 2009-04-11 17:17 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-15 09:45 36,864 a------- c:\windows\system32\iikwzdsy.exe 2009-03-10 21:21 1,086,144 a------- c:\windows\system32\NaverAXGuide.exe 2009-03-09 16:38 102,400 a------- c:\windows\system32\CKComObj.dll 2009-03-09 16:07 312,632 a------- c:\windows\system32\XecureCK.dll 2009-03-09 16:07 79,160 a------- c:\windows\system32\Jrsoftcp.dll 2009-03-09 16:07 124,216 a------- c:\windows\system32\CKApp.dll 2009-03-06 23:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-03 09:18 826,368 a------- c:\windows\system32\wininet.dll 2009-02-21 03:09 78,336 a------- c:\windows\system32\ieencode.dll 2009-01-17 17:02 73 a------- c:\program files\Log.txt 2009-01-17 17:02 106 a------- c:\program files\AudiLog.txt 2009-01-17 16:56 18 a------- c:\program files\filecheck.log 2009-02-04 04:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020420090 205\index.dat ============= FINISH: 1:07:46.67 =============== |
#6
|
|||
|
|||
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2008-11-21 오후 6:36:31 System Uptime: 2009-05-22 오전 1:04:11 (0 hours ago) Motherboard: Dell Inc. | | 0UH741 Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2993/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 233 GiB total, 107.753 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 233 GiB total, 129.044 GiB free. G: is CDROM () H: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\770A572280140000 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\770A572280140000 Service: NIC1394 ==== System Restore Points =================== RP184: 2009-02-21 오전 9:38:13 - Installed Windows XP KB954708. RP185: 2009-02-21 오전 9:38:37 - Installed DirectX RP186: 2009-02-22 오후 4:25:02 - System Checkpoint RP187: 2009-02-23 오후 5:34:03 - System Checkpoint RP188: 2009-02-24 오전 11:24:48 - Installed Windows Media Player Firefox Plugin RP189: 2009-02-25 오후 5:05:42 - System Checkpoint RP190: 2009-02-26 오전 3:00:12 - Software Distribution Service 3.0 RP191: 2009-02-26 오전 5:57:12 - Software Distribution Service 3.0 RP192: 2009-02-27 오후 4:12:10 - System Checkpoint RP193: 2009-02-28 오후 4:46:29 - System Checkpoint RP194: 2009-03-01 오후 7:12:26 - System Checkpoint RP195: 2009-03-03 오전 1:51:11 - System Checkpoint RP196: 2009-03-04 오전 2:19:03 - System Checkpoint RP197: 2009-03-05 오전 2:39:58 - System Checkpoint RP198: 2009-03-06 오전 3:12:57 - System Checkpoint RP199: 2009-03-07 오전 3:30:57 - System Checkpoint RP200: 2009-03-08 오전 3:48:45 - System Checkpoint RP201: 2009-03-09 오전 4:35:38 - System Checkpoint RP202: 2009-03-10 오후 5:59:22 - System Checkpoint RP203: 2009-03-11 오후 6:52:11 - System Checkpoint RP204: 2009-03-12 오전 3:00:13 - Software Distribution Service 3.0 RP205: 2009-03-13 오후 8:36:49 - System Checkpoint RP206: 2009-03-16 오전 4:27:40 - System Checkpoint RP207: 2009-03-17 오후 5:01:06 - System Checkpoint RP208: 2009-03-19 오후 6:43:49 - System Checkpoint RP209: 2009-03-21 오전 1:57:44 - System Checkpoint RP210: 2009-03-22 오전 3:00:15 - Software Distribution Service 3.0 RP211: 2009-03-23 오전 5:17:44 - System Checkpoint RP212: 2009-03-25 오전 2:01:39 - System Checkpoint RP213: 2009-03-26 오전 10:45:11 - System Checkpoint RP214: 2009-03-27 오후 5:42:08 - System Checkpoint RP215: 2009-03-29 오전 1:38:45 - System Checkpoint RP216: 2009-03-30 오전 3:27:21 - System Checkpoint RP217: 2009-03-31 오후 8:04:43 - System Checkpoint RP218: 2009-04-01 오전 11:40:38 -Installed Nateon RP219: 2009-04-02 오후 9:21:04 - System Checkpoint RP220: 2009-04-04 오전 2:07:27 - System Checkpoint RP221: 2009-04-05 오전 4:43:11 - System Checkpoint RP222: 2009-04-06 오전 4:45:27 - System Checkpoint RP223: 2009-04-07 오후 6:52:35 - System Checkpoint RP224: 2009-04-08 오후 9:21:14 - System Checkpoint RP225: 2009-04-09 오후 9:32:34 - System Checkpoint RP226: 2009-04-11 오전 2:28:27 - System Checkpoint RP227: 2009-04-11 오후 12:59:34 - Installed MySQL Server 6.0 RP228: 2009-04-11 오후 1:03:34 - Installed MySQL Tools for 5.0 RP229: 2009-04-11 오후 2:40:56 - Installed MapleStory. RP230: 2009-04-11 오후 4:18:38 - Installed Hex Workshop v6 RP231: 2009-04-11 오후 5:15:54 - Installed Java(TM) SE Development Kit 6 Update 13 RP232: 2009-04-11 오후 5:17:32 - Uninstalled Java(TM) 6 Update 10 RP233: 2009-04-11 오후 5:17:49 - Installed Java(TM) 6 Update 13 RP234: 2009-04-13 오전 3:47:03 - System Checkpoint RP235: 2009-04-14 오후 6:36:12 - System Checkpoint RP236: 2009-04-15 오후 6:43:07 - System Checkpoint RP237: 2009-04-16 오후 11:01:42 - System Checkpoint RP238: 2009-04-17 오전 3:00:13 - Software Distribution Service 3.0 RP239: 2009-04-18 오전 9:31:39 - Logitech SetPoint Mouse and Keyboard Device Drivers RP240: 2009-04-20 오전 4:51:45 - System Checkpoint RP241: 2009-04-21 오후 7:13:28 - System Checkpoint RP242: 2009-04-22 오후 8:26:26 - System Checkpoint RP243: 2009-04-24 오전 12:45:48 - System Checkpoint RP244: 2009-04-25 오전 2:21:23 - System Checkpoint RP245: 2009-04-26 오전 2:47:18 - System Checkpoint RP246: 2009-04-27 오전 4:34:15 - System Checkpoint RP247: 2009-04-28 오후 3:05:41 - System Checkpoint RP248: 2009-04-28 오후 3:56:56 - Software Distribution Service 3.0 RP249: 2009-04-28 오후 3:57:32 - Installed Zune 3.1 RP250: 2009-04-28 오후 4:04:52 - Installed Windows XP Wudf01007. RP251: 2009-04-28 오후 4:06:47 - Installed Windows XP winusb0100. RP252: 2009-04-29 오전 3:00:13 - Software Distribution Service 3.0 |
#7
|
|||
|
|||
RP253: 2009-04-30 오후 4:13:19 - System Checkpoint
RP254: 2009-05-01 오후 4:48:03 - System Checkpoint RP255: 2009-05-02 오후 9:29:25 - System Checkpoint RP256: 2009-05-04 오전 12:38:41 - System Checkpoint RP257: 2009-05-05 오전 2:10:13 - System Checkpoint RP258: 2009-05-06 오후 4:54:19 - System Checkpoint RP259: 2009-05-07 오전 5:32:00 - Installed PowerDVD RP260: 2009-05-07 오전 6:32:08 - Uninstalled WonderKing RP261: 2009-05-07 오전 6:36:41 - Modified PowerDVD RP262: 2009-05-08 오후 4:50:04 - System Checkpoint RP263: 2009-05-09 오후 10:40:24 - System Checkpoint RP264: 2009-05-11 오전 1:02:37 - Installed Umile Encoder RP265: 2009-05-12 오전 3:30:56 - System Checkpoint RP266: 2009-05-13 오전 3:00:20 - Software Distribution Service 3.0 RP267: 2009-05-14 오후 5:13:04 - Installed Monster Hunter Frontier Online RP268: 2009-05-16 오전 2:06:58 - System Checkpoint RP269: 2009-05-17 오전 2:47:10 - System Checkpoint RP270: 2009-05-17 오전 10:36:50 - Installed Adobe Flash Media Live Encoder 3. RP271: 2009-05-18 오후 10:16:33 - Modified Monster Hunter Frontier Online RP272: 2009-05-19 오전 9:47:44 - SetPoint 4.72 RP273: 2009-05-20 오전 10:07:29 - System Checkpoint ==== Installed Programs ====================== ?????? ???????? 네이버 ActiveX 가이드 네이트 주소창 검색 네이트온 넥슨플러그 던전앤파이터 던전앤파이터 퍼스트 서버 마비노기 마비노기(테스트서버) 알씨 알집 알툴즈 업데이트 야후! 툴바 엔젤 인코더 삭제 온팁 - 클릭 투 트윅 [온라인] 1.1 클릭 투 트윅 4.4 테일즈위버 TEST 4.58 한게임 한게임 보안패치 한게임 자동 인스톨러 ABBYY FineReader 6.0 Sprint Abyss Web Server X1 (remove only) Adobe AIR Adobe Flash Media Live Encoder 3 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.1 Adobe Shockwave Player 11 AhnLab MyKeyDefense 2.0 AhnLab Online Security AhnLab Smart Update i AIM 6 Apple Mobile Device Support Apple Software Update Ask Toolbar AutoUpdate AviSynth 2.5 Bonjour CDDRV_Installer Choice Guard ClientKeeper KeyPro with E2E for 32bit CoreAAC Audio Decoder (remove only) Counter-Strike Counter-Strike: Source Creative MediaSource Critical Update for Windows Media Player 11 (KB959772) Curse Client Dell 도구 모음 Dell CinePlayer Dell Resource CD Dell V505 DivX Codec DivX Converter DivX Player DivX Web Player DTS+AC3 Filter erLT Free Studio version 4.1 getPlus(R) for Adobe GOM Player Hex Workshop v6 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954708) iTunes Java DB 10.4.1.3 Java(TM) 6 Update 13 Java(TM) 6 Update 7 Java(TM) SE Development Kit 6 Update 13 Java(TM) SE Development Kit 6 Update 7 Junk Mail filter update KhalInstallWrapper Logitech SetPoint Mabinogi MapleStory Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft LifeChat Microsoft National Language Support Downlevel APIs Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.7 Microsoft Visual C++ 2005 Redistributable Microsoft WinUsb 1.0 Monster Hunter Frontier Online Mozilla Firefox (3.0.10) MSVCRT MSXML 4.0 SP2 (KB954430) MySQL Server 6.0 MySQL Tools for 5.0 NetBeans IDE 6.1 NetmarbleSuddenAttack NVIDIA Drivers Pando Media Booster Preconfigured PHP Package 5.2.2 QuickTime Realtek AC'97 Audio Roxio DLA Roxio MyDVD LE Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) |
#8
|
|||
|
|||
Segoe UI
signGATE Certificate Management S/W v3.0 SignGATE EWS v2.9.2 Sonic Encoders Sonic Update Manager Soul of the Ultimate Nation Test Sound Blaster X-Fi Steam SuddenAttack System Requirements Lab The KMPlayer (remove only) Trend Micro PC-cillin Internet Security 12 Umile Encoder Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update Rollup 2 for Windows XP Media Center Edition 2005 Ventrilo Client Viewpoint Media Player Wanko to Kurasou English v1.0 Warcraft III WC3Banlist WebcamMax WebFldrs XP Windows Internet Explorer 7 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows ShopEnuri Uninstaller Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 WinPcap 3.1 World of Warcraft Xvid 1.1.3 final uninstall Zune Zune Language Pack (ES) Zune Language Pack (FR) ==== Event Viewer Messages From Past Week ======== 2009-05-22 오전 1:05:29, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA} 2009-05-21 오후 7:30:11, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA} 2009-05-21 오후 5:13:50, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA} 2009-05-21 오후 5:12:21, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Zune Bus Enumerator service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2009-05-21 오후 5:12:21, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 2009-05-21 오후 5:12:17, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s). 2009-05-21 오후 5:12:12, error: Service Control Manager [7031] - The Apple 모바일 장비 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2009-05-21 오후 5:12:09, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 2009-05-21 오후 1:01:40, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57592 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.232.182:123) is working properly. 2009-05-20 오후 5:20:20, error: Service Control Manager [7034] - The Trend Micro Proxy Service service terminated unexpectedly. It has done this 1 time(s). 2009-05-20 오후 5:20:18, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s). 2009-05-20 오후 5:17:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect. 2009-05-20 오후 5:17:41, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2009-05-19 오후 12:33:20, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57590 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) is working properly. 2009-05-19 오후 1:26:41, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 2009-05-19 오후 1:26:39, error: Service Control Manager [7034] - The Trend Micro Proxy Service service terminated unexpectedly. It has done this 1 time(s). 2009-05-19 오후 1:26:35, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s). 2009-05-19 오후 1:26:28, error: Service Control Manager [7034] - The Bonjour 서비스 service terminated unexpectedly. It has done this 1 time(s). 2009-05-19 오후 1:26:26, error: Service Control Manager [7031] - The Apple 모바일 장비 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2009-05-19 오후 1:03:11, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57591 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) is working properly. 2009-05-19 오후 1:03:03, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect. 2009-05-19 오후 1:03:03, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2009-05-19 오전 9:45:42, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect. 2009-05-19 오전 9:45:42, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2009-05-19 오전 9:45:13, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001422570A77 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 2009-05-18 오후 9:26:32, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect. 2009-05-18 오후 9:26:32, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2009-05-18 오후 12:34:27, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect. 2009-05-18 오후 12:34:27, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2009-05-17 오후 9:25:09, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57592 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) is working properly. 2009-05-17 오후 9:10:25, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 2009-05-17 오후 9:10:08, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 2009-05-17 오후 9:09:56, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect. 2009-05-17 오후 9:09:56, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2009-05-15 오후 10:53:03, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57592 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) is working properly. ==== End Of File =========================== |
#9
|
||||
|
||||
Download the latest version of Combofix.exe from here and save it to your C folder (C:\ComboFix.exe).
Doubleclick on combofix.exe and the scan will start (go ahead and install the Recovery Console if you are asked to do so). When the scan completes, a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. NB Please disable your antivirus program as it may interfere with ComboFix's routines. Also download the latest version of Gmer from here to your Desktop. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder When you have done this, close all running programs including those in your notification area (bottom righthand corner of your screen) and doubleclick on Gmer.exe to run it. Click on the Rootkit tab and look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Save the file and copy the information and post it here please. Warning! Please do not select the "Show all" checkbox during the scan |
#10
|
|||
|
|||
thank you again for helping me annmarie
ComboFix 09-05-22.01 - Jae Young Choi 2009-05-22 10:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2045.1548 [GMT 9:00] Running from: c:\documents and settings\Jae Young Choi\Desktop\ComboFix.exe AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\01d00098f732f640c6a5c8d431515b46.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\049497fd8947e722ae04b02eab871c18.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\067a9fd1541da872bb757c3da6a33d92.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0783fa07a21528ab730a1df23334399c.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0999dc9d92e75202025b885f39592438.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0ba4ed06c78b5997716890d067fe2f51.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0bb985ae9fc3a38262b3fd4c5cb03a3e.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0ccc70e9bd23465e9e97d9445314fa13.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0d5b5b246d05342352b6c776e1cf5212.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\11e75649feaf8ef009c4ed99aafe8310.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\1ba01a94a454af76ad1d723478b7127d.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\1ec397e7e85d3c521dc4c849c4e3ea0f.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\1f840d5d0d14655c624d157818b7003d.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\24c8b24d8a5c9889dac59d968fa1b8d8.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\251f27bb0e06e757f562bc1dc84a615f.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\25e9c02c9d769d249732f66e042c290e.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\28358b19588cf08bbb5de8b51850fe3a.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\288a0b7430370eb282f72b7e015c3c9a.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\28e51fb50e37beadbd134e4ae50e8f63.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2a066ba87c16f28ec9819e3285252403.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2c5a2cabd3b78548df720c3ee90efb41.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2c86ccbe1c6e19b40bb8de244b0ba1e7.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2d0afc3654f0a438f23598fb84be758c.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2dfb42d5ca2c7ccc627743d095dfbac9.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2eacacaddf4a71fe74de2b3f14074ac6.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\354c633ff9bf6fb3ecfad0ad65113c47.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\366a8f1bc352313a1074df76fdbce056.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\393e4d90773d8bbc9b905d903b618bdf.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\397bc65516fb1e815aa106a3d14d5305.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\3c1498e5ef362e757dc43d17482960f3.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\3ca41046bcb79924498d631f343d4371.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\461b3a8e7cfacb0c812e36aed9447c6d.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\46ceb001bfdc384ffe00657d8c567973.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\46eb2cd25804a00a1f22c69c4020c7e5.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\47d1dba34092ceb5412ac6f70c51e606.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\485d27cb769c9983f17e3d9eb5d03c5c.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\4b377d6eea3966e34c9a3ac2c647e5e5.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\4e216d83dc7da9779966ea4d31e236dd.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\4e6865e0bf7cf90244ce414917cc6556.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\51303604fcc7ede3ff317e6daac0c19a.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\52b483be9d71439ea530fb17638e5382.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\56613b7bd5cb1c3e01ecaa7a811022a9.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\59a83ef1238e50bddcc7caeb618d1824.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\59d3e0ea0c210c7674fea90f5382090c.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\5af1fa38e21413b7b2f5c6371f706543.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\5c5edcfe25ff895bc5c6a8d734710c5c.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\5f45a68915125fa8ad11a60ebffe29ee.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\6166b09fdf1ac1eaa1ae57a6eb20c03b.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\63eb5d17d60101356a7bbfdaae9afa57.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\654f8818ae39026c29f34808452fb02f.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\69482b1568b01b43c70d0ace76055f7e.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\6ab204a5ef9f916fe93d527a421ffdda.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\741983fb8768fa4d118c8ca59f82bb83.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\7cef98e862160d452cf773da8f4e2064.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\7f1d8b588793a67a9e8271b309c497c8.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\82724e37ddf746e5c798c9541a83d990.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\877d5ef68d1b6d7922fd09e955289803.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\8abcdf24b4bfa351f3b767c4232c6d02.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\91a1315c3d05215b1504e5899d32b936.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\9a40bf533c72981026081869543bbde2.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\9a846edeab464b62f0f2a74c54059f0b.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\9c5178781b9775c8036205fa67727330.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\9f9c2aa3ed1b1b0f922524c5a5260d1c.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\a26ba057241a8c2ae219a8db7335f51c.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\a67e0c2d6a842bf89983192c7e42d7c7.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\a9583053db1a9b326763e99e2321c517.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\ad63fa05a8e976a9e0939831eb5ba308.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\b2c8a6ebad81932fcbe8461599d71865.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\b527594c48bbaad67924ced89a416e20.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\b86745632d1223fab788478c41828d9a.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\b88e5980318f9688b4348228079f4f04.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c25b7660062dfaf312f7142d2126cf2e.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c2a9bad2a6f3c5b8aba800c2646abbf0.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c36f2f770b74dd9e49947e924f85eeea.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c636b5bf68f8ea6811c91dd569143b63.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c73959eceda75ddf82609033ed2756e9.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\ccbebc209ee7342ed2a62b6d6e996645.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d0d1583aaf54f587014b422167bddd89.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d41d8cd98f00b204e9800998ecf8427e.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d7c0d1ef6446382c3f7bb71308ba122f.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d8c72d47eaed4bf47aa5d4f291a7c350.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d909bf9e40d3de9bfa779059a90ff834.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\dc973701a6a9f218f60e389f479684db.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\dcc3ea4461b925db5858951892b5fa12.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\df0ea822d926c8fa5e9401e70f2cea67.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\e09d50f5972f50e03ca6be41cf66e0b5.bmp Last edited by JaeyoungC; May 22nd, 2009 at 09:45 PM. |
#11
|
|||
|
|||
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\e261f32b2da3462f5a3f10d0e3cb11c7.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\e52ee3c662672a47bf85d717ebb4ae8e.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\e5c061252396f14b1dca59f288bf9c20.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\ebc4635e6aeb6c62f3801a378bdfaa4d.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\ecb246b7273dc7466b406d7b8b10c09e.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\f63720489499e58792f33295e3dfbf29.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\f9531b586c797615c6b11c5d9e8b7302.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\fd44d831ab115f692f560f8ea07c9868.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\fe5046d3ac6595d8f385d8a45126456e.bmp c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\fe6d388665fbc8cdfabaa8dc587839f7.bmp c:\windows\system32\17466045.dll c:\windows\system32\20614088.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ILVMONEYDRIVER53 -------\Service_IlvMoneyDRIVER53 ((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 ))))))))))))))))))))))))))))))) . 2009-05-20 08:18 . 2009-05-20 08:36 24576 ----a-w c:\windows\system32\hijjeune.exe 2009-05-20 08:18 . 2009-05-20 08:31 36864 ----a-w c:\windows\system32\calwjfdj.exe 2009-05-20 08:18 . 2009-05-20 08:18 234833 ----a-w c:\windows\system32\rornhrnt.exe 2009-05-19 00:47 . 2009-05-19 07:46 299008 ------w c:\windows\system32\webemctl32.exe 2009-05-18 12:28 . 2009-05-18 12:28 -------- d-----w c:\documents and settings\All Users\Application Data\Webcammax 2009-05-18 12:27 . 2009-05-18 12:28 -------- d-----w c:\program files\WebcamMax 2009-05-18 04:09 . 2009-05-18 04:09 -------- d-----w c:\program files\Common Files\HanGameAvatar 2009-05-16 13:55 . 1998-07-21 15:00 102160 ------w c:\windows\system32\Vb6ko.dll 2009-05-16 13:55 . 2009-05-15 02:23 36864 ----a-w c:\windows\system32\hxgzboi.exe 2009-05-16 13:55 . 2009-05-15 02:21 36864 ----a-w c:\windows\system32\kbbvobmt.exe 2009-05-16 13:55 . 2009-05-14 09:05 249856 ----a-w c:\windows\system32\EsqBrowserUI.dll 2009-05-16 13:55 . 2009-05-16 13:55 2820696 ----a-w c:\windows\jomsmit8.exe 2009-05-15 05:03 . 2008-12-18 02:19 1796096 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Mozilla\Firefox\Profiles\e9z3iikb.default\ext ensions\justintvpublisher@justin.tv\platform\WINNT _x86-msvc\plugins\npjustintvpublish.dll 2009-05-14 03:02 . 2009-05-14 08:13 -------- d-----w C:\HanPurple 2009-05-14 03:02 . 2009-03-26 01:47 151552 ----a-w c:\windows\system32\PubPlugin.dll 2009-05-12 03:11 . 2009-05-21 10:31 12600 ----a-w c:\windows\system32\JRSUKD25.SYS 2009-05-12 03:11 . 2009-05-12 03:11 124216 ----a-w c:\windows\system32\CKAgent.exe 2009-05-12 02:45 . 2009-05-12 03:06 64 ----a-w c:\documents and settings\Jae Young Choi\Application Data\RenPy\persistent\act1.katawa-shoujo.com 2009-05-12 01:25 . 2009-05-12 01:25 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\RenPy 2009-05-10 16:02 . 2009-05-10 16:02 -------- d-----w c:\program files\Umile 2009-05-10 15:47 . 2008-11-10 04:37 296472 ----a-w c:\windows\system32\NaverFDL.exe 2009-05-08 16:15 . 2009-05-08 16:15 -------- d-----w c:\program files\AviSynth 2.5 2009-05-08 16:15 . 2009-05-08 16:15 -------- d-----w c:\program files\nzellsoft 2009-05-06 21:52 . 2009-05-17 13:01 -------- d-----w c:\program files\The KMPlayer 2009-05-06 20:43 . 2009-05-06 20:43 -------- d-----w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\CyberLink 2009-05-06 20:43 . 2009-05-06 20:43 -------- d-----w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\PowerCinema 2009-05-06 20:37 . 2009-05-06 20:37 -------- d-----w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\PowerDVDCox 2009-05-06 20:37 . 2009-05-06 20:37 -------- d-----w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\PowerDVDCinema 2009-05-06 20:36 . 2009-05-06 20:36 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\CyberLink 2009-05-06 20:34 . 2009-05-06 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2009-05-06 20:34 . 2009-05-06 20:34 -------- d-----w c:\program files\Common Files\CyberLink 2009-05-06 20:32 . 2009-05-06 21:49 -------- d-----w c:\windows\SxsCaPendDel 2009-05-06 20:32 . 2009-05-06 20:31 29480 ----a-w c:\windows\system32\msxml3a.dll 2009-05-06 20:32 . 2009-05-13 06:25 -------- d---a-w c:\documents and settings\All Users\Application Data\Temp 2009-05-06 20:32 . 2009-05-06 21:36 53319 ----a-w c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe 2009-05-06 06:03 . 2009-05-06 06:03 -------- d-----w C:\DVDVideoSoft 2009-05-06 06:01 . 2009-05-06 06:01 -------- d-----w c:\program files\AskBarDis 2009-05-06 06:00 . 2009-05-21 16:00 -------- d-----w c:\program files\Common Files\DVDVideoSoft 2009-05-06 06:00 . 2009-05-06 06:00 -------- d-----w c:\program files\DVDVideoSoft 2009-04-28 06:58 . 2008-03-21 04:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll 2009-04-28 06:57 . 2009-04-28 07:03 -------- d-----w c:\program files\Zune 2009-04-28 06:56 . 2008-05-02 13:25 465920 -c----w c:\windows\system32\dllcache\imapi2fs.dll 2009-04-28 06:56 . 2008-05-02 13:25 465920 ------w c:\windows\system32\imapi2fs.dll 2009-04-28 06:56 . 2008-05-02 10:49 62976 -c----w c:\windows\system32\dllcache\cdrom.sys 2009-04-28 06:56 . 2008-05-02 13:25 317952 -c----w c:\windows\system32\dllcache\imapi2.dll 2009-04-28 06:56 . 2008-05-02 13:25 317952 ------w c:\windows\system32\imapi2.dll 2009-04-27 17:47 . 2009-04-27 17:47 -------- d-----w C:\Netgear 2009-04-27 08:50 . 2009-04-27 08:50 54800 ----a-w c:\windows\system32\CMStarter_Eng.dll 2009-04-27 08:50 . 2009-04-27 08:50 12490256 ----a-w c:\windows\system32\CMStarter_Kor.dll 2009-04-27 08:50 . 2009-04-27 08:50 329232 ----a-w c:\windows\system32\CMStarterCore.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-05-21 16:02 . 2008-12-18 22:00 -------- d-----w c:\program files\illusionsoft 2009-05-21 16:00 . 2008-12-16 04:37 -------- d-----w c:\program files\Illusion 2009-05-21 15:59 . 2008-11-21 10:48 -------- d-----w c:\program files\Neffy 2009-05-21 10:31 . 2008-11-21 10:44 34744 ----a-w c:\windows\system32\JRSKD24.sys 2009-05-21 09:58 . 2008-11-22 17:18 -------- d-----w c:\program files\Warcraft III 2009-05-21 02:01 . 2008-11-21 11:10 -------- d-----w c:\program files\Trend Micro 2009-05-16 13:55 . 2009-04-03 18:45 -------- d-----w c:\program files\ShopEnr 2009-05-15 04:54 . 2009-05-15 04:54 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\Webcammax 2009-05-14 08:13 . 2008-11-21 09:57 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-12 03:11 . 2009-04-01 02:45 632120 ----a-w c:\windows\system32\CKSetup32.exe 2009-05-10 16:03 . 2009-02-09 21:59 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\mIRC 2009-05-07 14:18 . 2009-02-02 23:28 -------- d-----w c:\program files\Steam 2009-05-06 21:28 . 2009-01-08 21:12 373488 ----a-w c:\documents and settings\All Users\Application Data\Nexon\NGM\NGMResource.dll 2009-05-06 20:31 . 2003-03-19 04:14 505128 ----a-w c:\windows\system32\msvcp71.dll 2009-05-06 20:31 . 2003-02-21 12:42 353576 ----a-w c:\windows\system32\msvcr71.dll 2009-05-05 06:49 . 2008-11-22 06:38 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\LimeWire 2009-05-04 18:37 . 2008-11-21 11:31 -------- d-----w c:\program files\World of Warcraft 2009-05-03 04:13 . 2009-01-21 01:06 359 ----a-w c:\program files\DNFTestInstallPerformance.txt 2009-05-03 04:13 . 2009-01-18 02:13 -------- d-----w c:\program files\DNFTest 2009-04-28 07:06 . 2009-04-28 07:06 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_0 1_07_00.Wdf 2009-04-28 07:06 . 2009-04-28 07:06 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_010 07.Wdf 2009-04-28 07:05 . 2009-04-28 07:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00. Wdf 2009-04-28 07:03 . 2008-11-21 18:44 -------- d-----w c:\program files\Curse 2009-04-28 06:58 . 2009-04-28 06:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_010 07.Wdf 2009-04-28 06:58 . 2009-04-28 06:58 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf 2009-04-27 17:45 . 2008-11-28 05:40 30192 ----a-w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-23 00:39 . 2009-01-18 19:38 -------- d-----w c:\program files\Common Files\Adobe 2009-04-20 23:00 . 2008-12-23 01:12 -------- d-s---w c:\program files\Mabinogi_test 2009-04-18 04:21 . 2008-12-04 22:45 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\ESTsoft 2009-04-18 04:21 . 2009-04-18 04:21 -------- d-----w c:\documents and settings\All Users\Application Data\ESTsoft 2009-04-18 04:21 . 2008-12-04 22:45 -------- d-----w c:\program files\ESTsoft 2009-04-18 00:48 . 2009-04-18 00:48 137 ----a-w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\fusioncache.dat 2009-04-18 00:38 . 2009-04-18 00:38 -------- d-----w c:\program files\Microsoft LifeChat 2009-04-18 00:34 . 2009-04-18 00:30 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-04-18 00:34 . 2009-04-18 00:34 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\Logitech 2009-04-18 00:33 . 2009-04-18 00:33 53248 ----a-r c:\documents and settings\Jae Young Choi\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2009-04-18 00:33 . 2009-04-18 00:30 -------- d-----w c:\program files\Common Files\Logishrd 2009-04-18 00:32 . 2009-04-18 00:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf 2009-04-18 00:32 . 2009-04-18 00:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf 2009-04-18 00:32 . 2009-04-18 00:32 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf 2009-04-18 00:30 . 2009-04-18 00:30 -------- d-----w c:\program files\Logitech 2009-04-18 00:30 . 2009-04-18 00:30 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-04-16 05:06 . 2009-04-16 05:06 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\acccore 2009-04-16 05:06 . 2009-04-16 05:04 -------- d-----w c:\program files\AIM6 2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\program files\Viewpoint 2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\acccore 2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP 2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-04-16 05:04 . 2009-04-16 05:04 -------- d-----w c:\program files\Common Files\AOL 2009-04-16 02:12 . 2009-04-11 04:07 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\MySQL 2009-04-11 08:23 . 2009-04-11 08:23 57344 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-1ad65dee-n\Decora-SSE.dll 2009-04-11 08:23 . 2009-04-11 08:23 24064 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-6477a5ce-n\Decora-D3D.dll 2009-04-11 08:23 . 2009-04-11 08:23 315392 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7a08e684-n\jogl.dll 2009-04-11 08:23 . 2009-04-11 08:23 20480 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7a08e684-n\jogl_awt.dll 2009-04-11 08:23 . 2009-04-11 08:23 20480 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3133860e-n\gluegen-rt.dll 2009-04-11 08:23 . 2009-04-11 08:23 114688 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7a08e684-n\jogl_cg.dll 2009-04-11 08:23 . 2009-04-11 08:23 499712 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-14c353d3-n\msvcp71.dll 2009-04-11 08:23 . 2009-04-11 08:23 499712 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-14c353d3-n\jmc.dll 2009-04-11 08:23 . 2009-04-11 08:23 348160 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-14c353d3-n\msvcr71.dll 2009-04-11 08:18 . 2009-04-11 08:18 -------- d-----w c:\program files\Sun 2009-04-11 08:17 . 2008-11-22 06:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-11 08:15 . 2008-11-22 06:37 -------- d-----w c:\program files\Java 2009-04-11 05:50 . 2009-04-11 05:50 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\Nexon 2009-04-11 05:41 . 2009-04-11 05:41 45056 ----a-r c:\documents and settings\Jae Young Choi\Application Data\Microsoft\Installer\{7A512A34-F4E8-43C4-BD80-43A022B31BF6}\MapleStory.exe1_7A512A34F4E843C4BD80 43A022B31BF6.exe 2009-04-11 05:41 . 2009-04-11 05:41 45056 ----a-r c:\documents and settings\Jae Young Choi\Application Data\Microsoft\Installer\{7A512A34-F4E8-43C4-BD80-43A022B31BF6}\MapleStory.exe_7A512A34F4E843C4BD804 3A022B31BF6.exe 2009-04-11 05:41 . 2009-04-11 05:41 10134 ----a-r c:\documents and settings\Jae Young Choi\Application Data\Microsoft\Installer\{7A512A34-F4E8-43C4-BD80-43A022B31BF6}\ARPPRODUCTICON.exe 2009-04-11 03:17 . 2009-04-11 03:17 -------- d-----w c:\program files\Common Files\Java 2009-04-11 02:18 . 2009-04-11 02:18 6069144 ----a-w c:\documents and settings\Jae Young Choi\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip742. exe 2009-04-08 21:07 . 2009-04-03 18:44 -------- d-----w c:\program files\Click To Tweak [Basic] 2009-04-07 05:31 . 2008-11-21 17:07 -------- d-----w c:\program files\DNF 2009-04-06 20:19 . 2009-04-06 19:57 -------- d-----w c:\program files\Wizet 2009-04-03 18:45 . 2009-04-03 18:45 -------- d-----w c:\program files\OnTip 2009-04-01 02:50 . 2009-04-01 02:40 -------- d-----w c:\program files\NATEON 2009-04-01 02:40 . 2009-04-01 02:40 -------- d-----w c:\program files\Nate 2009-04-01 00:36 . 2009-04-01 00:36 541968 ----a-w c:\documents and settings\All Users\Application Data\ESTsoft\ALSee\ALAd.dll 2009-03-26 17:55 . 2009-03-17 06:44 864256 ----a-w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\DnFLogInAgent.exe 2009-03-26 03:42 . 2009-03-26 03:42 -------- d-----w c:\program files\DtsFilter 2009-03-25 07:29 . 2009-03-25 07:29 369936 ----a-w c:\documents and settings\All Users\Application Data\ESTsoft\ALCM\ALCMUpdate.exe 2009-03-24 03:27 . 2009-03-24 03:27 5972968 ----a-w c:\documents and settings\Jae Young Choi\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip741. exe 2009-03-17 06:44 . 2009-03-17 06:44 286720 ----a-w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\NeopleLogInAgentIns.exe 2009-03-15 00:45 . 2009-03-15 00:45 36864 ----a-w c:\windows\system32\iikwzdsy.exe 2009-03-10 18:55 . 2008-12-22 23:48 131456 ----a-w c:\windows\system32\drivers\Mkd2kfNT.sys 2009-03-10 12:21 . 2009-03-10 12:21 1086144 ----a-w c:\windows\system32\NaverAXGuide.exe 2009-03-09 07:38 . 2008-12-03 07:41 102400 ----a-w c:\windows\system32\CKComObj.dll 2009-03-09 07:07 . 2008-12-03 07:41 312632 ----a-w c:\windows\system32\XecureCK.dll 2009-03-09 07:07 . 2008-11-21 10:44 79160 ----a-w c:\windows\system32\Jrsoftcp.dll 2009-03-09 07:07 . 2008-11-21 10:44 124216 ----a-w c:\windows\system32\CKApp.dll 2009-03-06 14:22 . 2004-08-10 11:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2004-08-10 11:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-21 08:29 . 2008-11-23 09:04 552960 ---ha-w c:\documents and settings\Jae Young Choi\Application Data\Hangame\hgstarter.exe 2009-01-17 08:02 . 2009-01-17 08:02 73 ----a-w c:\program files\Log.txt 2009-01-17 08:02 . 2009-01-17 07:44 106 ----a-w c:\program files\AudiLog.txt 2009-01-17 07:56 . 2009-01-17 07:56 18 ----a-w c:\program files\filecheck.log . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-26 01:32 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE8D781C-615D-48B7-9DC8-AF05B1537769}] |
#12
|
|||
|
|||
2009-05-14 09:05 249856 ----a-w c:\windows\system32\EsqBrowserUI.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880] "pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-23 823362] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [2004-07-28 221184] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-10-07 86016] "ntasvr"="c:\program files\Nate\AddressSearch\ntasvr.exe" [2009-04-10 136568] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-11 148888] "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-19 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="calwjfdj.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-02-18 15:30 72208 ----a-w c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneWlanCfgSvc"=3 (0x3) "ZuneNetworkSvc"=3 (0x3) "ZuneBusEnum"=2 (0x2) "SeaPort"=2 (0x2) "rpcapd"=3 (0x3) "MySQL"=2 (0x2) "MSDTCT"=2 (0x2) "iPod Service"=3 (0x3) "fsssvc"=3 (0x3) "dldw_device"=2 (0x2) "dldwCATSCustConnectService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"= "c:\\Nexon\\NexonPlug\\NMService.exe"= "c:\\Program Files\\TalesWeaverTest\\InphaseNXD.EXE"= "c:\\Program Files\\Dell V505\\dldwamon.exe"= "c:\\Program Files\\Dell V505\\FRun.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"= "c:\\WINDOWS\\system32\\dldwcoms.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "6881:TCP"= 6881:TCP:Blizzard Downloader: 6881 "56445:TCP"= 56445:TCP:Pando Media Booster "56445:UDP"= 56445:UDP:Pando Media Booster R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-05-15 오후 1:54 1051136] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [2009-02-21 오전 9:39 55152] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxp flt.sys [2005-02-19 오전 10:04 205328] R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-23 오후 12:31 290889] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpr eflt.sys [2005-02-19 오전 10:04 36368] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-04-26 오전 8:41 262215] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-04-16 오후 2:05 24652] R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2009-05-12 오후 12:11 12600] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-03 오후 5:26 33752] S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2008-11-21 오후 7:44 34744] S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2008-11-21 오후 7:44 6784] S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2 kfNT.sys [2008-12-23 오전 8:48 131456] S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2 Nadr.sys [2008-12-23 오전 8:48 79104] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-03 오전 6:10 32512] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2009-01-13 오전 5:54 19504] S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2009-01-13 오전 5:54 83160] S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sy s --> c:\windows\system32\XDva225.sys [?] S4 dldw_device;dldw_device;c:\windows\system32\dldwco ms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?] S4 dldwCATSCustConnectService;dldwCATSCustConnectServ ice;c:\windows\system32\spool\drivers\w32x86\3\dld wserv.exe [2009-02-04 오전 5:27 99568] S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 오후 6:08 533360] S4 MSDTCT;Distributed Transaction;c:\windows\system32\hxgzboi.exe [2009-05-16 오후 10:55 36864] . - - - - ORPHANS REMOVED - - - - HKCU-Run-ProxyFirewall - c:\program files\ProxyFirewall\ProxyFirewall.exe HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE . ------- Supplementary Scan ------- . uStart Page = hxxp://www.naver.com/ uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = 128.223.8.112:3124 Trusted Zone: d-fighter.com Trusted Zone: d-fighter.com\www Trusted Zone: nexon.com\df Trusted Zone: nexon.com\df.nexon.com,dflogin.nexon.com,login.df Trusted Zone: nexon.com\dflogin Trusted Zone: nexon.com\login.df DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter25.cab DPF: {17E9F830-9CFB-4381-BFDA-A25C6C7DCD2C} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/dnf_hg/installer/dnf_real.cab DPF: {270EC7A6-4096-469B-865C-F9678A2C742B} - hxxp://www.payzone.co.kr/EasyPayX/EasyPayX.cab DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} - hxxp://s.nx.com/activex/public_new/nxpm.cab DPF: {318CA127-12CF-4386-B2F1-564D0600E6C9} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/installer/dnf_first.cab DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://tales.nexon.com/tales2/pds/tales/AddOn.cab DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} - hxxp://sunonline.hangame.com/WebRun/CommonWebStarter.cab DPF: {65132E5B-B5AD-4AF2-A98A-09F52E51810C} - hxxp://www.nanmola.com/mmsv/NanmolaControl.CAB DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2008.1.8.cab DPF: {8852138D-88A9-4836-B2EA-7DCEBCAA46B5} - hxxp://www.mabinogi.com/c3/Common/mabisrm.cab DPF: {8B92E3B3-6D67-48A3-9B7D-5983396A2D48} - hxxps://www.wonderking.co.kr/gamestart/wk_setup.cab DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab DPF: {9542B8D8-F8F1-449A-9FA4-833C846E7B51} - hxxp://www.nanmola.com/mmsv/NanMolaControl.CAB DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxp://ahnlabdownload.nefficient.co.kr/asp/cab/mkdplus.cab DPF: {A2086024-A082-453D-BFBA-0B29B2C7ABFB} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/dnf_hg/installer/dnf_real.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} - hxxp://download.signgate.com/download/certmgt/AxSignGATE.cab DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4 DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1020.cab DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} - hxxp://download.netmarble.net/web/NMGameCheck/NetmarbleDownloaderEx.cab DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://cafe.naver.com/common/activex/NaverAXGuide.cab FF - ProfilePath - c:\documents and settings\Jae Young Choi\Application Data\Mozilla\Firefox\Profiles\e9z3iikb.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Nexon\NGM\npNxGame.dll FF - plugin: c:\documents and settings\Jae Young Choi\Application Data\Mozilla\Firefox\Profiles\e9z3iikb.default\ext ensions\AcqVPlayer@sanstream.co.jp\plugins\npAcqVP layer.dll FF - plugin: c:\documents and settings\Jae Young Choi\Application Data\Mozilla\Firefox\Profiles\e9z3iikb.default\ext ensions\justintvpublisher@justin.tv\platform\WINNT _x86-msvc\plugins\npjustintvpublish.dll FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGomtvx_nie.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-22 10:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M ySQL] "ImagePath"="\"f:\program files\MySQL\MySQL Server 6.0\bin\mysqld\" --defaults-file=\"f:\program files\MySQL\MySQL Server 6.0\my.ini\" MySQL" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1993962763-1343024091-839522115-1003\Software\Microsoft\MessengerService\GroupStat eCacheU\*촴? "Name"=hex:00,ac,71,c8,00,00 "Collapsed"=hex:01,00,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(744) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2128) c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\progra~1\WINDOW~3\wmpband.dll |
#13
|
|||
|
|||
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe c:\windows\system32\conime.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Baram\npk\npkcmsvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\program files\Logitech\SetPoint\LBTWiz.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\webemctl32.exe . ************************************************** ************************ . Completion time: 2009-05-22 10:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-22 01:55 Pre-Run: 115,641,282,560 bytes free Post-Run: 117,118,267,392 bytes free 477 --- E O F --- 2009-05-12 18:02 |
#14
|
|||
|
|||
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-22 13:36:02 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT spyh.sys ZwCreateKey [0xF74D70E0] SSDT spyh.sys ZwEnumerateKey [0xF74F5CA2] SSDT spyh.sys ZwEnumerateValueKey [0xF74F6030] SSDT spyh.sys ZwOpenKey [0xF74D70C0] SSDT spyh.sys ZwQueryKey [0xF74F6108] SSDT spyh.sys ZwQueryValueKey [0xF74F5F88] SSDT spyh.sys ZwSetValueKey [0xF74F619A] INT 0x62 ? 8A81CBF8 INT 0x63 ? 8A7D3BF8 INT 0x73 ? 8A7D3BF8 INT 0xA4 ? 8A81BBF8 Code \??\C:\DOCUME~1\JAEYOU~1\LOCALS~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- ? spyh.sys The system cannot find the file specified. ! ? Combo-Fix.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload B87CB8AC 5 Bytes JMP 8A81B1D8 .text asf51kuy.SYS B82A3386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text asf51kuy.SYS B82A33AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text asf51kuy.SYS B82A33C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text asf51kuy.SYS B82A33C9 1 Byte [2E] .text asf51kuy.SYS B82A33C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL} .text ... ? C:\DOCUME~1\JAEYOU~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A81F2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spyh.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spyh.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spyh.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spyh.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spyh.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spyh.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spyh.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A81B2D8 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!swprintf] 478B0000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeSetEvent] 50016A40 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IofCallDriver] E8520000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeCancelTimer] C6000000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!sprintf] 1CBD8688 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwClose] F6317300 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604 |
#15
|
|||
|
|||
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoStartTimer] 86880547 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!_allmul] 00C73445 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!_except_handler3] 830C458B IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!strstr] 8D08758B IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!_strupr] 8D51FC4D IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!memmove] 5DE58B5E IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KeGetCurrentIrql] CB033043 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KfRaiseIrql] 0673C13B IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KfLowerIrql] C13B0003 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!HalGetInterruptVector] 8366FA72 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200 IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140 |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
pop ups! hjt log included | shengled | Malware Removal | 12 | December 19th, 2007 10:30 PM |
Pop-ups, log included | Maykay | Malware Removal | 12 | August 16th, 2007 11:58 PM |
I really need help :( HJT LOG INCLUDED | windoo | Malware Removal | 13 | June 30th, 2006 11:13 AM |
IST hjk log included | flukieireland | Malware Removal | 1 | February 15th, 2005 07:10 PM |
Another try -- HT log included | arcee | Malware Removal | 2 | December 7th, 2004 06:03 PM |
All times are GMT +1. The time now is 01:52 AM.