|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
ohjauspaneeli ei enää toimi
|
|
|
soppis
Newbie
|
26. marraskuuta 2007 @ 17:22 |
Linkki tähän viestiin
|
olen ajanut avast, avira, CCleaner, Superantispyware ohjelmat ja puhdistanu koneeni viruksista sun muista, mutta enään ei pääse ohjauspaneeliin eikä muihinkaan mistä pääsisi muuttamaan mitään asetuksia koneesta ilmoittaa vain (tämä toiminto on peruutettu koneessa olevan rajoituksen takia. Ota yhteys järjestelmävalvojaan). kun koneen käynnistää uudelleen se herjaa että joitakin sovelluksia ei voida käynnistää puuttuvien .dll tiedostojen takia, tällaisia tiedostoja ovat nkhmnspq.dll ja udcxqzwb.dll lisäksi ilmoittaa että shell.exe puuttuu. olisko mitään neuvoja mulle, rupee käpy palaa pikku hiljaa
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:21, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\RegistryClear\RegistryClear.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [slgxwnkv] rundll32.exe "C:\Program Files\slgxwnkv\udcxqzwb.dll",Init
O4 - HKLM\..\Run: [nkhmnspq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nkhmnspq.dll"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RegistryClear] C:\Program Files\RegistryClear\RegistryClear.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\
O20 - Winlogon Notify: wvuttus - wvuttus.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7251 bytes
|
|
hannu71
Member
|
26. marraskuuta 2007 @ 18:08 |
Linkki tähän viestiin
|
uudelleen nimeä C:\Program Files\Trend Micro\HijackThis\HijackThis.exe vaikka
soppis:ksi
Lataa VundoFix.exe työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
--------------------------------------------
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen
lähetä:
C:\vundofix.txt
Combofixin loki C:\Combofix.txt
uusi hjt-loki.(soppis)
|
|
soppis
Newbie
|
26. marraskuuta 2007 @ 23:20 |
Linkki tähän viestiin
|
|
ok eli nyt mä varmaan kyselen tyhmiä mutta tämä
uudelleen nimeä C:\Program Files\Trend Micro\HijackThis\HijackThis.exe vaikka
soppis:ksi
mä en nyt ihan tajuu siis pitääko mun nimetä ainoastaan toi loppu et siitä tulee soppis.exe vai hä. kaiken muun mä luulen osaavani tehä mut toi kohta aiheuttaa mun aivoissa solmun. jep että sellasta
|
|
hannu71
Member
|
26. marraskuuta 2007 @ 23:44 |
Linkki tähän viestiin
|
|
nimmeä vaan se loppu
|
|
soppis
Newbie
|
27. marraskuuta 2007 @ 16:38 |
Linkki tähän viestiin
|
vundofix ilmoitti että mitään ei löytynyt mutta tossa on nyt vundofix.txt
VundoFix V6.6.2
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 16:24:03 27.11.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
ja uus hjt-loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:02, on 27.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\RegistryClear\RegistryClear.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\soppis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [slgxwnkv] rundll32.exe "C:\Program Files\slgxwnkv\udcxqzwb.dll",Init
O4 - HKLM\..\Run: [nkhmnspq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nkhmnspq.dll"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RegistryClear] C:\Program Files\RegistryClear\RegistryClear.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\
O20 - Winlogon Notify: wvuttus - wvuttus.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7283 bytes
|
|
soppis
Newbie
|
27. marraskuuta 2007 @ 16:48 |
Linkki tähän viestiin
|
ja tässä myös combofixin loki
ComboFix 07-11-19.4 - HP_Omistaja 2007-11-27 16:40:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.475 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\SecCenter
C:\WINDOWS\Casino.ico
C:\WINDOWS\Spyware Remover.ico
D:\Autorun.inf
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-10-27 to 2007-11-27 )))))))))))))))))
.
2007-11-27 16:24 <KANSIO> d-------- C:\VundoFix Backups
2007-11-26 17:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-25 17:51 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-11-25 17:51 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-11-25 17:51 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-11-25 17:51 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-11-25 17:51 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-11-25 17:50 54,272 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-11-25 17:49 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2007-11-25 17:48 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-11-25 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-11-25 17:45 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-11-25 17:45 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-11-25 17:45 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-11-25 17:45 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-11-25 17:45 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-11-25 17:44 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-11-25 17:43 28,672 --a--c--- C:\WINDOWS\system32\dllcache\sma0w.dll
2007-11-25 17:42 161,728 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2007-11-25 17:41 245,632 --a--c--- C:\WINDOWS\system32\dllcache\s3savmx.dll
2007-11-25 17:40 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
2007-11-25 17:39 45,312 --a--c--- C:\WINDOWS\system32\dllcache\ql12160.sys
2007-11-25 17:38 79,360 --a--c--- C:\WINDOWS\system32\dllcache\phon.ime
2007-11-25 17:37 44,544 --a--c--- C:\WINDOWS\system32\dllcache\ovui2.dll
2007-11-25 17:35 13,664 --a--c--- C:\WINDOWS\system32\dllcache\n9i128.sys
2007-11-25 17:33 164,586 --a--c--- C:\WINDOWS\system32\dllcache\mdgndis5.sys
2007-11-25 17:33 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2007-11-25 17:33 8,320 --a--c--- C:\WINDOWS\system32\dllcache\memcard.sys
2007-11-25 17:33 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2007-11-25 17:31 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2007-11-25 17:31 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2007-11-25 17:31 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll
2007-11-25 17:31 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys
2007-11-25 17:31 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2007-11-25 17:31 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2007-11-25 17:31 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-11-25 17:31 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-11-25 17:30 28,700 --a--c--- C:\WINDOWS\system32\dllcache\ibmexmp.sys
2007-11-25 17:29 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
2007-11-25 17:28 320,384 --a--c--- C:\WINDOWS\system32\dllcache\g200m.sys
2007-11-25 17:27 137,088 --a--c--- C:\WINDOWS\system32\dllcache\essm2e.sys
2007-11-25 17:26 19,594 --a--c--- C:\WINDOWS\system32\dllcache\e100isa4.sys
2007-11-25 17:25 24,649 --a--c--- C:\WINDOWS\system32\dllcache\dfe650d.sys
2007-11-25 17:24 6,656 --a--c--- C:\WINDOWS\system32\dllcache\cmdide.sys
2007-11-25 17:23 3,168 --a--c--- C:\WINDOWS\system32\dllcache\brparimg.sys
2007-11-25 17:22 16,969 --a--c--- C:\WINDOWS\system32\dllcache\amb8002.sys
2007-11-25 13:56 <KANSIO> d-------- C:\Program Files\RegistryClear
2007-11-25 13:56 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\RegistryClear
2007-11-25 13:39 <KANSIO> d-------- C:\Program Files\Uniblue
2007-11-24 21:49 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-24 21:48 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-11-24 21:48 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-24 21:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-24 19:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-24 19:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-24 19:39 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-11-24 19:39 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-24 19:32 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-24 19:32 395,080 --a------ C:\WINDOWS\system32\~GLH0010.TMP
2007-11-24 19:32 70 --a------ C:\WINDOWS\system32\~GLH000d.TMP
2007-11-24 19:31 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2007-11-24 19:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-11-24 19:07 <KANSIO> d-------- C:\WINDOWS\system32\tnrtmwuk
2007-11-24 19:06 <KANSIO> d-------- C:\Program Files\slgxwnkv
2007-11-24 19:06 <KANSIO> d-------- C:\Program Files\Bryeeukc
2007-11-23 03:56 7,406 --a------ C:\WINDOWS\system32\doc.ico
2007-11-23 03:47 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-11-23 03:47 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko
2007-11-23 00:27 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2007-11-23 00:27 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2007-11-23 00:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-23 00:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-23 00:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\SHOUTcast Source
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\RealMedia
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\Haali
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\ffdshow
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\DScaler5
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\DS-MP3 Source
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\CD Audio Reader Filter
2007-11-22 21:22 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-22 21:22 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-22 21:21 <KANSIO> d-------- C:\Program Files\Zoom Player
2007-11-22 21:21 <KANSIO> d-------- C:\Program Files\DirectVobSub
2007-11-22 21:21 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Zoom Player
2007-11-22 21:05 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-22 21:03 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-22 20:28 2,138,624 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-22 20:28 2,059,904 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-11-22 20:28 2,018,304 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-11-22 20:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-22 20:10 <KANSIO> d-------- C:\Program Files\ASUSTeK
2007-11-22 20:10 241,152 --a------ C:\WINDOWS\ATKKBService.exe
2007-11-22 20:08 <KANSIO> d-------- C:\WINDOWS\nview
2007-11-22 20:08 <KANSIO> d-------- C:\WINDOWS\NV37843456.TMP
2007-11-22 20:08 138,578 --a------ C:\WINDOWS\system32\nvapps.xml
2007-11-22 20:08 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-11-22 20:07 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-11-22 20:06 11,264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-23 01:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 19:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:34]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:29]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 13:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" []
"SiSPower"="Rundll32.exe" [2004-09-14 19:00 C:\WINDOWS\system32\rundll32.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-14 19:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-14 19:00 C:\WINDOWS\system32\rundll32.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 20:47 C:\WINDOWS\ALCXMNTR.EXE]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 13:06]
"RegistryClear"="C:\Program Files\RegistryClear\RegistryClear.exe" [2007-11-02 20:22]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttus]
wvuttus.dll
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9ec8692-991b-11dc-9f6f-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-26 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 10:00:00 C:\WINDOWS\Tasks\At13.job"
"2007-11-27 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 13:00:00 C:\WINDOWS\Tasks\At16.job"
"2007-11-27 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-26 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-26 16:00:00 C:\WINDOWS\Tasks\At19.job"
"2007-11-26 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-26 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-26 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-26 19:00:00 C:\WINDOWS\Tasks\At22.job"
"2007-11-26 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-26 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 01:30:02 C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job"
- C:\Program Files\RegistryClear\RegistryClear.ex
- C:\Program Files\RegistryClear
"2007-11-22 14:01:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-24 13:01:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 16:42:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-27 16:43:24
.
--- E O F ---
|
|
hannu71
Member
|
27. marraskuuta 2007 @ 21:29 |
Linkki tähän viestiin
|
Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta
Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
[*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:
[*]Laita täppi kohtaan "Do not Automatically generate report"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, Ohje!
HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware
[*]Klikkaa " Scanner" kuvaketta ikkunan ylälaidassa ja valitse " Scan" välilehti. Sitten klikkaa " Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin " Apply all actions"
[*]Sitten klikkaa " Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa " Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestikejuusi.
Poista Ohjauspaneelin Lisää/Poista valikon kautta seuraavat
slgxwnkv jos löytyy
Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
O4 - HKLM\..\Run: [slgxwnkv] rundll32.exe "C:\Program Files\slgxwnkv\udcxqzwb.dll",Init
O4 - HKLM\..\Run: [nkhmnspq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nkhmnspq.dll"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\
O20 - Winlogon Notify: wvuttus - wvuttus.dll (file missing)
laita tarvittaessa piilotiedostot näkyviin. ohje
mene vikasietotilaan. ohje
poista seuraavat: jos löytyy
C:\Documents and Settings\All Users\Application Data\ nkhmnspq.dll
C:\Program Files\ slgxwnkv
mgrs.exe löytyy c:WINDOWS\SYSTEM32 tai C:\WINDOWS tai c:\
käynnistä kone normaali tilaan
Varmistu ensin, että piilotiedostot on näkyvillä.
Piilotiedostot näkyviin
Mene --> tänne
Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.
C:\WINDOWS\system32\5OuHQ6WO.exe
Lähetä skannin tulokset seuraavassa viestissäsi.
Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html
laita piilotiedostot takasin piiloon.
lähetä_:
uusi hjt-loki
avg:n antispywaren loki
uusi combofixin loki
+tuo jotin tai virustoalintulos tosta 5OuHQ6WO.exe:stä
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. marraskuuta 2007 @ 21:44
|
|
soppis
Newbie
|
28. marraskuuta 2007 @ 20:53 |
Linkki tähän viestiin
|
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 20:47:27 28.11.2007
+ Scan result:
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP13\A0003801.exe -> Downloader.Agent.eus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP13\A0003802.exe -> Downloader.Agent.eus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP13\A0003803.exe -> Downloader.Agent.eus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP13\A0003804.exe -> Downloader.Agent.eus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP13\A0003900.exe -> Downloader.Agent.eus : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@linkbuddies[1].txt -> TrackingCookie.Linkbuddies : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
|
|
soppis
Newbie
|
28. marraskuuta 2007 @ 21:39 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:19, on 28.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\RegistryClear\RegistryClear.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\soppis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RegistryClear] C:\Program Files\RegistryClear\RegistryClear.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7114 bytes
ComboFix 07-11-19.4 - HP_Omistaja 2007-11-28 21:31:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.570 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-10-28 to 2007-11-28 )))))))))))))))))
.
2007-11-27 22:03 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Grisoft
2007-11-27 22:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 22:03 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 16:24 <KANSIO> d-------- C:\VundoFix Backups
2007-11-26 17:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-25 17:51 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-11-25 17:51 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-11-25 17:51 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-11-25 17:51 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-11-25 17:51 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-11-25 17:50 54,272 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-11-25 17:49 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2007-11-25 17:48 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-11-25 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-11-25 17:45 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-11-25 17:45 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-11-25 17:45 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-11-25 17:45 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-11-25 17:45 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-11-25 17:44 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-11-25 17:43 28,672 --a--c--- C:\WINDOWS\system32\dllcache\sma0w.dll
2007-11-25 17:42 161,728 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2007-11-25 17:41 245,632 --a--c--- C:\WINDOWS\system32\dllcache\s3savmx.dll
2007-11-25 17:40 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
2007-11-25 17:39 45,312 --a--c--- C:\WINDOWS\system32\dllcache\ql12160.sys
2007-11-25 17:38 79,360 --a--c--- C:\WINDOWS\system32\dllcache\phon.ime
2007-11-25 17:37 44,544 --a--c--- C:\WINDOWS\system32\dllcache\ovui2.dll
2007-11-25 17:35 13,664 --a--c--- C:\WINDOWS\system32\dllcache\n9i128.sys
2007-11-25 17:33 164,586 --a--c--- C:\WINDOWS\system32\dllcache\mdgndis5.sys
2007-11-25 17:33 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2007-11-25 17:33 8,320 --a--c--- C:\WINDOWS\system32\dllcache\memcard.sys
2007-11-25 17:33 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2007-11-25 17:31 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2007-11-25 17:31 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2007-11-25 17:31 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll
2007-11-25 17:31 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys
2007-11-25 17:31 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2007-11-25 17:31 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2007-11-25 17:31 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-11-25 17:31 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-11-25 17:30 28,700 --a--c--- C:\WINDOWS\system32\dllcache\ibmexmp.sys
2007-11-25 17:29 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
2007-11-25 17:28 320,384 --a--c--- C:\WINDOWS\system32\dllcache\g200m.sys
2007-11-25 17:27 137,088 --a--c--- C:\WINDOWS\system32\dllcache\essm2e.sys
2007-11-25 17:26 19,594 --a--c--- C:\WINDOWS\system32\dllcache\e100isa4.sys
2007-11-25 17:25 24,649 --a--c--- C:\WINDOWS\system32\dllcache\dfe650d.sys
2007-11-25 17:24 6,656 --a--c--- C:\WINDOWS\system32\dllcache\cmdide.sys
2007-11-25 17:23 3,168 --a--c--- C:\WINDOWS\system32\dllcache\brparimg.sys
2007-11-25 17:22 16,969 --a--c--- C:\WINDOWS\system32\dllcache\amb8002.sys
2007-11-25 13:56 <KANSIO> d-------- C:\Program Files\RegistryClear
2007-11-25 13:56 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\RegistryClear
2007-11-24 21:49 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-24 21:49 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-24 21:49 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-24 21:49 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-24 21:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-24 21:49 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-24 21:48 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-11-24 21:48 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-24 21:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-24 19:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-24 19:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-24 19:39 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-11-24 19:39 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-24 19:32 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-24 19:32 395,080 --a------ C:\WINDOWS\system32\~GLH0010.TMP
2007-11-24 19:32 70 --a------ C:\WINDOWS\system32\~GLH000d.TMP
2007-11-24 19:31 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2007-11-24 19:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-11-24 19:07 <KANSIO> d-------- C:\WINDOWS\system32\tnrtmwuk
2007-11-24 19:06 <KANSIO> d-------- C:\Program Files\Bryeeukc
2007-11-23 03:56 7,406 --a------ C:\WINDOWS\system32\doc.ico
2007-11-23 03:47 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-11-23 03:47 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko
2007-11-23 00:27 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2007-11-23 00:27 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2007-11-23 00:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-23 00:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-23 00:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\SHOUTcast Source
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\RealMedia
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\Haali
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\ffdshow
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\DScaler5
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\DS-MP3 Source
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\CD Audio Reader Filter
2007-11-22 21:22 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-22 21:22 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-11-22 21:21 <KANSIO> d-------- C:\Program Files\Zoom Player
2007-11-22 21:21 <KANSIO> d-------- C:\Program Files\DirectVobSub
2007-11-22 21:21 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Zoom Player
2007-11-22 21:05 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-22 21:03 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-22 20:28 2,138,624 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-22 20:28 2,059,904 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-11-22 20:28 2,018,304 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-11-22 20:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-22 20:10 <KANSIO> d-------- C:\Program Files\ASUSTeK
2007-11-22 20:10 992,896 --a------ C:\WINDOWS\system32\drivers\Bravo_n.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((( snapshot@2007-11-27_16.42.56,70 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 14:42:31 11,712,544 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2007-11-28 19:32:35 12,019,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2007-11-28 19:21:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_610.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-23 01:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 19:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:34]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:29]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 13:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" []
"SiSPower"="Rundll32.exe" [2004-09-14 19:00 C:\WINDOWS\system32\rundll32.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-14 19:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-14 19:00 C:\WINDOWS\system32\rundll32.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 20:47 C:\WINDOWS\ALCXMNTR.EXE]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 13:06]
"RegistryClear"="C:\Program Files\RegistryClear\RegistryClear.exe" [2007-11-02 20:22]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-27 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 10:00:00 C:\WINDOWS\Tasks\At13.job"
"2007-11-28 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 13:00:00 C:\WINDOWS\Tasks\At16.job"
"2007-11-28 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 16:00:00 C:\WINDOWS\Tasks\At19.job"
"2007-11-27 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 19:00:00 C:\WINDOWS\Tasks\At22.job"
"2007-11-27 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-27 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\5OuHQ6WO.exe
"2007-11-28 19:22:19 C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job"
- C:\Program Files\RegistryClear\RegistryClear.ex
- C:\Program Files\RegistryClear
"2007-11-22 14:01:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-24 13:01:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 21:32:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-28 21:33:27
C:\ComboFix2.txt ... 2007-11-27 16:43
.
--- E O F ---
tota C:\WINDOWS\system32\5OuHQ6WO.exe ei löytynyt mut tossa olis noi ja toi mun ohjauspaneeli toimii jälleen. en tiiä missä vaiheessa on ruvennu toimii mut ku kerta toimii ni hyvä. pitääkö mun tehä vielä jotai tälle mun koneelle vai onko se ny puhdas
|
|
hannu71
Member
|
29. marraskuuta 2007 @ 18:06 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\WINDOWS\system32\5OuHQ6WO.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
folder::
C:\WINDOWS\system32\tnrtmwuk
C:\Program Files\Bryeeukc
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne
------------------------------
Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
---------------------------------------------
Lataa Atribunen ATF Cleaner
Ohjeet;
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasiKlikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
---------------------
Toimii IE:llä
Skannaa koneesi Kaspersky Online Skannerilla
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
lähetä:
uusi hjt-loki
uusi combofix.txt-tiedoston
kasperskyn online skannerin raportti
|
|
soppis
Newbie
|
2. joulukuuta 2007 @ 15:47 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:07, on 2.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\soppis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7380 bytes
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 01, 2007 5:29:51 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469790
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 79181
Number of viruses found 5
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 01:08:26
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\~DF3B20.tmp Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\~DF4454.tmp Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\~DF99E9.tmp Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Local Settings\Temp\~DF9A14.tmp Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Omistaja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Omistaja\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Omistaja\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP13\A0003755.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP13\A0003756.exe Infected: Trojan.Win32.Inject.ks skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP13\A0003759.exe Infected: Trojan.Win32.Obfuscated.lf skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP13\A0003922.dll Infected: Trojan-Downloader.Win32.Zlob.enu skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP18\A0010068.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.e skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP20\A0010838.exe/data.rar/keygen.exe Infected: Trojan.Win32.Obfuscated.lf skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP20\A0010838.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP20\A0010838.exe/data.rar/crack.exe Infected: Trojan.Win32.Inject.ks skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP20\A0010838.exe/data.rar Infected: Trojan.Win32.Inject.ks skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP20\A0010838.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP30\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\YOUR-E521FA83DE.ldb Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_610.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT00a35.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT00a38.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP30\change.log Object is locked skipped
Scan process completed.
ComboFix 07-11-19.4 - HP_Omistaja 2007-12-02 15:36:17.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.433 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Omistaja\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\5OuHQ6WO.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-02 to 2007-12-02 )))))))))))))))))
.
2007-12-01 18:24 <KANSIO> d-------- C:\Program Files\RioSoft
2007-12-01 18:24 1,622,016 --a------ C:\WINDOWS\system32\gs1.ax
2007-12-01 18:24 536,576 --a------ C:\WINDOWS\system32\gs2.ax
2007-12-01 18:24 172,032 --a------ C:\WINDOWS\system32\dx.ax
2007-12-01 18:24 28,672 --a------ C:\WINDOWS\system32\richdvd.dll
2007-12-01 15:48 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-01 15:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-01 14:03 <KANSIO> d-------- C:\Program Files\CDBurnerXP
2007-12-01 13:59 <KANSIO> d-------- C:\Program Files\MSBuild
2007-12-01 13:58 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-01 13:58 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2007-12-01 13:58 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-01 13:47 <KANSIO> d-------- C:\WINDOWS\LastGood
2007-12-01 13:46 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2007-11-30 18:51 <KANSIO> d-------- C:\Program Files\BurnAware Free Edition
2007-11-30 18:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\{7C0E72D0-DDBB-4DC8-8E9F-35774B711BBC}
2007-11-27 22:03 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Grisoft
2007-11-27 22:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 22:03 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 16:24 <KANSIO> d-------- C:\VundoFix Backups
2007-11-26 17:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-25 17:51 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-11-25 17:51 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-11-25 17:51 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-11-25 17:51 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-11-25 17:51 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-11-25 17:50 54,272 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-11-25 17:49 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2007-11-25 17:48 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-11-25 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-11-25 17:45 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-11-25 17:45 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-11-25 17:45 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-11-25 17:45 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-11-25 17:45 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-11-25 17:44 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-11-25 17:43 28,672 --a--c--- C:\WINDOWS\system32\dllcache\sma0w.dll
2007-11-25 17:42 161,728 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2007-11-25 17:41 245,632 --a--c--- C:\WINDOWS\system32\dllcache\s3savmx.dll
2007-11-25 17:40 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
2007-11-25 17:39 45,312 --a--c--- C:\WINDOWS\system32\dllcache\ql12160.sys
2007-11-25 17:38 79,360 --a--c--- C:\WINDOWS\system32\dllcache\phon.ime
2007-11-25 17:37 44,544 --a--c--- C:\WINDOWS\system32\dllcache\ovui2.dll
2007-11-25 17:35 13,664 --a--c--- C:\WINDOWS\system32\dllcache\n9i128.sys
2007-11-25 17:33 164,586 --a--c--- C:\WINDOWS\system32\dllcache\mdgndis5.sys
2007-11-25 17:33 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2007-11-25 17:33 8,320 --a--c--- C:\WINDOWS\system32\dllcache\memcard.sys
2007-11-25 17:33 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2007-11-25 17:31 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2007-11-25 17:31 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2007-11-25 17:31 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll
2007-11-25 17:31 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys
2007-11-25 17:31 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2007-11-25 17:31 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2007-11-25 17:31 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-11-25 17:31 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-11-25 17:30 28,700 --a--c--- C:\WINDOWS\system32\dllcache\ibmexmp.sys
2007-11-25 17:29 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
2007-11-25 17:28 320,384 --a--c--- C:\WINDOWS\system32\dllcache\g200m.sys
2007-11-25 17:27 137,088 --a--c--- C:\WINDOWS\system32\dllcache\essm2e.sys
2007-11-25 17:26 19,594 --a--c--- C:\WINDOWS\system32\dllcache\e100isa4.sys
2007-11-25 17:25 24,649 --a--c--- C:\WINDOWS\system32\dllcache\dfe650d.sys
2007-11-25 17:24 6,656 --a--c--- C:\WINDOWS\system32\dllcache\cmdide.sys
2007-11-25 17:23 3,168 --a--c--- C:\WINDOWS\system32\dllcache\brparimg.sys
2007-11-25 17:22 16,969 --a--c--- C:\WINDOWS\system32\dllcache\amb8002.sys
2007-11-25 13:56 <KANSIO> d-------- C:\Program Files\RegistryClear
2007-11-25 13:56 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\RegistryClear
2007-11-24 21:49 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-24 21:49 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-24 21:49 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-24 21:49 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-24 21:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-24 21:49 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-24 21:48 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-11-24 21:48 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-24 21:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-24 19:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-24 19:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-24 19:39 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-11-24 19:39 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-24 19:32 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-24 19:32 395,080 --a------ C:\WINDOWS\system32\~GLH0010.TMP
2007-11-24 19:32 70 --a------ C:\WINDOWS\system32\~GLH000d.TMP
2007-11-24 19:31 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2007-11-24 19:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-11-23 03:56 7,406 --a------ C:\WINDOWS\system32\doc.ico
2007-11-23 03:47 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-11-23 03:47 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\Käynnistä-valikko
2007-11-23 00:27 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2007-11-23 00:27 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2007-11-23 00:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-23 00:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-23 00:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\SHOUTcast Source
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\RealMedia
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\Haali
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\ffdshow
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\DScaler5
2007-11-22 21:22 <KANSIO> d-------- C:\Program Files\DS-MP3 Source
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((( snapshot_2007-12-01_14.42.54,01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:04:52 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 14:04:49 54,272 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 14:04:51 216,064 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:10:23 36,352 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 14:04:53 50,176 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:18:02 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:18:03 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:18:02 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:18:05 717,536 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:18:08 380,640 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\updspapi.dll
- 2007-12-01 01:01:50 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-12-02 01:01:08 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-12-01 01:01:52 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-12-02 01:01:09 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-12-01 12:52:46 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2007-12-01 12:52:48 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d097b5a3c886d0c3b053f46b7a310501\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2007-12-01 12:52:53 1,892,352 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\1cfe3ed0c5b5f63d49185967fa4bfe17\Microsoft.Build.Engine.ni.dll
+ 2007-12-01 12:52:50 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2007-12-01 12:52:55 94,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b853ec09162fa93757d7bbb0d5435f4e\Microsoft.Build.Framework.ni.dll
+ 2007-12-01 12:52:54 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2007-12-01 12:53:03 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\19fcf0383bc2340da2d15e1370ef0990\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2007-12-01 12:52:59 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2007-12-01 12:53:04 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2007-12-01 12:53:05 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\da5206e4c016dbdb944957d0046d7869\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2007-12-01 13:06:24 2,441,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3b62fe820b416515420a6ec17b247c3\Microsoft.JScript.ni.dll
+ 2007-12-01 12:53:10 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2007-12-01 13:06:25 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e674ba75a514e00b26329e212da938e0\Microsoft.Vsa.ni.dll
+ 2007-12-01 12:52:45 155,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe
+ 2007-12-01 12:53:13 1,581,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab2b2664932688ae7c8e0bd9d10448ef\PresentationBuildTasks.ni.dll
+ 2007-12-01 12:53:14 40,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3df824565150953afd560ca20237b881\PresentationCFFRasterizer.ni.dll
+ 2007-12-01 12:53:21 2,035,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\6d2716a55eb8ce6fc4cbf83f3ab329e3\PresentationUI.ni.dll
+ 2007-12-01 13:05:48 2,416,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\840c64bba900a6ed333ca39e63a9ca3b\ReachFramework.ni.dll
+ 2007-12-01 13:05:52 102,400 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\eeb4d1669350e6eb17e48b867655aeba\System.AddIn.Contract.ni.dll
+ 2007-12-01 13:05:51 696,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn\514e98c9aa203a2983cbf329753cb9c3\System.AddIn.ni.dll
+ 2007-12-01 13:06:11 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2007-12-01 13:05:54 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2007-12-01 13:05:56 184,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c014bb2f4ee4bf27c65ce1d1d78d750c\System.Data.DataSetExtensions.ni.dll
+ 2007-12-01 13:06:16 2,756,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2007-12-01 13:05:58 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2007-12-01 13:06:03 937,984 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11892d4e65aaa4f475af5608b9497007\System.DirectoryServices.AccountManagement.ni.dll
+ 2007-12-01 13:06:01 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2007-12-01 13:06:05 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2007-12-01 13:06:07 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2007-12-01 13:06:07 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2007-12-01 13:06:10 356,352 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#\0c0688825a79e72951210318eef63c82\System.Management.Instrumentation.ni.dll
+ 2007-12-01 13:06:21 1,064,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll
+ 2007-12-01 13:06:26 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Net\3cefb375df4f668badf6dc74f3288960\System.Net.ni.dll
+ 2007-12-01 13:06:29 1,134,592 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910\System.Printing.ni.dll
+ 2007-12-01 13:06:19 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2007-12-01 13:06:18 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2007-12-01 13:07:08 1,556,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b500bb89ae2cc514f4b1c34e5fa26d75\System.ServiceModel.Web.ni.dll
+ 2007-12-01 13:07:09 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2007-12-01 13:07:12 2,039,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\d4147c99010667b5c547fcfc56ed7bd5\System.Speech.ni.dll
+ 2007-12-01 13:07:14 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2007-12-01 13:08:08 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1e0ce08988c4cd1659caa7981b4c60fc\System.Web.Extensions.Design.ni.dll
+ 2007-12-01 13:08:05 2,416,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e53994294a9806e82eec3da5a92df440\System.Web.Extensions.ni.dll
+ 2007-12-01 13:08:12 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2007-12-01 13:08:13 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2007-12-01 13:14:39 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2007-12-01 13:07:29 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2007-12-01 13:14:41 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\fbcb343f14b7a8940d8cd2cb41d6d23a\System.Windows.Presentation.ni.dll
+ 2007-12-01 13:14:49 3,084,288 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9798b3ba448ba7d5f1dd70a8a1fb7562\System.Workflow.Activities.ni.dll
+ 2007-12-01 13:14:56 4,579,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\575dad1c0dc9d035acbab10846802ce0\System.Workflow.ComponentModel.ni.dll
+ 2007-12-01 13:15:01 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9d89b57d703aefe4938b45f8b398d378\System.Workflow.Runtime.ni.dll
+ 2007-12-01 13:15:05 1,531,904 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\4b5a5ae7e0127bc7198e25e642a93657\System.WorkflowServices.ni.dll
+ 2007-12-01 13:15:07 458,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\0e1c79174260c4e2bf159a2cc1d77338\System.Xml.Linq.ni.dll
+ 2007-12-01 13:15:09 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2e5aa36c753a605bdefb97ab83e8806\UIAutomationClient.ni.dll
+ 2007-12-01 13:23:33 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ae395b4b568f0d71fec35e3902a46a99\UIAutomationClientsideProviders.ni.dll
+ 2007-12-01 13:23:34 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9e249f5c0ef3e391c5aec1f9da805519\UIAutomationProvider.ni.dll
+ 2007-12-01 13:23:35 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\46e3ec015dd7b25d5ddc185534458122\UIAutomationTypes.ni.dll
+ 2007-12-01 13:23:36 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b7c202147607f93463ead99e743c78b9\WindowsFormsIntegration.ni.dll
+ 2007-12-01 12:44:15 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
+ 2007-12-02 01:01:19 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_293a9087\CustomMarshalers.dll
+ 2007-12-02 01:02:10 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_461b0852\CustomMarshalers.dll
+ 2007-12-02 01:01:46 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_26937b1c\mscorlib.dll
+ 2007-12-02 01:02:25 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_da2daa4d\mscorlib.dll
+ 2007-12-02 01:02:19 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_1ef2882f\System.Design.dll
+ 2007-12-02 01:01:40 1,466,368 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f0544cca\System.Design.dll
+ 2007-12-02 01:02:11 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_073c31ca\System.Drawing.Design.dll
+ 2007-12-02 01:01:21 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e2f09f92\System.Drawing.Design.dll
+ 2007-12-02 01:02:21 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_3e8a5f2c\System.Drawing.dll
+ 2007-12-02 01:01:42 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_781997fe\System.Drawing.dll
+ 2007-12-02 01:02:15 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_32f8ea84\System.Windows.Forms.dll
+ 2007-12-02 01:01:27 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_62f5e174\System.Windows.Forms.dll
+ 2007-12-02 01:02:17 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_771af9a9\System.Xml.dll
+ 2007-12-02 01:01:33 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_8acb8b30\System.Xml.dll
+ 2007-12-02 01:02:09 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_441187e7\System.dll
+ 2007-12-02 01:01:18 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c32188f5\System.dll
+ 2007-12-02 01:02:38 18,432 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_169f294a\vjscor.dll
+ 2007-12-02 01:02:07 20,480 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_b57dba34\vjscor.dll
+ 2007-12-02 01:02:26 155,648 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_48adbed4\VJSharpCodeProvider.dll
+ 2007-12-02 01:01:50 69,632 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_7063f8ec\VJSharpCodeProvider.dll
+ 2007-12-02 01:02:05 4,464,640 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_2d0be84e\vjslib.dll
+ 2007-12-02 01:02:36 12,169,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_e7affcda\vjslib.dll
+ 2007-12-02 01:01:56 32,768 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_8e222fb2\vjslibcw.dll
+ 2007-12-02 01:02:27 16,896 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_0574e474\VJSWfcBrowserStubLib.dll
+ 2007-12-02 01:01:55 10,240 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_a567c783\VJSWfcBrowserStubLib.dll
- 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 19:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 19:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 18:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 01:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 18:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 18:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 18:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 18:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 01:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 18:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 18:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 18:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 14:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_aspnet_isapi.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_CORPerfMonExt.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_fusion.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_mscorjit.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_mscorlib.dll
+ 2003-02-21 01:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_mscorsn.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_mscorsvr.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_mscorwks.dll
+ 2003-02-21 10:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_msvcr71.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2280\_PerfCounter.dll
- 2004-07-15 12:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 19:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 12:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 19:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2004-09-14 17:00:00 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2006-10-04 13:33:17 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-09-14 17:00:00 54,272 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 13:33:16 54,272 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
- 2004-09-14 17:00:00 216,064 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-04 13:33:17 216,064 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
- 2004-09-14 17:00:00 36,352 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
+ 2006-10-04 13:38:23 36,352 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2004-09-14 17:00:00 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2006-10-04 13:33:16 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
- 2007-12-01 12:41:10 12,675,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2007-12-02 13:38:28 13,979,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2004-09-14 17:00:00 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 13:33:17 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
- 2004-09-14 17:00:00 54,272 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 13:33:16 54,272 ----a-w C:\WINDOWS\system32\narrator.exe
- 2004-09-14 17:00:00 216,064 ----a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 13:33:17 216,064 ----a-w C:\WINDOWS\system32\osk.exe
- 2004-09-14 17:00:00 36,352 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:38:23 36,352 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2004-09-14 17:00:00 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 13:33:16 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-23 01:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 19:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-02-15 22:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:34]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:29]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 13:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" []
"SiSPower"="Rundll32.exe" [2004-09-14 19:00 C:\WINDOWS\system32\rundll32.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-14 19:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-14 19:00 C:\WINDOWS\system32\rundll32.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 13:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-01 08:18]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
*Newly Created Service* - CLR_OPTIMIZATION_V2.0.50727_32
*Newly Created Service* - FONTCACHE3.0.0.0
*Newly Created Service* - NMSACCESSU
*Newly Created Service* - UDFS
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-12-02 01:30:00 C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job"
- C:\Program Files\RegistryClear\RegistryClear.ex
- C:\Program Files\RegistryClear
"2007-11-22 14:01:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-24 13:01:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 15:38:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-02 15:39:50
C:\ComboFix2.txt ... 2007-12-01 14:43
C:\ComboFix3.txt ... 2007-11-28 21:33
.
--- E O F ---
|
|
Mainos
|
|
|
|
soppis
Newbie
|
4. joulukuuta 2007 @ 14:59 |
Linkki tähän viestiin
|
|
ehtiskö joku kattoo noi ku nyt jos laittaa tyhjän cd/dvd levyn koneeseen niin se jämppää ihan totaalisesti
|
|
