Kaikinpuolin sekaisin

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

tiistai 11.11.2025 / 22:11

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kaikinpuolin sekaisin

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Kaikinpuolin sekaisin

Siirry:

Kirjoittaja

Viesti

Quutamo

Junior Member

8. joulukuuta 2007 @ 23:01

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:52, on 8.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\avp.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Työpöytä\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [pwzmhoti] rundll32.exe "C:\Program Files\pwzmhoti\rcriraps.dll",Init
O4 - HKLM\..\Run: [wpkdgnon] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wpkdgnon.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O21 - SSODL: E404Helper - {30f0113e-d40f-4b4f-81da-e5632d355a93} - e404d.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 8199 bytes

[ + lainaa]

kalminen

AfterDawn Addict

9. joulukuuta 2007 @ 13:08

Linkki tähän viestiin

******************'****
Siirrä HijackThis.exe (v. 2.0.2) hakemistoon C:\HJT\
Hiiren oikealla napilla pääset nimeämään HijackThis.exe uudelleen vaikka hoojiitee.exe
****************
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
--------------
Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:

* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt)
*

[ + lainaa]

(:)

Quutamo

Junior Member

9. joulukuuta 2007 @ 21:56

Linkki tähän viestiin

Kiitos ihan pirusti. Nyt ei oo enää ainakaan näkyvää ongelmaa:).

ComboFix 07-12-09.1 - Omistaja 2007-12-09 21:33:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.623 [GMT 2:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\wpkdgnon.dll
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
C:\Documents and Settings\Omistaja\err.log
C:\Documents and Settings\Omistaja\ResErrors.log
C:\Program Files\Nfpfjfsf
C:\Program Files\Nfpfjfsf\tiwnbgqj.dll
C:\Program Files\pwzmhoti
C:\Program Files\pwzmhoti\rcriraps.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\UWA7P
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\ljjjgfg.dll
C:\WINDOWS\system32\nuinopsd
C:\WINDOWS\system32\nuinopsd\bg1.gif
C:\WINDOWS\system32\nuinopsd\bgtop.gif
C:\WINDOWS\system32\nuinopsd\bottom1.gif
C:\WINDOWS\system32\nuinopsd\essentials.gif
C:\WINDOWS\system32\nuinopsd\icon1.ico
C:\WINDOWS\system32\nuinopsd\install1.gif
C:\WINDOWS\system32\nuinopsd\left1.gif
C:\WINDOWS\system32\nuinopsd\li.gif
C:\WINDOWS\system32\nuinopsd\logo.gif
C:\WINDOWS\system32\nuinopsd\main.htm
C:\WINDOWS\system32\nuinopsd\mainframe.htm
C:\WINDOWS\system32\nuinopsd\nuinopsd1.exe
C:\WINDOWS\system32\nuinopsd\nuinopsd2.exe
C:\WINDOWS\system32\nuinopsd\nuinopsd3.exe
C:\WINDOWS\system32\nuinopsd\reinstall1.gif
C:\WINDOWS\system32\nuinopsd\right1.gif
C:\WINDOWS\system32\nuinopsd\s1.htm
C:\WINDOWS\system32\nuinopsd\s2.htm
C:\WINDOWS\system32\nuinopsd\s3.htm
C:\WINDOWS\system32\nuinopsd\SMTop1.gif
C:\WINDOWS\system32\nuinopsd\SMTop2.gif
C:\WINDOWS\system32\nuinopsd\SMTop3.gif
C:\WINDOWS\system32\nuinopsd\SMTop4.gif
C:\WINDOWS\system32\nuinopsd\soft1_off.gif
C:\WINDOWS\system32\nuinopsd\soft1_off_ext.gif
C:\WINDOWS\system32\nuinopsd\soft1_on.gif
C:\WINDOWS\system32\nuinopsd\soft1_on_ext.gif
C:\WINDOWS\system32\nuinopsd\soft2_off.gif
C:\WINDOWS\system32\nuinopsd\soft2_off_ext.gif
C:\WINDOWS\system32\nuinopsd\soft2_on.gif
C:\WINDOWS\system32\nuinopsd\soft2_on_ext.gif
C:\WINDOWS\system32\nuinopsd\soft3_off.gif
C:\WINDOWS\system32\nuinopsd\soft3_off_ext.gif
C:\WINDOWS\system32\nuinopsd\soft3_on.gif
C:\WINDOWS\system32\nuinopsd\soft3_on_ext.gif
C:\WINDOWS\system32\nuinopsd\softbottom_off.gif
C:\WINDOWS\system32\nuinopsd\softbottom_on.gif
C:\WINDOWS\system32\nuinopsd\softleft_off.gif
C:\WINDOWS\system32\nuinopsd\softleft_on.gif
C:\WINDOWS\system32\nuinopsd\top1.gif
C:\WINDOWS\system32\nuinopsd\top2.gif
C:\WINDOWS\system32\nuinopsd\turnoff1.gif
C:\WINDOWS\system32\nuinopsd\turnon1.gif
C:\WINDOWS\system32\rqrqqro.dll
C:\WINDOWS\system32\winuqw32.dll
C:\WINDOWS\system32\xpdx.sys
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2007-11-09 to 2007-12-09 )))))))))))))))))
.

2007-12-08 21:58 . 2007-12-08 21:58 46,592 --a------ C:\WINDOWS\system32\e404d.dll
2007-12-08 21:57 . 2007-12-08 21:57 <KANSIO> d-------- C:\Program Files\Helper
2007-12-08 21:57 . 2007-12-08 21:57 65,024 --a------ C:\oaif.exe
2007-12-08 21:57 . 2007-12-08 21:57 2 --a------ C:\-56592011
2007-12-08 21:36 . 2007-12-08 21:36 <KANSIO> d-------- C:\Program Files\D-Tools
2007-12-08 21:36 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-08 21:36 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-07 14:48 . 2007-12-07 14:48 38 --a------ C:\WINDOWS\AviSplitter.INI
2007-11-19 19:23 . 2007-11-19 19:23 244 --ah----- C:\sqmnoopt02.sqm
2007-11-19 19:23 . 2007-11-19 19:23 232 --ah----- C:\sqmdata02.sqm
2007-11-19 16:04 . 2007-11-19 16:04 244 --ah----- C:\sqmnoopt01.sqm
2007-11-19 16:04 . 2007-11-19 16:04 232 --ah----- C:\sqmdata01.sqm
2007-11-19 15:57 . 2007-11-19 15:57 244 --ah----- C:\sqmnoopt00.sqm
2007-11-19 15:57 . 2007-11-19 15:57 232 --ah----- C:\sqmdata00.sqm
2007-11-10 14:08 . 2007-12-09 21:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-10 14:08 . 2007-11-10 14:08 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 20:12 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Azureus
2007-12-07 15:54 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2007-12-07 10:51 --------- d-----w C:\Program Files\RevConnect
2007-11-18 17:47 --------- d-----w C:\Program Files\Microsoft Works
2007-11-10 12:08 --------- d-----w C:\Program Files\iTunes
2007-11-10 12:07 --------- d-----w C:\Program Files\iPod
2007-11-10 12:06 --------- d-----w C:\Program Files\QuickTime
2007-11-07 18:53 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-04 08:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-03 20:36 --------- d-----w C:\Program Files\mIRC
2007-10-23 12:40 --------- d-----w C:\Program Files\Azureus
2007-10-22 18:59 --------- d-----w C:\Program Files\DC++
2007-10-13 08:07 --------- d-----w C:\Program Files\Java
2007-10-10 18:01 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-01-31 17:22 784 ----a-w C:\Documents and Settings\Omistaja\Application Data\mpauth.dat
2007-01-03 18:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-07-20 20:57 30,056 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\3.dat
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\2.dat
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\1.dat
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 01:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 15:38]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:16]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43]
"VTTimer"="VTTimer.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-21 20:07]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-15 01:12 C:\WINDOWS\system32\rundll32.exe]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"P17Helper"="Rundll32 P17.dll" []
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]

R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys

.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2007-12-07 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-08 11:53:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-24 13:43:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Omistaja\LOCALS~1\Temp\ojdgelyhMFYOW5G.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 21:46:40
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-09 21:49:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-01 20:01
C:\ComboFix2.txt ... 2007-05-01 20:01
C:\ComboFix3.txt ... 2007-05-01 10:40
.
--- E O F ---

*_*O*_*O*_*O*_*O*_*O*_*O*_*O*_*O*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:14, on 9.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Työpöytä\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 7506 bytes

-----------------

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. joulukuuta 2007 @ 22:10

kalminen

AfterDawn Addict

10. joulukuuta 2007 @ 09:13

Linkki tähän viestiin

==> Rootkit.Rustock.gen

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\DOCUME~1\Omistaja\LOCALS~1\Temp\ojdgelyhMFYOW5G.dll

RootKit::
C:\oaif.exe

Folder::
C:\-56592011

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:

* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* combofix.txt raportti
*

[ + lainaa]

(:)

Quutamo

Junior Member

10. joulukuuta 2007 @ 15:13

Linkki tähän viestiin

ComboFix 07-12-09.1 - Omistaja 2007-12-10 15:00:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.570 [GMT 2:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\CFScript.txt
* Created a new restore point

FILE
C:\DOCUME~1\Omistaja\LOCALS~1\Temp\ojdgelyhMFYOW5G.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-56592011\
C:\DOCUME~1\Omistaja\LOCALS~1\Temp\ojdgelyhMFYOW5G.dll
C:\oaif.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2007-11-10 to 2007-12-10 )))))))))))))))))
.

2007-12-09 22:39 . 2007-12-09 22:39 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 22:39 . 2007-10-18 22:18 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-09 22:39 . 2007-12-09 22:39 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 22:38 . 2007-12-09 22:38 <KANSIO> dr-h----- C:\Documents and Settings\Omistaja\Application Data\SecuROM
2007-12-09 22:38 . 2007-12-09 22:38 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-09 22:23 . 2007-12-09 22:23 <KANSIO> d-------- C:\Program Files\Electronic Arts
2007-12-09 22:22 . 2007-12-09 22:22 14,900 --a------ C:\WINDOWS\exe1.exe
2007-12-09 22:22 . 2007-12-09 22:22 8,192 --a------ C:\WINDOWS\exe2.exe
2007-12-08 21:58 . 2007-12-08 21:58 46,592 --a------ C:\WINDOWS\system32\e404d.dll
2007-12-08 21:57 . 2007-12-08 21:57 <KANSIO> d-------- C:\Program Files\Helper
2007-12-08 21:57 . 2007-12-08 21:57 2 --a------ C:\-56592011
2007-12-08 21:36 . 2007-12-08 21:36 <KANSIO> d-------- C:\Program Files\D-Tools
2007-12-08 21:36 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-08 21:36 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-07 14:48 . 2007-12-07 14:48 38 --a------ C:\WINDOWS\AviSplitter.INI
2007-11-19 19:23 . 2007-11-19 19:23 244 --ah----- C:\sqmnoopt02.sqm
2007-11-19 19:23 . 2007-11-19 19:23 232 --ah----- C:\sqmdata02.sqm
2007-11-19 16:04 . 2007-11-19 16:04 244 --ah----- C:\sqmnoopt01.sqm
2007-11-19 16:04 . 2007-11-19 16:04 232 --ah----- C:\sqmdata01.sqm
2007-11-19 15:57 . 2007-11-19 15:57 244 --ah----- C:\sqmnoopt00.sqm
2007-11-19 15:57 . 2007-11-19 15:57 232 --ah----- C:\sqmdata00.sqm
2007-11-10 14:08 . 2007-12-10 15:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-10 14:08 . 2007-11-10 14:08 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 20:12 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Azureus
2007-12-07 15:54 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2007-12-07 10:51 --------- d-----w C:\Program Files\RevConnect
2007-11-18 17:47 --------- d-----w C:\Program Files\Microsoft Works
2007-11-10 12:08 --------- d-----w C:\Program Files\iTunes
2007-11-10 12:07 --------- d-----w C:\Program Files\iPod
2007-11-10 12:06 --------- d-----w C:\Program Files\QuickTime
2007-11-07 18:53 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-04 08:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-03 20:36 --------- d-----w C:\Program Files\mIRC
2007-10-23 12:40 --------- d-----w C:\Program Files\Azureus
2007-10-22 18:59 --------- d-----w C:\Program Files\DC++
2007-10-13 08:07 --------- d-----w C:\Program Files\Java
2007-10-10 18:01 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-01-31 17:22 784 ----a-w C:\Documents and Settings\Omistaja\Application Data\mpauth.dat
2007-01-03 18:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-07-20 20:57 30,056 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\3.dat
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\2.dat
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\1.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-09_21.48.28.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-08 01:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 01:32:45 152,064 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-09 20:35:14 3,262 ----a-r C:\WINDOWS\Installer\{CC419DDC-E0F0-4013-B25A-6FA036516F0D}\nfs_icon.exe
- 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 263,680 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
+ 2007-06-16 22:11:58 58,368 ----a-w C:\WINDOWS\nircmd.exe
- 2007-12-09 19:45:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-10 13:08:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-09 19:45:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2007-12-10 13:08:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
- 2007-12-09 19:45:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-10 13:08:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 1999-11-18 01:00:00 25,088 ------w C:\WINDOWS\system32\CTSVCCTL.EXE
+ 1999-11-18 01:00:00 32,256 ------w C:\WINDOWS\system32\CTSVCCTL.EXE
+ 2007-03-12 14:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-05-16 14:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-03-15 14:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
+ 2007-05-16 14:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
+ 2007-03-12 14:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
+ 2007-05-16 14:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
- 2004-09-14 23:12:03 815,104 ----a-w C:\WINDOWS\system32\mmc.exe
+ 2004-09-14 23:12:03 822,272 ----a-w C:\WINDOWS\system32\mmc.exe
- 2007-07-22 16:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-22 16:39:27 289,792 ----a-w C:\WINDOWS\system32\swreg.exe
- 2006-11-27 00:34:46 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
+ 2006-11-27 00:34:46 60,996 ----a-w C:\WINDOWS\system32\VFind.exe
+ 2007-03-05 10:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-06-20 18:45:20 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll
+ 2007-01-24 13:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2007-04-04 16:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-20 18:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 01:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 15:38]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:16]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43]
"VTTimer"="VTTimer.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-21 20:07]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-15 01:12 C:\WINDOWS\system32\rundll32.exe]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"P17Helper"="Rundll32 P17.dll" []
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]

R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys

.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2007-12-07 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-08 11:53:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-24 13:43:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Omistaja\LOCALS~1\Temp\ojdgelyhMFYOW5G.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 15:08:54
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-10 15:11:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-01 20:01
C:\ComboFix2.txt ... 2007-12-09 21:49
C:\ComboFix3.txt ... 2007-05-01 20:01
.
--- E O F ---

[ + lainaa]

Quutamo

Junior Member

10. joulukuuta 2007 @ 15:37

Linkki tähän viestiin

ComboFix 07-12-09.1 - Omistaja 2007-12-10 15:24:33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.673 [GMT 2:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-10 to 2007-12-10 )))))))))))))))))
.

2007-12-09 22:39 . 2007-12-09 22:39 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-09 22:39 . 2007-10-18 22:18 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-09 22:39 . 2007-12-09 22:39 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 22:38 . 2007-12-09 22:38 <KANSIO> dr-h----- C:\Documents and Settings\Omistaja\Application Data\SecuROM
2007-12-09 22:38 . 2007-12-09 22:38 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-09 22:23 . 2007-12-09 22:23 <KANSIO> d-------- C:\Program Files\Electronic Arts
2007-12-09 22:22 . 2007-12-09 22:22 14,900 --a------ C:\WINDOWS\exe1.exe
2007-12-09 22:22 . 2007-12-09 22:22 8,192 --a------ C:\WINDOWS\exe2.exe
2007-12-08 22:14 . 2007-12-08 22:14 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Application Data\Lavasoft
2007-12-08 22:13 . 2004-01-01 10:49 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\WINDOWS
2007-12-08 22:13 . 2004-01-01 10:49 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\WINDOWS
2007-12-08 22:13 . 2004-01-01 08:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Verkkoympäristö
2007-12-08 22:13 . 2004-01-01 08:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Verkkoympäristö
2007-12-08 22:13 . 2004-01-01 08:43 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Työpöytä
2007-12-08 22:13 . 2004-01-01 08:43 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Työpöytä
2007-12-08 22:13 . 2004-01-01 08:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Tulostinympäristö
2007-12-08 22:13 . 2004-01-01 08:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Tulostinympäristö
2007-12-08 22:13 . 2007-09-23 06:02 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Suosikit
2007-12-08 22:13 . 2007-09-23 06:02 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Suosikit
2007-12-08 22:13 . 2007-09-23 06:02 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Omat tiedostot
2007-12-08 22:13 . 2007-09-23 06:02 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Omat tiedostot
2007-12-08 22:13 . 2007-09-23 06:04 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Mallit
2007-12-08 22:13 . 2007-09-23 06:04 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Mallit
2007-12-08 22:13 . 2007-09-23 06:02 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Käynnistä-valikko
2007-12-08 22:13 . 2007-09-23 06:02 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Käynnistä-valikko
2007-12-08 22:13 . 2004-01-01 08:06 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Application Data\Symantec
2007-12-08 22:13 . 2004-01-01 11:30 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Application Data\SampleView
2007-12-08 22:13 . 2004-01-01 10:43 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.YOUR-3Z2MFYOW5G\Application Data\Intervideo
2007-12-08 21:58 . 2007-12-08 21:58 46,592 --a------ C:\WINDOWS\system32\e404d.dll
2007-12-08 21:57 . 2007-12-08 21:57 <KANSIO> d-------- C:\Program Files\Helper
2007-12-08 21:57 . 2007-12-08 21:57 2 --a------ C:\-56592011
2007-12-08 21:36 . 2007-12-08 21:36 <KANSIO> d-------- C:\Program Files\D-Tools
2007-12-08 21:36 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-08 21:36 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-07 14:48 . 2007-12-07 14:48 38 --a------ C:\WINDOWS\AviSplitter.INI
2007-11-19 19:23 . 2007-11-19 19:23 244 --ah----- C:\sqmnoopt02.sqm
2007-11-19 19:23 . 2007-11-19 19:23 232 --ah----- C:\sqmdata02.sqm
2007-11-19 16:04 . 2007-11-19 16:04 244 --ah----- C:\sqmnoopt01.sqm
2007-11-19 16:04 . 2007-11-19 16:04 232 --ah----- C:\sqmdata01.sqm
2007-11-19 15:57 . 2007-11-19 15:57 244 --ah----- C:\sqmnoopt00.sqm
2007-11-19 15:57 . 2007-11-19 15:57 232 --ah----- C:\sqmdata00.sqm
2007-11-10 14:08 . 2007-12-10 15:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-10 14:08 . 2007-11-10 14:08 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 20:12 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Azureus
2007-12-07 15:54 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2007-12-07 10:51 --------- d-----w C:\Program Files\RevConnect
2007-11-18 17:47 --------- d-----w C:\Program Files\Microsoft Works
2007-11-10 12:08 --------- d-----w C:\Program Files\iTunes
2007-11-10 12:07 --------- d-----w C:\Program Files\iPod
2007-11-10 12:06 --------- d-----w C:\Program Files\QuickTime
2007-11-07 18:53 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-04 08:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-03 20:36 --------- d-----w C:\Program Files\mIRC
2007-10-23 12:40 --------- d-----w C:\Program Files\Azureus
2007-10-22 18:59 --------- d-----w C:\Program Files\DC++
2007-10-13 08:07 --------- d-----w C:\Program Files\Java
2007-10-10 18:01 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-01-31 17:22 784 ----a-w C:\Documents and Settings\Omistaja\Application Data\mpauth.dat
2007-01-03 18:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-07-20 20:57 30,056 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\3.dat
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\2.dat
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\1.dat
.

((((((((((((((((((((((((((((( snapshot_2007-12-10_15.10.35.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-10 13:08:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-10 13:17:36 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-10 13:08:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2007-12-10 13:17:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
- 2007-12-10 13:08:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-10 13:17:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 01:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 15:38]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:16]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43]
"VTTimer"="VTTimer.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-21 20:07]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-15 01:12 C:\WINDOWS\system32\rundll32.exe]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"P17Helper"="Rundll32 P17.dll" []
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]

R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys

.
'Ajoitetut tehtävät'-kansion sisältö
"2007-12-07 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-08 11:53:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-24 13:43:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 15:30:06
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 15:31:08
C:\ComboFix-quarantined-files.txt ... 2007-05-01 20:01
C:\ComboFix2.txt ... 2007-12-10 15:11
C:\ComboFix3.txt ... 2007-12-09 21:49
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:56, on 10.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Työpöytä\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 6981 bytes

[ + lainaa]

kalminen

AfterDawn Addict

10. joulukuuta 2007 @ 18:11

Linkki tähän viestiin

Kerro onko koneella vielä kansio:
C:\-56592011
-----------------------
Tämä on tarpeen:
Toimii ainoastaan Explorerilla ==> salli ActiveX
Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
* Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
* Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
* Klikkaa nyt asetuksia, Scan Settings
* Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

* Klikkaa OK
* Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
* Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
* Klikkaa nyt Save as Text-painiketta.
* Tallenna tiedosto työpöydällesi.
* Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

[ + lainaa]

(:)

Quutamo

Junior Member

12. joulukuuta 2007 @ 21:18

Linkki tähän viestiin

Ei ole em. kansiota.

Oletko ihan varma, että haluat sen raportin? Siinä on rivejä yli 12000, mikäli Number of infected objects on suoraanverrannollinen rivejen määrään.

[ + lainaa]

kalminen

AfterDawn Addict

13. joulukuuta 2007 @ 13:52

Linkki tähän viestiin

Jovain !!!
Mulla on tulkki ko logille, joka poimii sieltä tarpeellisen.
Jos se ei mahdu tänne lähetä se ==>
http://motoristi.fi/upload.php

[ + lainaa]

(:)

Quutamo

Junior Member

13. joulukuuta 2007 @ 18:56

Linkki tähän viestiin