|
Tarvitsisin apua keyloggerin poistamisessa.
|
|
|
Dfin
Newbie
|
12. joulukuuta 2007 @ 16:29 |
Linkki tähän viestiin
|
Morjens.
Huomasin tossa pari päivää sitten että koneessani on keyloggeri.
Paketit näyttää lähtevän komentorivin mukaan ip:seen: 81.226.226.80
Olen etsinyt monin tavoin tätä kyseistä keyloggeria, tuloksetta.
Blockasin ip:n c:/windows/system32/drivers/etc/hosts kautta, auttaako tämä? Pitäisi kyllä saada tuo keylogger myös varmuuden vuoksi poistettua ettei suurempaa vahinkoa pääse kertymään.
Haluaisin välttää reformatointia.
Kävin äsken raportoimassa kyseisen ipn hänen internetyhtiölleen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:41, on 12.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Default\Omat tiedostot\Firefox\FirefoxPortable\App\firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.227.64.158:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Program Files\Gnuf\Poker\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://kc.support.telia.se/sdccommon/download/tgctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://kc.support.telia.se/sdccommon/download/tgctlcm.cab
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 8313 bytes
Kiitos Erittäin paljon etukäteen.
T. Dfin
|
AfterDawn Addict
|
13. joulukuuta 2007 @ 15:57 |
Linkki tähän viestiin
|
|
Logilla ei ollut mitään ihmeellistä
Tällainen Keyloggeri:
Your ip: 81.226.226.80
host name: 81-226-226-80-no58.tbcn.telia.com
Network Owner: TELIA NETWORK SERVICES
Country: Sweden
City: Farsta
Timezone: GMT+1
Esiintyykö muita oireita ???
(:)
|
|
Dfin
Newbie
|
13. joulukuuta 2007 @ 17:56 |
Linkki tähän viestiin
|
|
Välillä kone jäätyy, esimerkiksi kun käytän Vol + / Vol - nappia näppäimistöllä.
Hiirtä pystyy silloin liikuttamaan, ja cntrl+alt+del painaessa huomaa että suoritinkäyttö ei ole suuri, eikä myöskään muistin käyttö poikkea.
Pikanäppäimiä pystyn käyttämään mutta hiirtä painaessa ei tapahdu mitään.
Olen myös yrittänyt fixata tämän imuroimalla koneen.
En ole varma johtuuko tämä ''jäätyminen'' tästä haittaohjelmasta.
|
AfterDawn Addict
|
13. joulukuuta 2007 @ 19:55 |
Linkki tähän viestiin
|
Tämä TELIA NETWORK SERVICES ei ole haittaohjelma Mutta.............
Tämä:
Oletko kenties käyttänyt Hide IP Platiniumia
Your ip: 220.227.64.158
Network Owner: RELIANCE INFOCOM LTD
Country: India
Area: South India
City: Chennai
Timezone: GMT+5.50
Oletan että sulla ei ole Intialaista nettioperaattoria.
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.227.64.158:8080
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://kc.support.telia.se/sdccommon/download/tgctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://kc.support.telia.se/sdccommon/download/tgctlcm.cab
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Paraniko yhtään ???
*
(:)
|
|
Dfin
Newbie
|
13. joulukuuta 2007 @ 21:36 |
Linkki tähän viestiin
|
Parani hieman, kone käynnistyi hieman nopeammin eikä windowsvaiheessa ladannut yhtä kauan kuin ennen.
Suoritinkäyttökin laski pari prosenttia ( tällähetkellä 0-3%)
Kokeilin mediapainikkeilla ''vol+ vol-'' tuloksena taas ''jäätyminen'',
Minua epäilyttää kyseinen prosessi: C:\progra~1\F-secure\backweb\7681197\program\F-secu~1.exe -startup
ja myöskin tiedosto samassa kansiossa: F-secure Automatic Update.exe.manifest (en löytänyt kyseistä manifest-tiedostoa edes googlesta)
Ja ei, en käytä hideip platinumia mutta olen joskus käyttänyt proxyjä ottamalla niitä manuaalisesti käyttöön IE:llä.
*Miten saisin checkattua onko tuota keyloggeria enään?
*Osaako kukaan ratkaista tuota ''jäätymistä''?
Kiitos kovasti vaan avusta taas. Logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:42, on 13.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Default\Omat tiedostot\Firefox\FirefoxPortable\App\firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 6210 bytes
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. joulukuuta 2007 @ 22:13
|
AfterDawn Addict
|
13. joulukuuta 2007 @ 23:37 |
Linkki tähän viestiin
|
Älä hättäile.
Kyllä sun on itse työt tehtävä. (apua annetaan)
Ne F-Securen tiedostot lähetä Virustotaliin:
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
Lähetä tiedosto tutkittavaksi: Tänne
Paina selaa nappia ja valitse koneeltasi em tiedosto paina vierestä Send nappia.
kUN Scanni on valmis "maalaa hiirellä" tulos-alue ja kopioi se vastaukseesi.
F-secure Automatic Update.exe:
http://www.file.net/process/f-secure%20a...update.exe.html
-------------------
Mitkä oireet mielestäsi viittaa KeyLockeriin ??? (se on virus)(ei näppäin lukko)
- Onko näppis rikki ???
- Sulla ollenee Logitechkin näppis se tarvii ajurin ( iToutch )
Nämä siellä jo on:
KHALMNPR.EXE
SetPoint.exe
Suosittelen kysymään viisaammilta neuvoa.
(:)
|
|
Dfin
Newbie
|
14. joulukuuta 2007 @ 14:39 |
Linkki tähän viestiin
|
|
Juu, koitan kun pääsen kotiin noin kello 7:30.
Keyloggeri koska salasanoja on vaihdeltu.
EI ole näppisongelmia.
|
|
Dfin
Newbie
|
14. joulukuuta 2007 @ 20:54 |
Linkki tähän viestiin
|
|
Scannasin tiedostot eikä niistä löytynyt mitään,..
|
AfterDawn Addict
|
14. joulukuuta 2007 @ 22:04 |
Linkki tähän viestiin
|
|
Eikö ne volume napit olekaan näppiksessä ???
(:)
|
|
Dfin
Newbie
|
14. joulukuuta 2007 @ 23:58 |
Linkki tähän viestiin
|
|
On kyllä, mutta suurin ongelmani on tällä hetkellä tuo keyloggeri.
En voi kirjautua mihinkään ilman että hackeri tietää minun salasanaani.
Tuo mediapainike ongelma oli niitä ''muita oireita''
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 14. joulukuuta 2007 @ 23:59
|
AfterDawn Addict
|
15. joulukuuta 2007 @ 11:12 |
Linkki tähän viestiin
|
KL:n tunnusmerkkejä ei näy, mutta varmistetaan:
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä (C:\ComboFix.txt)
(:)
|
|
Dfin
Newbie
|
15. joulukuuta 2007 @ 14:37 |
Linkki tähän viestiin
|
Ohjelman ajamisen jälkeen en pääse enään firefoxilla nettiin.
ComboFix 07-12-15.5 - Default 2007-12-15 14:23:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1639 [GMT 2:00]
Running from: C:\Documents and Settings\Default\Työpöytä\ComboFix.exe
* Created a new restore point
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-15 to 2007-12-15 )))))))))))))))))
.
2007-12-13 23:38 . 2007-12-13 23:38 50 --a------ C:\WINDOWS\MegaManager.INI
2007-12-12 15:53 . 2007-12-12 15:53 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-12-12 15:50 . 2007-12-12 15:50 <KANSIO> d-------- C:\VundoFix Backups
2007-12-11 21:22 . 2007-12-11 21:38 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-11 19:36 . 2007-12-11 19:55 <KANSIO> d-------- C:\Program Files\Security Task Manager
2007-12-11 19:36 . 2007-12-11 20:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-11 19:26 . 2007-12-11 19:26 261 --a------ C:\WINDOWS\WPE PRO.INI
2007-12-08 15:33 . 2007-12-09 19:52 <KANSIO> d-------- C:\Program Files\FlashGet
2007-12-08 15:33 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-12-08 15:06 . 2007-12-08 15:17 <KANSIO> d-------- C:\sound
2007-12-08 15:00 . 2007-12-13 23:58 <KANSIO> d-------- C:\Program Files\PolderbitS
2007-12-08 15:00 . 2007-12-08 15:00 24 --a------ C:\WINDOWS\system32\Drv32_16.ini
2007-12-08 14:52 . 2007-12-08 14:52 <KANSIO> d-------- C:\WINDOWS\Freecorder Toolbar
2007-12-08 14:52 . 2007-12-09 15:53 <KANSIO> d-------- C:\Program Files\Freecorder
2007-12-08 14:46 . 2007-12-08 14:46 44 --a------ C:\AudioTestRec0.wav
2007-12-08 14:45 . 2007-12-09 19:52 <KANSIO> d-------- C:\Program Files\3D MP3 Sound Recorder G2
2007-12-06 14:59 . 2007-12-06 14:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-06 14:59 . 2007-12-06 14:59 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-05 00:57 . 2007-12-05 00:57 173 --a------ C:\WINDOWS\wininit.ini
2007-12-05 00:12 . 2006-08-09 20:58 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-12-04 23:05 . 2007-12-05 00:15 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-04 22:21 . 2007-12-13 17:16 <KANSIO> d-------- C:\Documents and Settings\Default\Tracing
2007-12-04 22:20 . 2007-12-04 23:05 <KANSIO> d-------- C:\Program Files\Windows Live
2007-12-02 18:36 . 2007-12-13 23:41 <KANSIO> d-------- C:\Program Files\RipCast 1.9
2007-12-01 17:53 . 2007-12-01 17:53 252 --a------ C:\mspass.cfg
2007-12-01 17:52 . 2007-12-01 17:52 58,880 --a------ C:\mspass.exe
2007-11-26 19:09 . 2007-11-26 19:37 110 --a------ C:\WINDOWS\GMouse.ini
2007-11-26 19:06 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2007-11-23 21:46 . 2007-11-23 21:46 <KANSIO> d-------- C:\Documents and Settings\Default\.storkpk
2007-11-21 22:09 . 2007-11-21 22:09 20 --a------ C:\WINDOWS\powerplayer.ini
2007-11-21 21:00 . 2007-12-13 23:51 <KANSIO> d-------- C:\Program Files\Octoshape Streaming Services
2007-11-21 20:12 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old
2007-11-21 20:11 . 2007-12-13 23:40 <KANSIO> d-------- C:\Program Files\PPMate
2007-11-21 20:07 . 2007-11-21 20:07 <KANSIO> d-------- C:\ppmaterecord
2007-11-21 20:07 . 2007-11-21 22:09 <KANSIO> d-------- C:\Documents and Settings\Default\Application Data\ppStream
2007-11-21 20:07 . 2007-11-21 22:12 381 --a------ C:\WINDOWS\psnetwork.ini
2007-11-21 20:05 . 2007-11-21 20:05 <KANSIO> d-------- C:\Program Files\Common Files\Synacast
2007-11-21 20:05 . 2007-11-21 20:05 <KANSIO> d-------- C:\Documents and Settings\Default\Application Data\PPMate
2007-11-21 19:53 . 2007-11-21 19:53 <KANSIO> d-------- C:\Documents and Settings\Default\Application Data\TVU Networks
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 12:13 --------- d-----w C:\Documents and Settings\Default\Application Data\Azureus
2007-12-13 21:52 --------- d-----w C:\Program Files\DivX
2007-12-13 21:50 --------- d-----w C:\Program Files\XCLIENT
2007-12-13 21:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 21:45 --------- d-----w C:\Program Files\Timer
2007-12-13 21:43 --------- d-----w C:\Documents and Settings\Default\Application Data\Eltima Software
2007-12-13 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-12-13 21:41 --------- d-----w C:\Program Files\Replay Converter
2007-12-13 21:40 --------- d-----w C:\Program Files\PokerRoom.com
2007-12-13 21:37 --------- d-----w C:\Program Files\Magic Swf2Avi
2007-12-13 21:36 --------- d-----w C:\Program Files\Kaspersky Engine 3.3
2007-12-13 21:35 --------- d-----w C:\Program Files\Gnuf
2007-12-13 21:35 --------- d-----w C:\Program Files\Game Cam
2007-12-13 21:34 --------- d-----w C:\Program Files\Creative
2007-12-13 21:33 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-11 19:43 --------- d-----w C:\Program Files\Azureus
2007-12-09 14:09 --------- d-----w C:\Program Files\Java
2007-12-04 22:49 --------- d-----w C:\Documents and Settings\Default\Application Data\MP3Rocket
2007-12-04 21:03 --------- d-----w C:\Program Files\MSN Messenger
2007-12-01 22:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 21:30 --------- d-----w C:\Program Files\Easy RealMedia Tools
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:04 --------- d-----w C:\Documents and Settings\Default\Application Data\DivX
2007-11-11 22:00 --------- d-----w C:\Program Files\SoftwareRevenue.org
2007-11-11 21:59 17,808,152 ----a-w C:\WINDOWS\system32\mi2.exe
2007-11-11 21:58 379,071 ----a-w C:\WINDOWS\system32\mi1.exe
2007-11-10 21:20 --------- d-----w C:\Documents and Settings\Default\Application Data\LimeWire
2007-11-07 13:34 51,736 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-11-05 19:42 --------- d-----w C:\Program Files\NucBot
2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:09 --------- d-----w C:\Documents and Settings\Default\Application Data\Vso
2007-10-25 07:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-17 20:54 --------- d-----w C:\Documents and Settings\Default\Application Data\Nokia Multimedia Player
2007-08-27 12:54 26,792 ----a-w C:\Documents and Settings\Default\Application Data\GDIPFONTCACHEV1.DAT
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 03:51]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 10:57]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-14 16:12 C:\WINDOWS\system32\rundll32.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 08:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-12-11 14:56:51]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-27 17:03:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-07-31 11:45 139264 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-09-14 16:12 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 09:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 16:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\Default\OctoshapeClient.exe -inv:bootrun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 03:01 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"ERSvc"=2 (0x2)
"xmlprov"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"UPS"=3 (0x3)
"seclogon"=2 (0x2)
"Browser"=2 (0x2)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Spooler"=2 (0x2)
"LmHosts"=2 (0x2)
"NtmsSvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"SysmonLog"=3 (0x3)
"RSVP"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"mnmsrvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"SwPrv"=3 (0x3)
"PolicyAgent"=2 (0x2)
"HTTPFilter"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"MSDTC"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"NBService"=3 (0x3)
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\Default\LOCALS~1\Temp\Fadpu16E.sys
S3 kaspersky1;kaspersky1;\??\C:\Program Files\Kaspersky Engine 3.3\kaspersky.sys
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E3E88A26-E3FD-6CB6-FED6-73773A3B8AE1}]
C:\WINDOWS\system32:lpsass.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 14:25:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32:lpsass.exe 13312 bytes executable
C:\WINDOWS\Windows Update.log 240 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1377681 bytes
C:\WINDOWS\winhelp.exe 256832 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\wininit.ini 173 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log 28495 bytes
C:\WINDOWS\wmp11.log 19872 bytes
C:\WINDOWS\wmprfFIN.prx 32888 bytes
C:\WINDOWS\wmsetup.log 131453 bytes
C:\WINDOWS\wmsetup10.log 3342 bytes
C:\WINDOWS\WMSysPr8.prx 156910 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WPE PRO.INI 261 bytes
C:\WINDOWS\Wudf01000Inst.log 11150 bytes
C:\WINDOWS\ydi.log 46714 bytes
C:\WINDOWS\Zapoteekki.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes
IPC error: 2 Määritettyä tiedostoa ei löydy.
scan completed successfully
hidden files: 23
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Logitech\SetPoint\GameHook.dll
.
Completion time: 2007-12-15 14:27:09
.
2007-12-13 01:03:59 --- E O F ---
|
AfterDawn Addict
|
15. joulukuuta 2007 @ 15:23 |
Linkki tähän viestiin
|
Olit oikeassa kyllä täällä jotain on:
Troj/Lineage-BG copies itself
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\mspass.cfg
C:\mspass.exe
C:\windows\help\MShook.dll
Catch::
C:\WINDOWS\system32:lpsass.exe
Driver::
CATCHME
PROCEXP90
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
[IMG]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/IMG]
Käynnistä kone uudelleen, jos niin pyydetään ja
lähetä combofix.txt-tiedoston sisältö tänne.
Ja HJT:n logi
(:)
|
|
Dfin
Newbie
|
15. joulukuuta 2007 @ 20:29 |
Linkki tähän viestiin
|
ComboFix 07-12-15.5 - Default 2007-12-15 20:10:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1640 [GMT 2:00]
Running from: C:\Documents and Settings\Default\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Default\Työpöytä\CFscript.txt
* Created a new restore point
FILE
C:\mspass.cfg
C:\mspass.exe
C:\windows\help\MShook.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\mspass.cfg
C:\mspass.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CATCHME
-------\LEGACY_PROCEXP90
-------\catchme
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2007-11-15 to 2007-12-15 )))))))))))))))))
.
2007-12-13 23:38 . 2007-12-13 23:38 50 --a------ C:\WINDOWS\MegaManager.INI
2007-12-12 15:53 . 2007-12-12 15:53 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-12-12 15:50 . 2007-12-12 15:50 <KANSIO> d-------- C:\VundoFix Backups
2007-12-11 21:22 . 2007-12-11 21:38 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-11 19:36 . 2007-12-11 19:55 <KANSIO> d-------- C:\Program Files\Security Task Manager
2007-12-11 19:36 . 2007-12-11 20:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-11 19:26 . 2007-12-11 19:26 261 --a------ C:\WINDOWS\WPE PRO.INI
2007-12-08 15:33 . 2007-12-09 19:52 <KANSIO> d-------- C:\Program Files\FlashGet
2007-12-08 15:33 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-12-08 15:06 . 2007-12-08 15:17 <KANSIO> d-------- C:\sound
2007-12-08 15:00 . 2007-12-13 23:58 <KANSIO> d-------- C:\Program Files\PolderbitS
2007-12-08 15:00 . 2007-12-08 15:00 24 --a------ C:\WINDOWS\system32\Drv32_16.ini
2007-12-08 14:52 . 2007-12-08 14:52 <KANSIO> d-------- C:\WINDOWS\Freecorder Toolbar
2007-12-08 14:52 . 2007-12-09 15:53 <KANSIO> d-------- C:\Program Files\Freecorder
2007-12-08 14:46 . 2007-12-08 14:46 44 --a------ C:\AudioTestRec0.wav
2007-12-08 14:45 . 2007-12-09 19:52 <KANSIO> d-------- C:\Program Files\3D MP3 Sound Recorder G2
2007-12-06 14:59 . 2007-12-06 14:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-06 14:59 . 2007-12-06 14:59 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-05 00:57 . 2007-12-05 00:57 173 --a------ C:\WINDOWS\wininit.ini
2007-12-05 00:12 . 2006-08-09 20:58 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-12-04 23:05 . 2007-12-05 00:15 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-04 22:21 . 2007-12-13 17:16 <KANSIO> d-------- C:\Documents and Settings\Default\Tracing
2007-12-04 22:20 . 2007-12-04 23:05 <KANSIO> d-------- C:\Program Files\Windows Live
2007-12-02 18:36 . 2007-12-13 23:41 <KANSIO> d-------- C:\Program Files\RipCast 1.9
2007-11-26 19:09 . 2007-11-26 19:37 110 --a------ C:\WINDOWS\GMouse.ini
2007-11-26 19:06 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2007-11-23 21:46 . 2007-11-23 21:46 <KANSIO> d-------- C:\Documents and Settings\Default\.storkpk
2007-11-21 22:09 . 2007-11-21 22:09 20 --a------ C:\WINDOWS\powerplayer.ini
2007-11-21 21:00 . 2007-12-13 23:51 <KANSIO> d-------- C:\Program Files\Octoshape Streaming Services
2007-11-21 20:12 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old
2007-11-21 20:11 . 2007-12-13 23:40 <KANSIO> d-------- C:\Program Files\PPMate
2007-11-21 20:07 . 2007-11-21 20:07 <KANSIO> d-------- C:\ppmaterecord
2007-11-21 20:07 . 2007-11-21 22:09 <KANSIO> d-------- C:\Documents and Settings\Default\Application Data\ppStream
2007-11-21 20:07 . 2007-11-21 22:12 381 --a------ C:\WINDOWS\psnetwork.ini
2007-11-21 20:05 . 2007-11-21 20:05 <KANSIO> d-------- C:\Program Files\Common Files\Synacast
2007-11-21 20:05 . 2007-11-21 20:05 <KANSIO> d-------- C:\Documents and Settings\Default\Application Data\PPMate
2007-11-21 19:53 . 2007-11-21 19:53 <KANSIO> d-------- C:\Documents and Settings\Default\Application Data\TVU Networks
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 12:13 --------- d-----w C:\Documents and Settings\Default\Application Data\Azureus
2007-12-13 21:52 --------- d-----w C:\Program Files\DivX
2007-12-13 21:50 --------- d-----w C:\Program Files\XCLIENT
2007-12-13 21:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 21:45 --------- d-----w C:\Program Files\Timer
2007-12-13 21:43 --------- d-----w C:\Documents and Settings\Default\Application Data\Eltima Software
2007-12-13 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-12-13 21:41 --------- d-----w C:\Program Files\Replay Converter
2007-12-13 21:40 --------- d-----w C:\Program Files\PokerRoom.com
2007-12-13 21:37 --------- d-----w C:\Program Files\Magic Swf2Avi
2007-12-13 21:36 --------- d-----w C:\Program Files\Kaspersky Engine 3.3
2007-12-13 21:35 --------- d-----w C:\Program Files\Gnuf
2007-12-13 21:35 --------- d-----w C:\Program Files\Game Cam
2007-12-13 21:34 --------- d-----w C:\Program Files\Creative
2007-12-13 21:33 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-11 19:43 --------- d-----w C:\Program Files\Azureus
2007-12-09 14:09 --------- d-----w C:\Program Files\Java
2007-12-04 22:49 --------- d-----w C:\Documents and Settings\Default\Application Data\MP3Rocket
2007-12-04 21:03 --------- d-----w C:\Program Files\MSN Messenger
2007-12-01 22:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 21:30 --------- d-----w C:\Program Files\Easy RealMedia Tools
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:04 --------- d-----w C:\Documents and Settings\Default\Application Data\DivX
2007-11-11 22:00 --------- d-----w C:\Program Files\SoftwareRevenue.org
2007-11-10 21:20 --------- d-----w C:\Documents and Settings\Default\Application Data\LimeWire
2007-11-05 19:42 --------- d-----w C:\Program Files\NucBot
2007-10-25 09:09 --------- d-----w C:\Documents and Settings\Default\Application Data\Vso
2007-10-17 20:54 --------- d-----w C:\Documents and Settings\Default\Application Data\Nokia Multimedia Player
2007-08-27 12:54 26,792 ----a-w C:\Documents and Settings\Default\Application Data\GDIPFONTCACHEV1.DAT
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-15_14.25.46,51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 03:51]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 10:57]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-14 16:12 C:\WINDOWS\system32\rundll32.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 08:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-07-31 11:45 139264 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-09-14 16:12 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 09:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 16:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\Default\OctoshapeClient.exe -inv:bootrun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 03:01 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"ERSvc"=2 (0x2)
"xmlprov"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"UPS"=3 (0x3)
"seclogon"=2 (0x2)
"Browser"=2 (0x2)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Spooler"=2 (0x2)
"LmHosts"=2 (0x2)
"NtmsSvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"SysmonLog"=3 (0x3)
"RSVP"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"mnmsrvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"SwPrv"=3 (0x3)
"PolicyAgent"=2 (0x2)
"HTTPFilter"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"MSDTC"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"NBService"=3 (0x3)
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\Default\LOCALS~1\Temp\Fadpu16E.sys
S3 kaspersky1;kaspersky1;\??\C:\Program Files\Kaspersky Engine 3.3\kaspersky.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E3E88A26-E3FD-6CB6-FED6-73773A3B8AE1}]
C:\WINDOWS\system32:lpsass.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 20:15:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32:lpsass.exe 13312 bytes executable
C:\WINDOWS\Windows Update.log 240 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1383995 bytes
C:\WINDOWS\winhelp.exe 256832 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\wininit.ini 173 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log 28495 bytes
C:\WINDOWS\wmp11.log 19872 bytes
C:\WINDOWS\wmprfFIN.prx 32888 bytes
C:\WINDOWS\wmsetup.log 131453 bytes
C:\WINDOWS\wmsetup10.log 3342 bytes
C:\WINDOWS\WMSysPr8.prx 156910 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WPE PRO.INI 261 bytes
C:\WINDOWS\Wudf01000Inst.log 11150 bytes
C:\WINDOWS\ydi.log 46714 bytes
C:\WINDOWS\Zapoteekki.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes
scan completed successfully
hidden files: 23
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Logitech\SetPoint\GameHook.dll
.
Completion time: 2007-12-15 20:16:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-15 14:27
.
2007-12-13 01:03:59 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:41, on 15.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4764 bytes
|
AfterDawn Addict
|
16. joulukuuta 2007 @ 15:35 |
Linkki tähän viestiin
|
Tämä:
lpsass.exe
Saattaa kuulua samoihin pahiksiin.
Laita piilotiedostot näkyviin => OHJE
Sitten käytä Windowsin "Etsi" toimintoa.
Käynnistä-valikko "Etsi"
->Hakusanaksi lpsass.exe
Lähetä tiedosto tutkittavaksi: Tänne
Paina selaa nappia ja valitse koneeltasi lpsass.exe paina vierestä Send nappia.
kUN Scanni on valmis "maalaa hiirellä" tulos-alue ja kopioi se vastaukseesi.
(:)
|
|
Dfin
Newbie
|
16. joulukuuta 2007 @ 17:14 |
Linkki tähän viestiin
|
|
Minulla on jo tuo piilotiedostojen näyttö päällä.
Menin hakuun, laitoin etsimään kaikilta asemilta C,D,E. Ruksasin myös ''etsi piilotiedostoista ja kansioista'' mutta ei löytynyt lpsass.exeä.
Kokeilin 3 kertaa. 2 kertaa hakusanalla lpsass.exe ja kerran pelkällä lpsass.
EDIT: menin manuaalisesti tuonne folderiin ja löytyi ''lsass.exe''.
Onko se tiedosto muuttanut nimeä??
Näitä lsass.exe tiedostoja näyttää olevan 3. Scannaan nuo ja lähetän tulokset.
Tarkistin myös ettei kyseessä ole ''isass.exe'' laittamalla prosessit aakkosjärjestykseen. (isass.exe on mato)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 16. joulukuuta 2007 @ 17:36
|
|
Dfin
Newbie
|
16. joulukuuta 2007 @ 17:32 |
Linkki tähän viestiin
|
|
1. C:\WINDOWS\$NtServicePackUninstall$
Result: 0/32 (0%) Ei löytynyt viiruksia/ mitään epäilyttävää.
File size: 11776 bytes
MD5: 86b705ea1f98f8c17812d9a660e78c8d
SHA1: f6a315c732b511831aea9fd8f26a37c3639f621d
PEiD: -
2. C:\WINDOWS\system32
Result: 0/32 (0%) Ei löytynyt viiruksia/ mitään epäilyttävää.
File size: 13312 bytes
MD5: 39726087f99c7775b2ea1f2990709817
SHA1: eac4856ab4e5723304ea79d4964299c92687b83a
PEiD: -
3. C:\WINDOWS\ServicePackFiles\i386
Result: 0/32 (0%) Ei löytynyt viiruksia/ mitään epäilyttävää.
File size: 13312 bytes
MD5: 39726087f99c7775b2ea1f2990709817
SHA1: eac4856ab4e5723304ea79d4964299c92687b83a
PEiD: -
|
AfterDawn Addict
|
16. joulukuuta 2007 @ 18:47 |
Linkki tähän viestiin
|
lsass.exe = Winukan tärkeä tiedosto älä satu.
Sitten se ei ole enään kuin rekisterissä:
Ota ensin rekisteristä näin varmuuskopio:
Alapalkista > Käynnistä > Suorita -> regedit -> ok.
Klikkaa hiirellä omatietokone rivi aktiiviseksi.
Sitten Tiedosto -> Vie. Kirjoita sille Roope Tiedoston nimi ja
Tallennus Kohde sarakkeeseen valitset (C:) juureen. Vientialueeseen "täppi" kohtaan kaikki.
Poistu Regeditistä.
Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg Notepad muistiossa
työpöydälle (tallennusmuoto kaikki tiedostot)
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E3E88A26-E3FD-6CB6-FED6-73773A3B8AE1}]
Tuplaklikkaa työpöydällä fix.reg ja paina kyllä ja ok.
Käynnistä kone uudelleen.
------------------------------------------------
Lataa Deckard's System Scanner Työpöydällesi.
Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.
* Sulje kaikki avoimet ikkunat ja ohjelmat.
* Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
* Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
* Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
* kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
(:)
|
|
Dfin
Newbie
|
16. joulukuuta 2007 @ 19:46 |
Linkki tähän viestiin
|
Main.txt:
Deckard's System Scanner v20071014.68
Run by Default on 2007-12-16 19:26:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
69: 2007-12-16 17:26:30 UTC - RP304 - Deckard's System Scanner Restore Point
68: 2007-12-15 18:10:31 UTC - RP303 - ComboFix created restore point
67: 2007-12-15 12:23:12 UTC - RP302 - ComboFix created restore point
66: 2007-12-14 22:26:53 UTC - RP301 - Järjestelmän tarkistuspiste
65: 2007-12-13 21:53:23 UTC - RP300 - Poistettu Apple Software Update
-- First Restore Point --
1: 2007-10-02 16:12:02 UTC - RP236 - Installed Adobe Reader 8.1.0
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 7.5 GiB (less than 15%) free.
-- HijackThis (run as Default.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:15, on 16.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Default\Työpöytä\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Default.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4835 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071213-211616-169 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
backup-20071213-211616-175 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
backup-20071213-211616-183 O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://kc.support.telia.se/sdccommon/download/tgctlsi.cab
backup-20071213-211616-218 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
backup-20071213-211616-229 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.227.64.158:8080
backup-20071213-211616-307 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20071213-211616-312 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20071213-211616-404 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071213-211616-506 O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
backup-20071213-211616-660 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
backup-20071213-211616-923 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
backup-20071213-211617-186 O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://kc.support.telia.se/sdccommon/download/tgctlcm.cab
backup-20071213-212832-388 O8 - Extra context menu item: &Lataa FlashGetillä
backup-20071213-212832-637 O8 - Extra context menu item: &Lataa kaikki FlashGetillä
backup-20071213-212832-669 O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Program Files\Gnuf\Poker\MPPoker.exe
backup-20071213-212832-811 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071213-212832-846 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
backup-20071213-232618-230 O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
backup-20071213-232618-521 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
backup-20071213-232618-897 O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R1 hwinterface - c:\windows\system32\drivers\hwinterface.sys <Not Verified; Buzz; hwinterface Driver Version 1.0>
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys (file missing)
S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 Fadpu16E - c:\docume~1\default\locals~1\temp\fadpu16e.sys (file missing)
S3 kaspersky1 - c:\program files\kaspersky engine 3.3\kaspersky.sys (file missing)
S3 npkcusb - c:\program files\nexon\maplestory\npkcusb.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 BackWeb Plug-in - 7681197 (F-Secure Automatic Update) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe <Not Verified; F-Secure Automatic Update; RunnerEXE Application>
R2 fsbwsys - "c:\program files\f-secure\backweb\7681197\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb>
R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\f-secure\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: Logitech Cordless USB Keyboard
Device ID: USB\VID_046D&PID_C512&MI_00\6&41D574&0&0000
Manufacturer: Logitech
Name: Logitech Cordless USB Keyboard
PNP Device ID: USB\VID_046D&PID_C512&MI_00\6&41D574&0&0000
Service: LHidUsbK
-- Files created between 2007-11-16 and 2007-12-16 -----------------------------
2007-12-16 19:09:12 96817120 --a------ C:\Roope.reg
2007-12-16 18:17:35 0 d-------- C:\Program Files\Audacity
2007-12-16 17:58:15 0 d-------- C:\Program Files\Winamp
2007-12-16 17:58:15 0 d-------- C:\Documents and Settings\Default\Application Data\Winamp
2007-12-12 15:53:00 0 d-------- C:\Program Files\Trend Micro
2007-12-11 21:22:26 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-11 19:36:21 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-11 19:36:16 0 d-------- C:\Program Files\Security Task Manager
2007-12-08 15:33:15 0 d-------- C:\Program Files\FlashGet
2007-12-08 15:00:22 0 d-------- C:\Program Files\PolderbitS
2007-12-08 14:52:39 0 d-------- C:\Program Files\Freecorder
2007-12-08 14:52:32 0 d-------- C:\WINDOWS\Freecorder Toolbar
2007-12-08 14:45:08 0 d-------- C:\Program Files\3D MP3 Sound Recorder G2
2007-12-04 23:05:08 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-04 22:21:01 0 d-------- C:\Documents and Settings\Default\Tracing
2007-12-04 22:20:18 0 d-------- C:\Program Files\Windows Live
2007-12-02 18:36:19 0 d-------- C:\Program Files\RipCast 1.9
2007-12-02 17:28:57 0 d-------- C:\WINDOWS\pss
2007-11-26 19:06:22 283648 --a------ C:\WINDOWS\uninst.exe <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2007-11-23 21:46:42 0 d-------- C:\Documents and Settings\Default\.storkpk
2007-11-21 21:00:37 0 d-------- C:\Program Files\Octoshape Streaming Services
2007-11-21 20:11:29 0 d-------- C:\Program Files\PPMate
2007-11-21 20:07:12 0 d-------- C:\Documents and Settings\Default\Application Data\ppStream
2007-11-21 20:05:01 0 d-------- C:\Documents and Settings\Default\Application Data\PPMate
2007-11-21 20:05:00 0 d-------- C:\Program Files\Common Files\Synacast
2007-11-21 19:53:42 0 d-------- C:\Documents and Settings\Default\Application Data\TVU Networks
-- Find3M Report ---------------------------------------------------------------
2007-12-16 19:21:30 0 d-------- C:\Documents and Settings\Default\Application Data\Azureus
2007-12-15 21:39:26 0 d-------- C:\Program Files\Nero
2007-12-15 21:39:09 0 d-------- C:\Program Files\Common Files\Ahead
2007-12-15 21:33:25 0 d-------- C:\Program Files\Common Files\Logitech
2007-12-15 21:33:24 0 d-------- C:\Program Files\Logitech
2007-12-15 21:33:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-13 23:52:28 0 d-------- C:\Program Files\DivX
2007-12-13 23:50:54 0 d-------- C:\Program Files\XCLIENT
2007-12-13 23:45:02 0 d-------- C:\Program Files\Timer
2007-12-13 23:43:47 0 d-------- C:\Program Files\Common Files
2007-12-13 23:43:32 0 d-------- C:\Documents and Settings\Default\Application Data\Eltima Software
2007-12-13 23:41:35 0 d-------- C:\Program Files\Replay Converter
2007-12-13 23:40:16 0 d-------- C:\Program Files\PokerRoom.com
2007-12-13 23:37:26 0 d-------- C:\Program Files\Magic Swf2Avi
2007-12-13 23:36:55 0 d-------- C:\Program Files\Kaspersky Engine 3.3
2007-12-13 23:35:51 0 d-------- C:\Program Files\Gnuf
2007-12-13 23:35:20 0 d-------- C:\Program Files\Game Cam
2007-12-13 23:34:17 0 d-------- C:\Program Files\Creative
2007-12-13 23:33:49 0 d-------- C:\Program Files\AviSynth 2.5
2007-12-11 21:43:32 0 d-------- C:\Program Files\Azureus
2007-12-09 16:09:13 0 d-------- C:\Program Files\Java
2007-12-05 00:55:23 3168 --a----c- C:\WINDOWS\mozver.dat
2007-12-05 00:49:49 0 d-------- C:\Documents and Settings\Default\Application Data\MP3Rocket
2007-12-04 23:03:37 0 d-------- C:\Program Files\MSN Messenger
2007-11-14 23:30:25 0 d-------- C:\Program Files\Easy RealMedia Tools
2007-11-12 00:04:12 0 d-------- C:\Documents and Settings\Default\Application Data\DivX
2007-11-12 00:00:23 0 d-------- C:\Program Files\SoftwareRevenue.org
2007-11-11 23:58:14 379071 --a------ C:\WINDOWS\system32\mi1.exe
2007-11-10 23:20:44 0 d-------- C:\Documents and Settings\Default\Application Data\LimeWire
2007-11-05 21:42:50 0 d-------- C:\Program Files\NucBot
2007-11-05 19:04:35 384322 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-11-05 19:04:35 78674 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-10-25 11:09:42 0 d-------- C:\Documents and Settings\Default\Application Data\Vso
2007-10-17 22:54:37 0 d-------- C:\Documents and Settings\Default\Application Data\Nokia Multimedia Player
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [18.05.2006 14:26]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [26.10.2005 03:51]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [27.05.2004 10:57]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22.10.2006 12:22]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18.05.2006 08:22]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [14.09.2004 16:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.09.2004 16:12]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [07.11.2007 15:34]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [11.12.2006 14:56:51]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\Default\OctoshapeClient.exe" -inv:bootrun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"ERSvc"=2 (0x2)
"xmlprov"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"UPS"=3 (0x3)
"seclogon"=2 (0x2)
"Browser"=2 (0x2)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Spooler"=2 (0x2)
"LmHosts"=2 (0x2)
"NtmsSvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"SysmonLog"=3 (0x3)
"RSVP"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"mnmsrvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"SwPrv"=3 (0x3)
"PolicyAgent"=2 (0x2)
"HTTPFilter"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"MSDTC"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"NBService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E3E88A26-E3FD-6CB6-FED6-73773A3B8AE1}]
C:\WINDOWS\system32:lpsass.exe
-- End of Deckard's System Scanner: finished at 2007-12-16 19:27:42 ------------
extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6
CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2047.17 MiB / 1579.9 MiB
Pagefile Memory (total/avail): 3939.35 MiB / 3678.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.03 MiB
C: is Fixed (NTFS) - 127.99 GiB total, 7.5 GiB free.
D: is Fixed (NTFS) - 337.77 GiB total, 157.56 GiB free.
E: is Fixed (NTFS) - 465.75 GiB total, 346.18 GiB free.
F: is CDROM (Unformatted)
G: is CDROM (Unformatted)
\\.\PHYSICALDRIVE0 - ST3500630AS - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 127.99 GiB - C:
\PARTITION1 - Laajennettu ja laajennettu Int 13 - 337.77 GiB - D:
\\.\PHYSICALDRIVE1 - ST3500630AS - 465.76 GiB - 1 partition
\PARTITION0 - Laajennettu ja laajennettu Int 13 - 465.75 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: F-Secure Anti-Virus Client Security 6.03 v6.03 (F-Secure Corporation)
AV: F-Secure Anti-Virus Client Security 6.03 v6.03 (F-Secure Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Default\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEFAULT-57ZDIF4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Default
LOGONSERVER=\\DEFAULT-57ZDIF4
NUMBER_OF_PROCESSORS=2
OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnf
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Default\LOCALS~1\Temp
TMP=C:\DOCUME~1\Default\LOCALS~1\Temp
USERDOMAIN=DEFAULT-57ZDIF4
USERNAME=Default
USERPROFILE=C:\Documents and Settings\Default
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Default (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Policy Manager Support"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\BWUnin-6.3.2.116-7681197L.exe -AppId 7681197
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Camtasia Studio 4 --> MsiExec.exe /I{950A8D14-C48E-4508-B377-1EA45A18FA3D}
Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
ConvertXtoDVD 2.0.12 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Vision M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
F-Secure Anti-Virus Client Security - automaattinen päivitysagentti --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Backweb"
F-Secure Anti-Virus Client Security - Internet-suojaus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
F-Secure Anti-Virus Client Security - sähköpostitarkistus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
F-Secure Anti-Virus Client Security - Web-liikenteen tarkistus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
F-Secure Anti-Virus Client Security - virus- ja vakoilusuojaus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
iriverter --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://iriverter.thestaticvoid.org/dist/17/iriverter.jnlp"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JRAID --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
KeyScrambler --> C:\Program Files\KeyScrambler\uninstall.exe
LimeWire 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0xb -removeonly
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Media Converter SA Edition 0.8 --> C:\Program Files\Media Converter SA Edition\uninst.exe
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{9011040B-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (2.0.0.11) --> C:\Documents and Settings\Default\Omat tiedostot\Firefox\FirefoxPortable\App\firefox\uninstall\helper.exe
Nero 7 Premium --> MsiExec.exe /I{11439F51-B8D2-4736-9CDF-8889FEBE1035}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenSSL 0.9.6m --> C:\OpenSSL\unins000.exe
Opera 9.10 --> MsiExec.exe /X{750B9AD1-4C63-4143-94C5-6FB304199BAD}
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quake 3 Arena Demo --> C:\WINDOWS\unvise32.exe c:\Q3Ademo\uninstal.log
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
Quake III Arena Point Release 1.32 --> C:\WINDOWS\unvise32.exe C:\Program Files\Quake III Arena\uninstal5.log
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Riva Producer Lite --> "C:\Program Files\Riva\Riva Producer Lite\unins000.exe"
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Security Task Manager"
Sony DVD Architect 4.0 --> MsiExec.exe /X{219CB444-F2B6-4A17-8A76-BB7847F3DB26}
Sony Vegas 7.0a --> MsiExec.exe /X{251C3815-7A55-4607-A82D-C3B98F0FBAB8}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0xb -removeonly
Streamripper Plugin 1.62.2 (Remove only) --> C:\Program Files\Winamp\streamripper_uninstall.exe
Sun Download Manager 2.0 (web) --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp"
Suojausp?vitys Windows XP:lle (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /X{F1E17FB0-12BC-45D0-ABA3-287F2A1E3A1E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type7661 / Success
Event Submitted/Written: 12/16/2007 07:25:32 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type7645 / Success
Event Submitted/Written: 12/15/2007 09:52:04 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type7635 / Success
Event Submitted/Written: 12/15/2007 09:41:54 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type7625 / Success
Event Submitted/Written: 12/15/2007 09:36:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type7620 / Success
Event Submitted/Written: 12/15/2007 09:18:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1101 / Error
Event Submitted/Written: 12/16/2007 07:25:37 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1058
Event Record #/Type1100 / Error
Event Submitted/Written: 12/16/2007 07:25:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM vastaanotti virheen "%%1058" yrittäessään käynnistää palvelun netman argumenteilla ""
suorittaakseen palvelinosan:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
Event Record #/Type1094 / Error
Event Submitted/Written: 12/16/2007 07:25:16 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi:
%%1058
Event Record #/Type1090 / Error
Event Submitted/Written: 12/16/2007 07:25:13 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM vastaanotti virheen "%%1058" yrittäessään käynnistää palvelun netman argumenteilla ""
suorittaakseen palvelinosan:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Event Record #/Type1089 / Error
Event Submitted/Written: 12/16/2007 07:25:12 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM vastaanotti virheen "%%1058" yrittäessään käynnistää palvelun netman argumenteilla ""
suorittaakseen palvelinosan:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
-- End of Deckard's System Scanner: finished at 2007-12-16 19:27:42 ------------
|
AfterDawn Addict
|
16. joulukuuta 2007 @ 20:06 |
Linkki tähän viestiin
|
|
Pikaisesti katsoen pahin on voitettu.
DSS login perusteellinen analysointi vie aikaa (huomenna)
Huomista odotellessa tee C:lle tilaa Siirrä tavaraa D:lle
System Drive C: has 7.5 GiB (less than 15%) free.
Tietoturva syistä päivitä Explorerisi => IE7
huomiseen ==>>
(:)
|
|
Dfin
Newbie
|
16. joulukuuta 2007 @ 20:18 |
Linkki tähän viestiin
|
|
Okei, hoituu.
Kiitos paljon, hyvä yötä!
Huomiseen.
|
AfterDawn Addict
|
17. joulukuuta 2007 @ 19:56 |
Linkki tähän viestiin
|
Aina vaan löytyy !!!
Poista vikasiedossa:
C:\WINDOWS\system32\mi1.exe
Rootkitti varmistus täytyy suorittaa kun aina vaan löytyy:
Ole ohjeen kanssa tarkkana.
Lataa Win-XP: Rootkit onLine Scanner
Lataa Vista: Rootkit onLine Scanner
Tuetut Web-selaimet:
Microsoft Internet Explorer 6.0 tai uudempi.
JavaScript-tuen on oltava käytössä.
ActiveX-tuen on oltava käytössä.
F-Secure Online Scanner -palvelu toimii Internet Explorerin oletusasetuksilla
(Internet-vyöhyke ja Normaali-suojaustaso). Jos olet muuttanut asetuksia, voit
ottaa ActiveX- ja JavaScript-tuen käyttöön valitsemalla
Työkalut -> Internet-asetukset -> Suojaus -> Mukautettu taso.
Huomautus: Jos JavaScript- ja ActiveX-tuki on poistettu käytöstä tietoturvasyistä,
muista palauttaa alkuperäiset asetukset tarkistuksen jälkeen.
3. Aloita tarkistus
Kun aloitat F-Secure Online Virus Scanner -tarkistuksen, sinua
pyydetään hyväksymään varmenne ja lisenssiehdot ennen työkalun
asennusta.
Aloita tarkistus napsauttamalla tätä painiketta sivun alarenasta:
[Start Scanning]
Älä koske ruxeihin :!: :!: :!:
Lähetä F-Sekuren logi ja HJT:n logi
(:)
|
|
Dfin
Newbie
|
18. joulukuuta 2007 @ 16:55 |
Linkki tähän viestiin
|
Scanning Report
Tuesday, December 18, 2007 16:02:46 - 16:43:38
Computer name: DEFAULT-57ZDIF4
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\
Result: 0 malware found
Statistics
Scanned:
Files: 41339
System: 4793
Not scanned: 3
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-12-18
F-Secure AVP: 7.0.171, 2007-12-17
F-Secure Orion: 1.2.37, 2007-12-18
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0603-150-72
F-Secure Pegasus: 1.19.0, 2007-11-10
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:55, on 18.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Default\Omat tiedostot\Firefox\FirefoxPortable\App\firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5635 bytes
|
AfterDawn Addict
|
18. joulukuuta 2007 @ 21:05 |
Linkki tähän viestiin
|
|
Hyviä uutisia !!!
Ei Rootkittejä.
Miltä kone nyt tuntuu ???
(:)
|
|
Mainos
|
|
|
|
Dfin
Newbie
|
18. joulukuuta 2007 @ 21:57 |
Linkki tähän viestiin
|
|
Tuntuu ihan hyvältä.
Onko siis nyt homma hoidettu?
|
