|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Heelp. ilmeisesti se per..n messengeri virus on päässyt koneelleni.
|
|
|
Xacco
Newbie
|
31. toukokuuta 2008 @ 09:35 |
Linkki tähän viestiin
|
Kalminen viitsisitkö katsoa vielä tämän mun login olen ihan pallo hukassa.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:22, on 31.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\service.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lumonetti.fi/portaali/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 212.63.219.165 rautaportti.net www.rautaportti.net
O1 - Hosts: 212.63.219.161 finbytes.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Class - {664B925E-D2C7-A8C9-383A-F45AACB5D871} - C:\WINDOWS\bmtle1.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [XPPrintSpool] %windir%\java\java.log\spoolsv.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 10189 bytes
|
AfterDawn Addict
|
31. toukokuuta 2008 @ 10:41 |
Linkki tähän viestiin
|
Pallo tässä itelläkin hukassa
5 logia päällekkäin samassa Topicissa
menee ohjeet sekaisin.
OK hoidetaan. Klikkaa TÄNNE
.
(:)
|
|
Xacco
Newbie
|
31. toukokuuta 2008 @ 12:45 |
Linkki tähän viestiin
|
|
|
AfterDawn Addict
|
31. toukokuuta 2008 @ 13:07 |
Linkki tähän viestiin
|
|
OK
Hyvät kesät :D
(:)
|
|
da_osmo
Newbie
|
31. toukokuuta 2008 @ 14:17 |
Linkki tähän viestiin
|
Pyytämäsi lokit Kalminen:
1. HJT-loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:26, on 31.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\Get-Torrent\TorrentManager.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [cursor] "C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [slow readme] C:\DOCUME~1\VALTTE~1\APPLIC~1\32BALM~1\LESS PROC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Suorita rekisteröintityökalu.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Service - {3D1C39B8-EAE5-4DB1-A09C-BBB828F763B2} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {3FEA9361-58EB-46FC-B9D0-9DE1B34F659C} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Support - {678CBB2D-701A-4481-87D2-352248D5340B} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {C3A23DAB-1A7D-4E55-859C-E54FA27389DE} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {DE0CA5D2-4D15-4DA6-AAB3-254541C2D7FA} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS - {F251B688-7CBD-49FC-951D-40260DB80DF9} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\SPF\smc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 8292 bytes
2. Combofix
ComboFix 08-05-29.1 - valtteri lauri 2008-05-31 13:18:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.205 [GMT 3:00]
Running from: C:\Documents and Settings\valtteri lauri\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\valtteri lauri\Työpöytä\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\service.exe
C:\WINDOWS\winudpmgr.exe
C:\WINDOWS\winudspm.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\comet
C:\setup.exe
C:\WINDOWS\inf\cc_43.inf
C:\WINDOWS\service.exe
C:\WINDOWS\system32\comet.dll
C:\WINDOWS\winudpmgr.exe
C:\WINDOWS\winudspm.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-31 )))))))))))))))))
.
2008-05-30 20:55 . 2008-05-30 22:45 83,400 --a------ C:\img.exe
2008-05-30 20:32 . 2008-05-30 20:32 <KANSIO> d-------- C:\Program Files\Sunbelt Software
2008-05-29 21:28 . 2008-05-29 21:28 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-29 20:01 . 2008-05-29 20:01 <KANSIO> d-------- C:\Program Files\Enigma Software Group
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-29 16:14 . 2003-06-16 12:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-29 16:14 . 2003-06-16 12:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-29 16:14 . 2008-05-29 16:14 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-05-28 18:07 . 2008-05-28 18:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-28 18:07 . 2008-05-28 18:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-22 21:19 . 2008-05-22 21:20 0 --a------ C:\s-b_o.bmp
2008-05-22 21:19 . 2008-05-22 21:20 0 --a------ C:\s-b_c.bmp
2008-05-22 20:59 . 2005-08-16 15:33 108,336 -ra------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\uk_o.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\uk_c.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\m-g_o.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\m-g_c.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\i-p_o.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\i-p_c.bmp
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-05-30 17:07 --------- d-----w C:\Documents and Settings\valtteri lauri\Application Data\AVG7
2008-05-28 18:17 --------- d-----w C:\Documents and Settings\valtteri lauri\Application Data\LimeWire
2008-05-17 16:58 --------- d-----w C:\Program Files\EA SPORTS
2008-05-11 09:43 --------- d-----w C:\Program Files\Opera
2008-05-11 09:39 --------- d-----w C:\Program Files\Get-Torrent
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2004-03-26 17:54 142,957 ----a-w C:\Program Files\cr-x0470.zip
2004-03-24 13:29 2,255 ----a-w C:\Program Files\Heaven-Pleasuredome101.nfo
2003-12-14 00:16 722,296 ----a-w C:\Documents and Settings\valtteri lauri\WinKawaks RomCenter.dat
2003-07-18 14:58 812 ----a-w C:\Program Files\INSTALL.LOG
2003-05-15 12:42 823,296 ----a-w C:\Program Files\WinRAR.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D18366BB-F0B6-1F83-324A-16238196B0B8}]
C:\DOCUME~1\OSKARI~1\APPLIC~1\EGGSSI~1\LOGOKAY.exe
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
2007-02-24 00:08 225280 --a------ C:\Program Files\Get-Torrent\TorrentManager.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2006-07-08 21:29 190024]
"slow readme"="C:\DOCUME~1\VALTTE~1\APPLIC~1\32BALM~1\LESS PROC.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 16:01 46592 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-30 21:00 327680]
"CnxDslTaskBar"="C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe" [2002-06-03 11:09 397312]
"freesurfer"="C:\Program Files\Free Surfer\fs20.exe" [2002-09-18 19:25 720896]
"cursor"="C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe" [2001-12-02 20:47 391680]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2006-07-08 21:29 190024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 13:54 579584]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SmcService"="C:\PROGRA~1\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-10-08 21:08 212992]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45 278528]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57 133016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 21:29 35328]
"Windows UDP Control"="winudspm.exe" []
"Windows svchost"="service.exe" []
"Windows UDP Control Center"="winudpmgr.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 15:01 219136]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-12-24 19:38:55 450560]
Suorita rekister”intity”kalu.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-03-03 22:49:32 1175552]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-07-19 19:22:39 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax
"msacm.enc"= ITIG726.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Error Safe Free\\eMule\\emule.exe"=
"C:\\Program Files\\Sopcast\\SopCast.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 CnxTgN;RoadRunner 11 ADSL PCI Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-06-03 10:57]
R3 CnxTgP;RoadRunner 11 ADSL PCI Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgP.sys [2002-06-03 10:55]
R3 CnxTgR;RoadRunner 11 ADSL PCI Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTgR.sys [2002-06-03 10:54]
S3 ldiskl;ldiskl;C:\DOCUME~1\VALTTE~1\LOCALS~1\Temp\ldiskl.sys []
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 22:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e61ca618-2462-11db-8d07-00064f058b61}]
\Shell\AutoRun\command - E:\autorun.exe
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-30 18:00:00 C:\WINDOWS\Tasks\A92A8DD491CD00A4.job"
- c:\docume~1\valtte~1\applic~1\32balm~1\intraownsonline.exe
"2008-05-30 18:00:00 C:\WINDOWS\Tasks\AF5FA72891AC58F8.job"
- c:\docume~1\oskari~1\applic~1\32balm~1\intraownsonline.exe
"2008-05-30 18:00:00 C:\WINDOWS\Tasks\AFE70C939184BDB3.job"
- c:\docume~1\kirsil~1\applic~1\32balm~1\intraownsonline.exe
"2008-05-30 16:18:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 13:25:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-05-31 13:32:57
ComboFix-quarantined-files.txt 2008-05-31 10:32:51
Pre-Run: 2,491,305,984 tavua vapaana
Post-Run: 4,512,555,008 tavua vapaana
213 --- E O F --- 2008-05-16 22:29:49
3. NoLop
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\valtteri lauri\Työpöytä
[31.5.2008]
[13:36:35]
---Infection Files Found/Removed---
C:\Documents and Settings\All Users\Application Data\four logo style soft\help frag.exe
C:\Documents and Settings\valtteri lauri\Application Data\32 Balm Roam\zzsucmlg.exe
C:\WINDOWS\tasks\A92A8DD491CD00A4.job
C:\WINDOWS\tasks\AF5FA72891AC58F8.job
C:\WINDOWS\tasks\AFE70C939184BDB3.job
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
C:\Documents and Settings\Aleksi Lauri\Application Data\Avg7
C:\Documents and Settings\Aleksi Lauri\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Aleksi Lauri\Application Data\Identities
C:\Documents and Settings\Aleksi Lauri\Application Data\Lavasoft
C:\Documents and Settings\Aleksi Lauri\Application Data\Macromedia
C:\Documents and Settings\Aleksi Lauri\Application Data\Microsoft
C:\Documents and Settings\Aleksi Lauri\Application Data\Real
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Hp
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nfs Underground
C:\Documents and Settings\All Users\Application Data\Nfs Underground Demo
C:\Documents and Settings\All Users\Application Data\Play 16 Online City -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Artto Lauri\Application Data\Avg7
C:\Documents and Settings\Artto Lauri\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Artto Lauri\Application Data\Identities
C:\Documents and Settings\Artto Lauri\Application Data\Kazaa Lite
C:\Documents and Settings\Artto Lauri\Application Data\Lavasoft
C:\Documents and Settings\Artto Lauri\Application Data\Microsoft
C:\Documents and Settings\Artto Lauri\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Identities
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
C:\Documents and Settings\Kirsi Lauri\Application Data\32 Balm Roam
C:\Documents and Settings\Kirsi Lauri\Application Data\Avg7
C:\Documents and Settings\Kirsi Lauri\Application Data\Eggs Sign Acid -- EMPTY Directory
C:\Documents and Settings\Kirsi Lauri\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Kirsi Lauri\Application Data\Identities
C:\Documents and Settings\Kirsi Lauri\Application Data\Lavasoft
C:\Documents and Settings\Kirsi Lauri\Application Data\Macromedia
C:\Documents and Settings\Kirsi Lauri\Application Data\Microsoft
C:\Documents and Settings\Kirsi Lauri\Application Data\Real
C:\Documents and Settings\Localservice\Application Data\Avg7
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Symantec
C:\Documents and Settings\Oskari Lauri\Application Data\32 Balm Roam
C:\Documents and Settings\Oskari Lauri\Application Data\Adobe
C:\Documents and Settings\Oskari Lauri\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Oskari Lauri\Application Data\Avg7
C:\Documents and Settings\Oskari Lauri\Application Data\Eggs Sign Acid -- EMPTY Directory
C:\Documents and Settings\Oskari Lauri\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Oskari Lauri\Application Data\Identities
C:\Documents and Settings\Oskari Lauri\Application Data\Kazaa Lite
C:\Documents and Settings\Oskari Lauri\Application Data\Lavasoft
C:\Documents and Settings\Oskari Lauri\Application Data\Macromedia
C:\Documents and Settings\Oskari Lauri\Application Data\Microsoft
C:\Documents and Settings\Oskari Lauri\Application Data\Real
C:\Documents and Settings\Valtteri Lauri\Application Data\Adobe
C:\Documents and Settings\Valtteri Lauri\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Valtteri Lauri\Application Data\Ahead
C:\Documents and Settings\Valtteri Lauri\Application Data\Apple Computer
C:\Documents and Settings\Valtteri Lauri\Application Data\Avg7
C:\Documents and Settings\Valtteri Lauri\Application Data\Azureus
C:\Documents and Settings\Valtteri Lauri\Application Data\Eggs Sign Acid -- EMPTY Directory
C:\Documents and Settings\Valtteri Lauri\Application Data\Fotowire
C:\Documents and Settings\Valtteri Lauri\Application Data\Get-torrent
C:\Documents and Settings\Valtteri Lauri\Application Data\Google
C:\Documents and Settings\Valtteri Lauri\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Valtteri Lauri\Application Data\Hp
C:\Documents and Settings\Valtteri Lauri\Application Data\Identities
C:\Documents and Settings\Valtteri Lauri\Application Data\Image Zone Express
C:\Documents and Settings\Valtteri Lauri\Application Data\Kazaa Lite
C:\Documents and Settings\Valtteri Lauri\Application Data\Lavasoft
C:\Documents and Settings\Valtteri Lauri\Application Data\Limewire
C:\Documents and Settings\Valtteri Lauri\Application Data\Macromedia
C:\Documents and Settings\Valtteri Lauri\Application Data\Microsoft
C:\Documents and Settings\Valtteri Lauri\Application Data\Move Networks
C:\Documents and Settings\Valtteri Lauri\Application Data\Mozilla
C:\Documents and Settings\Valtteri Lauri\Application Data\Msn6
C:\Documents and Settings\Valtteri Lauri\Application Data\Opera
C:\Documents and Settings\Valtteri Lauri\Application Data\Real
C:\Documents and Settings\Valtteri Lauri\Application Data\Securom
C:\Documents and Settings\Valtteri Lauri\Application Data\Sopcast
C:\Documents and Settings\Valtteri Lauri\Application Data\Sports Interactive
C:\Documents and Settings\Valtteri Lauri\Application Data\Sun
C:\Documents and Settings\Valtteri Lauri\Application Data\Symantec
C:\Documents and Settings\Valtteri Lauri\Application Data\Talkback
|
AfterDawn Addict
|
31. toukokuuta 2008 @ 14:58 |
Linkki tähän viestiin
|
==>> da_osmo
----------------------------------
Mene Ohjauspaneeliin ja tupla-klikkaa Lisää tai poista sovellus
Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä: 
Valitse yksitellen kaikki entiset Java versiosi ja valitse Poista.
Poista toinen palomuuri !!! Lisää/poista valikosta !!!
Tämä => Sygate Personal Firewall
Kumpikaan ei ole toiminnassa.
***********************'
Laita varmuudeksi Windowsin palomuuri päälle Ohjauspanelin => tietoturvakeskuksesta.
*****************
-----------------------------------------------------------------------
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\img.exe
C:\WINDOWS\Tasks\A92A8DD491CD00A4.job
C:\WINDOWS\Tasks\AF5FA72891AC58F8.job
C:\WINDOWS\Tasks\AFE70C939184BDB3.job
Folder::
C:\Documents and Settings\Oskari Lauri\Application Data\32 Balm Roam
C:\Documents and Settings\Valtteri Lauri\Application Data\Kazaa Lite
C:\Documents and Settings\Oskari Lauri\Application Data\Kazaa Lite
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D18366BB-F0B6-1F83-324A-16238196B0B8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"slow readme"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows UDP Control"=-
"Windows svchost"=-
"Windows UDP Control Center"=-
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
---------------------------------------------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O4 - HKCU\..\Run: [slow readme] C:\DOCUME~1\VALTTE~1\APPLIC~1\32BALM~1\LESS PROC.exe
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
(:)
|
|
da_osmo
Newbie
|
31. toukokuuta 2008 @ 15:46 |
Linkki tähän viestiin
|
viimeisin listaamasi punainen tiedosto ei löytynyt HJT:llä
tässä lokit
1.HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:20, on 31.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\Get-Torrent\TorrentManager.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [cursor] "C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Suorita rekisteröintityökalu.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Service - {3D1C39B8-EAE5-4DB1-A09C-BBB828F763B2} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {3FEA9361-58EB-46FC-B9D0-9DE1B34F659C} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Support - {678CBB2D-701A-4481-87D2-352248D5340B} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {C3A23DAB-1A7D-4E55-859C-E54FA27389DE} - http://tuki.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {DE0CA5D2-4D15-4DA6-AAB3-254541C2D7FA} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS - {F251B688-7CBD-49FC-951D-40260DB80DF9} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 8117 bytes
2.Combofix
ComboFix 08-05-29.1 - valtteri lauri 2008-05-31 15:17:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.211 [GMT 3:00]
Running from: C:\Documents and Settings\valtteri lauri\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\valtteri lauri\Työpöytä\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\img.exe
C:\WINDOWS\Tasks\A92A8DD491CD00A4.job
C:\WINDOWS\Tasks\AF5FA72891AC58F8.job
C:\WINDOWS\Tasks\AFE70C939184BDB3.job
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Oskari Lauri\Application Data\32 Balm Roam
C:\Documents and Settings\Oskari Lauri\Application Data\32 Balm Roam\F1D60DE9
C:\Documents and Settings\Oskari Lauri\Application Data\32 Balm Roam\rcrncdxe.exe
C:\Documents and Settings\Oskari Lauri\Application Data\Kazaa Lite
C:\Documents and Settings\Oskari Lauri\Application Data\Kazaa Lite\db\np.tmp
C:\Documents and Settings\Valtteri Lauri\Application Data\Kazaa Lite
C:\Documents and Settings\Valtteri Lauri\Application Data\Kazaa Lite\db\data1024.dbb
C:\Documents and Settings\Valtteri Lauri\Application Data\Kazaa Lite\db\data256.dbb
C:\Documents and Settings\Valtteri Lauri\Application Data\Kazaa Lite\db\data4096.dbb
C:\Documents and Settings\Valtteri Lauri\Application Data\Kazaa Lite\db\gr_valtteri lauri.current
C:\Documents and Settings\Valtteri Lauri\Application Data\Kazaa Lite\db\gr_valtteri lauri.previous
C:\Documents and Settings\Valtteri Lauri\Application Data\Kazaa Lite\db\np.tmp
C:\img.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-31 )))))))))))))))))
.
2008-05-31 13:37 . 2008-05-31 13:39 <KANSIO> d-------- C:\NoLopBackups
2008-05-30 20:32 . 2008-05-30 20:32 <KANSIO> d-------- C:\Program Files\Sunbelt Software
2008-05-29 21:28 . 2008-05-29 21:28 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-29 20:01 . 2008-05-29 20:01 <KANSIO> d-------- C:\Program Files\Enigma Software Group
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-29 16:14 . 2003-06-16 12:32 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-29 16:14 . 2003-06-16 12:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-29 16:14 . 2003-06-16 12:26 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-29 16:14 . 2003-06-16 13:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-29 16:14 . 2008-05-29 16:14 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-05-28 18:07 . 2008-05-28 18:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-28 18:07 . 2008-05-28 18:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-22 21:19 . 2008-05-22 21:20 0 --a------ C:\s-b_o.bmp
2008-05-22 21:19 . 2008-05-22 21:20 0 --a------ C:\s-b_c.bmp
2008-05-22 20:59 . 2005-08-16 15:33 108,336 -ra------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\uk_o.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\uk_c.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\m-g_o.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\m-g_c.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\i-p_o.bmp
2008-05-22 20:59 . 2008-05-22 21:43 0 --a------ C:\i-p_c.bmp
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 12:03 --------- d-----w C:\Program Files\Java
2008-05-30 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-05-30 17:07 --------- d-----w C:\Documents and Settings\valtteri lauri\Application Data\AVG7
2008-05-28 18:17 --------- d-----w C:\Documents and Settings\valtteri lauri\Application Data\LimeWire
2008-05-17 16:58 --------- d-----w C:\Program Files\EA SPORTS
2008-05-11 09:43 --------- d-----w C:\Program Files\Opera
2008-05-11 09:39 --------- d-----w C:\Program Files\Get-Torrent
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2004-03-26 17:54 142,957 ----a-w C:\Program Files\cr-x0470.zip
2004-03-24 13:29 2,255 ----a-w C:\Program Files\Heaven-Pleasuredome101.nfo
2003-12-14 00:16 722,296 ----a-w C:\Documents and Settings\valtteri lauri\WinKawaks RomCenter.dat
2003-07-18 14:58 812 ----a-w C:\Program Files\INSTALL.LOG
2003-05-15 12:42 823,296 ----a-w C:\Program Files\WinRAR.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-31_13.31.41,32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-31 10:05:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-31 12:07:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
2007-02-24 00:08 225280 --a------ C:\Program Files\Get-Torrent\TorrentManager.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 16:01 46592 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-30 21:00 327680]
"CnxDslTaskBar"="C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe" [2002-06-03 11:09 397312]
"freesurfer"="C:\Program Files\Free Surfer\fs20.exe" [2002-09-18 19:25 720896]
"cursor"="C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe" [2001-12-02 20:47 391680]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 13:54 579584]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-10-08 21:08 212992]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45 278528]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57 133016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 21:29 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 15:01 219136]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-12-24 19:38:55 450560]
Suorita rekister”intity”kalu.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-03-03 22:49:32 1175552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax
"msacm.enc"= ITIG726.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Error Safe Free\\eMule\\emule.exe"=
"C:\\Program Files\\Sopcast\\SopCast.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 CnxTgN;RoadRunner 11 ADSL PCI Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-06-03 10:57]
R3 CnxTgP;RoadRunner 11 ADSL PCI Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgP.sys [2002-06-03 10:55]
R3 CnxTgR;RoadRunner 11 ADSL PCI Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTgR.sys [2002-06-03 10:54]
S3 ldiskl;ldiskl;C:\DOCUME~1\VALTTE~1\LOCALS~1\Temp\ldiskl.sys []
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 22:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e61ca618-2462-11db-8d07-00064f058b61}]
\Shell\AutoRun\command - E:\autorun.exe
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-31 12:23:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 15:23:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-31 15:27:26
ComboFix-quarantined-files.txt 2008-05-31 12:26:26
ComboFix2.txt 2008-05-31 10:33:00
Pre-Run: 4,553,834,496 tavua vapaana
Post-Run: 4,545,556,480 tavua vapaana
202 --- E O F --- 2008-05-16 22:29:49
|
AfterDawn Addict
|
31. toukokuuta 2008 @ 17:08 |
Linkki tähän viestiin
|
Se oli Lop virusta ja NoLop ilmeisesti hoiti homman.
Varmistus vielä:
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi Jos se löysi mitään.
.
(:)
|
|
da_osmo
Newbie
|
31. toukokuuta 2008 @ 18:12 |
Linkki tähän viestiin
|
|
Tässä loki
Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 807
18:11:24 31.5.2008
mbam-log-5-31-2008 (18-11-24).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 152252
Kulunut aika: 50 minute(s), 21 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 3
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
C:\Program Files\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully.
Saastuneita tiedostoja:
C:\Program Files\whInstall\license.txt (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Program Files\whInstall\readme.txt (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Program Files\whInstall\Sporder.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
|
AfterDawn Addict
|
31. toukokuuta 2008 @ 19:06 |
Linkki tähän viestiin
|
|
Puhdasta on !!!
Loppuiko ongelmat ???
(:)
|
Senior Member
1 tuotearvio
|
31. toukokuuta 2008 @ 19:26 |
Linkki tähän viestiin
|
Samat on ongelmat. Jos vielä kiinnostaa, niin tässä olis hieman työnsarkaa. Selailin viestejäsi ja tein nämä kaksi lokitiedostoa, jos se helpotaisi hieman työtä. KIITOS!!
Tässä olisi hjt-loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:27, on 31.5.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 8904 bytes
ja tässä combofix
ComboFix 08-05-29.1 - Ville 2008-05-30 18:29:48.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.1373 [GMT 3:00]
Running from: C:\Users\Ville\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ville\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\winudspm.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\p4p
C:\Program Files\p4p\Bookmark.ini
C:\Program Files\p4p\P4P.exe
C:\Program Files\p4p\RING.WAV
C:\setup.exe
C:\Windows\service.exe
C:\WINDOWS\winudspm.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-04-28 to 2008-05-30 )))))))))))))))))
.
2008-05-30 18:56 . 3,839 C:\Windows\System32\drivers\GETPADD.sys
2008-05-30 18:24 . 2008-05-30 18:27 <KANSIO> d-------- C:\327882R2FWJFW
2008-05-30 16:55 . 2008-05-30 18:05 86,498 --a------ C:\Windows\System32\setup.exe
2008-05-30 10:57 . 2008-05-30 18:05 60,132 --a------ C:\dci.exe
2008-05-29 23:45 . 2008-05-29 23:45 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-29 23:08 . 2008-05-29 23:08 86,340 --a------ C:\profile.com
2008-05-29 22:16 . 2008-05-29 22:56 60,132 --a------ C:\ddc.exe
2008-05-29 10:45 . 2008-03-08 05:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 10:45 . 2008-03-08 07:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-13 13:14 . 2008-05-13 13:14 <KANSIO> dr------- C:\Users\Ville\AppData\Roaming\Brother
2008-05-05 13:58 . 2008-05-05 13:58 262,144 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-05 13:58 . 2008-05-05 13:58 86,016 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-05 13:58 . 1999-11-02 10:01 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd
2008-05-05 13:58 . 2004-06-22 15:44 5,632 --a------ C:\Windows\System32\drivers\Entech64.sys
2008-05-05 13:58 . 2001-11-19 19:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys
2008-05-05 13:57 . 2008-05-05 13:57 <KANSIO> d-------- C:\Program Files\Futuremark
2008-04-21 19:11 . 2008-04-21 19:11 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\AdobeUM
2008-04-16 19:26 . 2008-04-16 19:26 419 --a------ C:\Windows\BRWMARK.INI
2008-04-16 19:26 . 2008-04-16 19:26 184 --a------ C:\Windows\System32\brsvc01a.bsi
2008-04-16 19:26 . 2008-04-16 19:26 30 --a------ C:\Windows\System32\brss01a.ini
2008-04-16 19:26 . 2008-04-16 19:26 27 --a------ C:\Windows\BRPP2KA.INI
2008-04-16 19:17 . 2008-04-16 19:17 50 --a------ C:\Windows\System32\bridf05a.dat
2008-04-16 19:15 . 2008-04-16 19:15 <KANSIO> d-------- C:\Program Files\Brother
2008-04-16 19:15 . 2006-12-15 13:47 53,760 --a------ C:\Windows\System32\brinsstr.dll
2008-04-16 19:13 . 2001-02-05 11:16 258,048 --a------ C:\Windows\System32\bsplmf01.dll
2008-04-16 19:13 . 2004-12-10 16:35 147,456 --------- C:\Windows\brunin03.dll
2008-04-16 19:13 . 2006-10-31 00:00 139,264 --a------ C:\Windows\System32\bsplmf01.exe
2008-04-16 19:13 . 2002-04-12 00:00 57,344 --a------ C:\Windows\System32\brsvc01a.exe
2008-04-16 19:13 . 2006-09-13 00:00 45,056 --a------ C:\Windows\System32\brss01a.exe
2008-04-16 19:13 . 2001-11-15 01:00 6,224 --------- C:\Windows\CVRPAGE.BMP
2008-04-16 19:12 . 2008-04-16 19:12 <KANSIO> d-------- C:\ProgramData\Brother
2008-04-16 19:11 . 2008-04-16 19:11 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-16 18:47 . 2008-04-16 18:47 <KANSIO> d-------- C:\PerfLogs
2008-04-16 17:21 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-16 17:20 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-16 17:19 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-16 17:18 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-16 17:18 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-16 17:18 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-16 17:18 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-16 17:17 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-16 17:17 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-16 17:17 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-16 17:17 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-16 15:20 . 2008-04-16 15:20 268 --ah----- C:\sqmdata00.sqm
2008-04-16 15:20 . 2008-04-16 15:20 244 --ah----- C:\sqmnoopt00.sqm
2008-04-14 21:14 . 2008-04-19 22:14 <KANSIO> d-------- C:\Users\Ville\Puhelinluettelo
2008-04-14 21:14 . 2008-04-14 21:20 <KANSIO> d-------- C:\Users\Ville\Puheet
2008-04-14 21:13 . 2008-04-14 21:20 <KANSIO> dr------- C:\Users\Ville\Omat kuvatiedostot
2008-04-14 21:13 . 2008-04-14 21:13 <KANSIO> d-------- C:\Users\Ville\KUHA
2008-04-14 21:13 . 2008-04-16 19:09 <KANSIO> d-------- C:\Users\Ville\Koulujutut
2008-04-10 09:19 . 2008-02-29 10:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-10 09:19 . 2008-02-29 10:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-10 09:19 . 2008-02-22 08:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-10 09:19 . 2008-02-29 09:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-10 09:19 . 2008-02-29 07:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 09:19 . 2008-02-29 09:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-10 09:19 . 2008-02-29 09:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 09:19 . 2008-02-29 10:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 09:19 . 2008-02-29 07:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 09:19 . 2008-02-29 09:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 09:18 . 2008-02-29 07:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-10 09:18 . 2008-02-22 07:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 09:17 . 2008-02-22 05:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-10 09:17 . 2008-02-22 08:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-07 17:48 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-04-07 17:47 . 2008-04-07 17:47 <KANSIO> d-------- C:\Program Files\Microsoft Works
2008-04-07 17:45 . 2008-04-07 17:45 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2008-04-07 17:43 . 2008-04-07 17:43 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-07 17:41 . 2008-04-07 17:41 <KANSIO> dr-h----- C:\MSOCache
2008-04-07 17:39 . 2008-04-07 17:39 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-07 17:34 . 2008-04-07 17:34 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\DAEMON Tools
2008-04-07 17:23 . 2008-04-07 17:34 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-06 23:15 . 2008-04-06 23:15 <KANSIO> d-------- C:\Program Files\Autodesk
2008-04-06 23:10 . 2008-04-11 10:25 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\Autodesk
2008-04-06 23:10 . 2008-04-11 10:25 <KANSIO> d-------- C:\ProgramData\Autodesk
2008-04-06 23:10 . 2008-04-06 23:17 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-06 23:10 . 2008-04-06 23:46 <KANSIO> d-------- C:\Program Files\AutoCAD Civil 3D 2008
2008-04-06 23:10 . 2008-04-06 23:10 <KANSIO> d-------- C:\Civil 3D Projects
2008-04-06 23:10 . 2008-04-06 23:10 <KANSIO> d-------- C:\Civil 3D Project Templates
2008-04-05 21:57 . 2008-04-05 21:57 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\Macrovision
2008-04-05 14:25 . 2008-04-05 14:25 <KANSIO> d-------- C:\Windows\System32\Futuremark
2008-04-05 14:25 . 2008-04-05 14:25 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\InstallShield
2008-04-05 14:25 . 2008-04-05 14:25 <KANSIO> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-05 14:25 . 2007-08-20 11:05 27,672 -ra------ C:\Windows\System32\drivers\Entech.sys
2008-04-05 14:14 . 2008-04-05 14:14 <KANSIO> d-------- C:\Windows\Sun
2008-04-05 14:11 . 2008-04-05 14:11 <KANSIO> d-------- C:\Program Files\Java
2008-04-05 13:38 . 2008-04-05 13:38 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-04-05 12:55 . 2008-04-05 12:55 <KANSIO> d-------- C:\ProgramData\Macrovision
2008-04-05 12:55 . 2008-04-05 12:55 <KANSIO> d-------- C:\Program Files\Vodafone
2008-04-05 12:55 . 2007-10-15 16:27 101,376 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-04-04 16:39 . 2008-04-04 16:39 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\ArcSoft
2008-04-04 16:39 . 2008-04-04 16:39 <KANSIO> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-04 16:39 . 2008-04-04 16:39 <KANSIO> d-------- C:\Program Files\ArcSoft
2008-04-04 16:39 . 2005-04-27 16:36 245,408 --a------ C:\Windows\System32\unicows.dll
2008-04-04 16:39 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-04-04 16:39 . 2006-11-10 15:05 18,688 --a------ C:\Windows\System32\drivers\afc.sys
2008-04-04 16:29 . 2008-04-04 16:34 34 --a------ C:\ProgDVB.ini
2008-04-04 16:22 . 2008-04-04 16:22 300,544 --a------ C:\Windows\System32\drivers\AF15BDA.sys
2008-04-04 16:22 . 2008-04-04 16:22 28,672 --a------ C:\Windows\System32\AF15BDAEX.dll
2008-04-04 16:22 . 2006-11-30 04:27 126 -ra------ C:\Windows\System32\AF15IRTBL.bin
2008-04-03 18:05 . 2008-05-05 14:10 27,839 --a------ C:\Users\Ville\AppData\Roaming\nvModes.dat
2008-04-02 23:10 . 2008-04-02 23:10 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-04-02 21:39 . 2008-04-02 21:39 <KANSIO> d-------- C:\Program Files\ffdshow
2008-04-02 21:39 . 2008-04-02 21:39 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-04-02 21:39 . 2007-08-09 14:27 380,928 --a------ C:\Windows\System32\ac3filter.acm
2008-04-02 21:39 . 2007-04-24 16:30 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-04-02 21:39 . 2008-03-28 18:41 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-04-02 21:39 . 2007-07-10 17:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-04-02 21:32 . 2008-04-02 21:32 <KANSIO> d-------- C:\Program Files\Webteh
2008-04-02 21:22 . 2008-04-02 21:22 546 --a------ C:\Windows\System32\ABM51Sn.DAT
2008-04-02 21:00 . 2008-04-02 21:00 <KANSIO> dr------- C:\Users\Ville\Searches
2008-04-02 21:00 . 2008-04-01 22:29 <KANSIO> dr------- C:\Users\Ville\Contacts
2008-04-02 21:00 . 2008-04-02 21:00 <KANSIO> d-------- C:\Users\Ville\AppData\Roaming\Infineon
2008-04-02 21:00 . 2008-04-02 21:00 <KANSIO> d--hs---- C:\$RECYCLE.BIN
2008-04-02 20:56 . 2008-04-02 20:56 <KANSIO> d-------- C:\Program Files\Common Files\LightScribe
2008-04-02 20:55 . 2008-04-02 20:55 <KANSIO> d-------- C:\ProgramData\Ahead
2008-04-02 20:54 . 2008-04-02 20:54 <KANSIO> d-------- C:\ProgramData\Nero
2008-04-02 20:54 . 2008-04-02 20:54 <KANSIO> d-------- C:\Program Files\Nero
2008-04-02 20:54 . 2008-04-02 20:55 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2008-04-02 20:50 . 2008-04-02 20:50 <KANSIO> d-------- C:\Program Files\Fingerprint Sensor
2008-04-02 20:50 . 2008-04-02 20:50 <KANSIO> d-------- C:\Program Files\ASUS Security Center
2008-04-02 20:43 . 2008-04-02 21:00 <KANSIO> dr------- C:\Users\Ville\Videos
2008-04-02 20:43 . 2008-04-02 10:32 <KANSIO> dr------- C:\Users\Ville\Saved Games
2008-04-02 20:43 . 2008-03-17 14:02 <KANSIO> d-------- C:\Users\Ville\Roaming
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 15:56 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-05-14 07:31 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 07:31 --------- d-----w C:\Program Files\Windows Mail
2008-05-05 10:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 15:57 --------- d-----w C:\ProgramData\NVIDIA
2008-04-16 15:55 174 --sha-w C:\Program Files\desktop.ini
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Journal
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Defender
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-16 15:48 --------- d-----w C:\Program Files\Windows Calendar
2008-04-16 15:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-16 15:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-07 14:46 --------- d-----w C:\Program Files\MSBuild
2008-04-05 09:55 --------- d-----w C:\Program Files\Vodafone
2008-04-02 18:41 --------- d-----w C:\ProgramData\Symantec
2008-04-02 18:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-02 18:05 --------- d-----w C:\ProgramData\ASUS
2008-03-17 11:23 33,136 ----a-w C:\Windows\ASScrPro.exe
2008-03-17 11:22 606,848 ----a-w C:\Windows\flashax.exe
2008-03-17 11:22 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr
2008-03-17 11:22 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe
2008-03-17 11:22 37,232 ----a-w C:\Windows\ASScrProlog.exe
2008-03-17 11:22 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-03-17 11:22 12,288 ----a-w C:\Windows\impborl.dll
2008-03-17 10:47 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-17 10:47 315,392 ----a-w C:\Windows\HideWin.exe
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-07 18:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 18:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 18:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-07 18:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 18:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 18:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-07 18:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 14:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 14:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 14:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 09:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 18:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.
------- Sigcheck -------
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 10:33 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 08:10 4702208 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 08:22 1826816 C:\Windows\SkyTel.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 05:02 178712]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 20:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 00:24 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]
"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-03-17 14:22 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-03-17 14:23 33136]
"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [2007-02-26 06:29 677408]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 00:11 17920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-05 13:17 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-05 13:17 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-05 13:17 81920]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 14:29 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51 65536]
"Windows UDP Control"="winudspm.exe" []
"Windows svchost"="service.exe" []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2008-04-04 16:39:04 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A1897FB4-960B-49CD-94E9-C677EF745013}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{068C361D-C7A9-421A-8E78-E1D85C0A4484}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9725DA6C-85CB-4A23-B47E-6B151631CF40}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"{83C75A44-D315-4227-813A-351326B3DE88}"= UDP:C:\Program Files\ArcSoft\TotalMedia 3\TotalMedia.exe:ArcSoft TotalMedia 3
"{C2437C24-1C78-40FD-811A-EB7B7367FCEC}"= TCP:C:\Program Files\ArcSoft\TotalMedia 3\TotalMedia.exe:ArcSoft TotalMedia 3
"{87FD73F2-F23B-46A0-811A-A39692FF6FDF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FAECBFCB-6665-4245-AF35-40E7B0A2C189}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E146C103-E543-404F-A43C-6AACAC0AA77E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F6931F66-FDFE-45CF-8568-696EF29A84CB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F2E156E4-295D-42CA-BCC2-4949BE1E5D25}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F48BDB85-8414-42B3-964F-C2E223F2BA7B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys [2007-09-27 01:03]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 20:31]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-16 20:13]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-01-23 15:07]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 20:32]
R3 AF15BDA;AF9015 BDA Filter;C:\Windows\system32\DRIVERS\AF15BDA.sys [2008-04-04 16:22]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-10-31 14:55]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 11:43]
R3 FiltUSBET;ET USB Device Lower Filter;C:\Windows\system32\DRIVERS\etFilter.sys [2007-10-15 10:39]
R3 ScanUSBET;ET USB Still Image Capture Device;C:\Windows\system32\DRIVERS\etScan.sys [2007-09-06 18:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c096a4b-04b0-11dd-b6e5-000ea6f329ad}]
\shell\AutoRun\command - F:\SETUP.EXE
\shell\configure\command - F:\SETUP.EXE
\shell\install\command - F:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f62acb9c-02f5-11dd-8265-000ea6f329ad}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f62acbb4-02f5-11dd-8265-000ea6f329ad}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 18:56:38
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\wlanext.exe
C:\Windows\System32\brss01a.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
C:\Windows\System32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\IfxPsdSv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
.
**************************************************************************
.
Completion time: 2008-05-30 18:58:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 15:58:38
Pre-Run: 82,826,231,808 tavua vapaana
Post-Run: 82,771,468,288 tavua vapaana
341 --- E O F --- 2008-05-29 07:45:54
Intel Q6600 & Thermalright Ultra 120 eXtreme | Asus Striker II NSE | Asus 560GTX | 2x2GB Corsair Dominator 1600Mhz DDR3 | Antec P182 | Corsair HX520W |
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 31. toukokuuta 2008 @ 19:32
|
AfterDawn Addict
|
31. toukokuuta 2008 @ 21:45 |
Linkki tähän viestiin
|
Oikeassa olet !!!
Heti alkuunsa olis saanut Foorumilla olla yleis ohjeet.
-----------------------------
Poista nämä tiedostot käsin:
C:\dci.exe
C:\profile.com
C:\ddc.exe
--------------------------------------------------
******************************************
Kirjoita windowsin käynnistävalikon Aloita haku-kenttään ComboFix.exe /u paina OK
***************************************************************************
----------------------------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O13 - Gopher Prefix:
Tyhjennä roskakori.
------------------------------------------------------------------------------
Varmistetaan:
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi Jos se löysi jotain.
:D
(:)
|
|
da_osmo
Newbie
|
1. kesäkuuta 2008 @ 01:56 |
Linkki tähän viestiin
|
|
Ongelmia ei näköpiirissä, kaikki näyttää olevan kunnossa!
Nöyrimmät kiitokseni ja hatunnosto Kalmiselle!
|
AfterDawn Addict
|
1. kesäkuuta 2008 @ 13:11 |
Linkki tähän viestiin
|
|
OK
Hyvät kesät :D
(:)
|
|
konnasan
Newbie
|
1. kesäkuuta 2008 @ 13:23 |
Linkki tähän viestiin
|
Mahtuiskohan tähän ketjuun vielä yks autettava? Näkyy olevan etusivu täynnä ja vaikea saada omaan ketjuun vastausta :S Tässä siis HjT-logi jos viitsit Kalminen vilkaista.. Kiitos hirmusti etukäteen!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:00, on 1.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\MICROSTAR\Bluetooth Software\btsendto_explorer.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tv-opas.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.254/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI-CPanel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1121250840185
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7424 bytes
|
|
akuk
Newbie
|
1. kesäkuuta 2008 @ 13:46 |
Linkki tähän viestiin
|
Samanlaista ongelmaa on, voisko joku katsoa ja neuvoa mitä pitää tehä?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:32, on 1.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Protection Plus\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Protection Plus\Common\FCH32.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE
C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
C:\Program Files\PC Protection Plus\FSAUA\program\fsus.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Protection Plus\Common\FSM32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 212.227.64.159 www.winmx.com
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\qimrsqls.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Matkaviestimen suosikkien luominen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Matkaviestimen suosikkien luominen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9062 bytes
|
AfterDawn Addict
|
1. kesäkuuta 2008 @ 14:10 |
Linkki tähän viestiin
|
==>> konnasan
Eka logi 4 päivään ei mesematoa ?????
Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:
Viewpoint (saattaa olla muutakin nimessä)
Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE
Poista kansio/t:
C:\Program Files\Viewpoint\
*********************************************************
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
*
(:)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 1. kesäkuuta 2008 @ 14:13
|
Senior Member
1 tuotearvio
|
1. kesäkuuta 2008 @ 14:20 |
Linkki tähän viestiin
|
|
Tässä nyt olis vielä tämä malwarebytesin loki. Tuhannesti kiitoksia kalmiselle vaivannäöstä ja hyvää kesää!!
Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 811
14:16:28 1.6.2008
mbam-log-6-1-2008 (14-16-28).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 137144
Kulunut aika: 19 minute(s), 55 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 5
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\$RECYCLE.BIN\S-1-5-21-3978172683-1000821263-4186530405-1000\$R8W6PH9.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3978172683-1000821263-4186530405-1000\$RCHLRDY.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3978172683-1000821263-4186530405-1000\$RIJ03Y8.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\mIRC\mirc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\setup.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Intel Q6600 & Thermalright Ultra 120 eXtreme | Asus Striker II NSE | Asus 560GTX | 2x2GB Corsair Dominator 1600Mhz DDR3 | Antec P182 | Corsair HX520W |
|
AfterDawn Addict
|
1. kesäkuuta 2008 @ 14:33 |
Linkki tähän viestiin
|
==>> akuk
Sulla on Vundo
******************'****
Tämmöisessä hakemistossa:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Hiiren oikealla napilla pääset nimeämään HijackThis.exe uudelleen vaikka hoojiitee.exe
Nämä menee päällekäin ja ohjeet sekaisin.
Scannaa koneesi sillä ja lähetä logisi TUONNE
Saat ohjeet siellä.
****************
(:)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 1. kesäkuuta 2008 @ 14:41
|
|
konnasan
Newbie
|
1. kesäkuuta 2008 @ 14:37 |
Linkki tähän viestiin
|
Kiitos vastauksesta, tässä tämä logi:
(sitä viimeistä mitä käskit poistamaan ei löytynyt tosin)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:07, on 1.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\MI43DA~1\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MICROSTAR\Bluetooth Software\btsendto_explorer.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tv-opas.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.254/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI-CPanel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1121250840185
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 6764 bytes
|
AfterDawn Addict
|
1. kesäkuuta 2008 @ 14:43 |
Linkki tähän viestiin
|
|
==>> Tikkuneq
Puhdasta tuli roskat pois.
******************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
***************************************************************************
:D
(:)
|
AfterDawn Addict
|
1. kesäkuuta 2008 @ 14:48 |
Linkki tähän viestiin
|
==>> konnasan
Homma ei olisi onnistunut jos se viimeinen rivi olisi ollu tallella HI
Varmistetaan vielä:
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi Jos se löysi jotain.
.
(:)
|
|
konnasan
Newbie
|
1. kesäkuuta 2008 @ 16:01 |
Linkki tähän viestiin
|
|
Ei löytynyt Malwarebytes'lla mitään, mutta f-secure huusi tarkistuksen aikana jostain Backdoor.Win32.IRCBot.dqw ja dqz viruksesta/haittaohjelmasta useampaan kertaan.. Osaatko neuvoa mitä tolle voisi tehdä?
Kiitos taas neuvoista ja etukäteen jos tohon osaat sanoa jotain!
|
AfterDawn Addict
|
1. kesäkuuta 2008 @ 16:14 |
Linkki tähän viestiin
|
==>> konnasan
mIRC ohjelma antaa virheellisen virus varoituksen.
Määritä F-Securessa se luotettavaksi ohjelmaksi.
:D
(:)
|
|
Mainos
|
|
|
|
konnasan
Newbie
|
1. kesäkuuta 2008 @ 16:21 |
Linkki tähän viestiin
|
|
Hehee, kiitosta vaan :D
|
|
