Joka sortin haittaohjelmia

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

perjantai 14.11.2025 / 17:43

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > joka sortin haittaohjelmia

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Joka sortin haittaohjelmia

Siirry:

Kirjoittaja

Viesti

kake47

Junior Member

23. heinäkuuta 2008 @ 13:00

Linkki tähän viestiin

Koneelleni pääsi pesimään samaan aikaan antivirus xp 2008 ja joku spyware&mal,siinäpä sitä onkin ollut tekemistä.
Luin täältä ohjeita ja yritin toimia niiden mukaan.AVG Anti-spywarea en saanut toimimaan asennusvaiheessa ilmoitti muistipaikka häiriöstä ja tilttasi koko kone.
Tässä lokeja joita olen saanut otettua.
Toivottavasti ei näyttäisi oikein pahalle,mitähän nyt pitäisi vielä tehdä että kaikki pöpöt lähtisi
Logfile of HijackThis v1.99.1
Scan saved at 12:53:24, on 23.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\CloneCD\CloneCDTray.exe
E:\PDVDServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Registry Clean Expert\RCScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Gigabyte\Gigabyte GN-WPKG 802.11g WLan\GbConfig.exe
C:\WINDOWS\System32\snmp.exe
E:\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] E:\PDVDServ.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "E:\Registry Clean Expert\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = ?
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WPKG 802.11g WLan\GbConfig.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://kc.avustaja.sonera.fi/sdccommon/download/tgctlcm.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://194.137.218.62/activex/AMC.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Malwarebytes' Anti-Malware 1.22
Tietokantaversio: 980
Windows 5.1.2600 Service Pack 2

12:47:38 23.7.2008
mbam-log-7-23-2008 (12-47-38).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 86706
Kulunut aika: 15 minute(s), 21 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 6
Saastuneita rekisteriarvoja: 2
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 12
Saastuneita tiedostoja: 10

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9b465d2-5da9-45df-8bcf-aefc5d1d766b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9b465d2-5da9-45df-8bcf-aefc5d1d766b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc3l1j0epa5 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqrqjcu (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm4b9f3271 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebuvnha -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebuvnha -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
C:\Program Files\rhc3l1j0epa5 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\kaitsu\Application Data\rhc3l1j0epa5\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\WINDOWS\system32\geBuVNHA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AHNVuBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AHNVuBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgivrgme.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emgrvigj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqrQJCu.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dekpsqmh.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4b9f3271.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[ + lainaa]

kake47

Junior Member

23. heinäkuuta 2008 @ 13:17

Linkki tähän viestiin

Tässä on vielä tämä combofix raportti
ComboFix 08-07-22.4 - kaitsu 2008-07-23 13:05:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1548 [GMT 3:00]
Running from: C:\Documents and Settings\kaitsu\Työpöytä\Uusi kansio (3)\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{38AC0~1
C:\Program Files\Common Files\{48AC0~1
C:\Program Files\Common Files\misc002
C:\Program Files\Common Files\misc002\DXC.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\crunner
C:\WINDOWS\system32\crunner\ICSharpCode.SharpZipLib.dll
C:\WINDOWS\system32\crunner\Version.txt
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\temp\perflib_perfdata_1cc.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_OULTRAF
-------\Service_clbdriver
-------\Service_oUltraf

((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-06-23 to 2008-07-23 )))))))))))))))))
.

2008-07-23 10:59 . 2008-07-23 11:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-23 10:06 . 2008-07-23 10:11 3,716 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-23 10:05 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-23 10:04 . 2008-07-23 11:55 <KANSIO> d-------- C:\SmitfraudFix
2008-07-23 00:07 . 2008-07-23 00:07 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 00:07 . 2008-07-23 00:07 <KANSIO> d-------- C:\Documents and Settings\kaitsu\Application Data\Malwarebytes
2008-07-23 00:07 . 2008-07-23 00:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-23 00:07 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 00:07 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-23 00:03 . 2008-07-23 00:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-22 23:23 . 2004-09-15 15:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-04 00:00 . 2008-07-14 01:37 3,746 --a------ C:\error.htm
2008-07-04 00:00 . 2008-07-14 00:00 0 --a------ C:\infect.htm

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 16:42 --------- d-----w C:\Documents and Settings\kaitsu\Application Data\U3
2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2006-12-03 08:13 81,920 ------w C:\Documents and Settings\kaitsu\Application Data\ezpinst.exe
2006-12-03 08:13 47,360 ------w C:\Documents and Settings\kaitsu\Application Data\pcouffin.sys
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"RegClean Expert Scheduler"="E:\Registry Clean Expert\RCScheduler.exe" [2006-03-09 01:30 94208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 21:39 68856]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 07:00 98304]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2004-09-09 12:03 118832]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 11:57 684032]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 16:07 7110656]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 16:07 86016]
"CloneCDElbyCDFL"="C:\CloneCD\ElbyCheck.exe" [2002-11-02 09:33 45056]
"CloneCDTray"="C:\CloneCD\CloneCDTray.exe" [2002-12-02 17:17 73728]
"RemoteControl"="E:\PDVDServ.exe" [2003-10-31 19:42 32768]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 07:00 98304]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38 892928]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 16:03 93208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"nwiz"="nwiz.exe" [2005-07-20 16:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio -ominaisuussivun pikakuvake"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 09:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 11:17 2742272 C:\WINDOWS\ALCWZRD.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 12:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 13:43]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2004-11-10 15:58]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-09-17 04:29]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-04 21:41]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 19:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2004-09-10 19:14]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 15:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22fc0cf8-be82-11db-be6b-000fea7d5a0b}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce0c6642-491d-11dd-8093-000fea7d5a0b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-07-23 00:04:32 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt
.
- - - - ORPHANS REMOVED - - - -

HKCU-Explorer_Run-{48AC0142-0C09-1035-1105-040801050166} - C:\Program Files\Common Files\{48AC0142-0C09-1035-1105-040801050166}\Update.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://194.137.218.62/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 13:11:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\common\FSMB32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\F-Secure\common\FCH32.EXE
C:\Program Files\F-Secure\common\FAMEH32.EXE
C:\Program Files\F-Secure\common\FNRB32.exe
C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
C:\Program Files\F-Secure\common\FIH32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Gigabyte\Gigabyte GN-WPKG 802.11g WLan\GbConfig.exe
E:\WinZip\WZQKPICK.EXE
C:\Program Files\F-Secure\Anti-Virus\FSAV32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
.
**************************************************************************
.
Completion time: 2008-07-23 13:14:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 10:13:59

Pre-Run: 6,525,915,136 tavua vapaana
Post-Run: 6,651,711,488 tavua vapaana

171 --- E O F --- 2008-07-13 22:21:08

[ + lainaa]

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > joka sortin haittaohjelmia


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.