Tarkistakaapa HTJ logini

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

tiistai 31.3.2026 / 01:16

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > tarkistakaapa htj logini

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Tarkistakaapa HTJ logini

Siirry:

Kirjoittaja

Viesti

PekkaStin

Newbie

17. elokuuta 2008 @ 17:27

Linkki tähän viestiin

Katsokaa onko logissa haittaohjelmia (vakoiluohjelmia/viruksia/troijalaisia) Ja katsokaas myös löytyykö mesevirus.
_______________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:19, on 17.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/d...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/d...://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fi.intl.acer.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8253 bytes

[ + lainaa]

Hujo

Suspended permanently

18. elokuuta 2008 @ 14:24

Linkki tähän viestiin

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Voiko tietsikka koskaan toimia?

PekkaStin

Newbie

18. elokuuta 2008 @ 18:03

Linkki tähän viestiin

Kyseinen combofix log
__
ComboFix 08-08-17.03 - Samppa 2008-08-18 17:54:50.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1033.18.620 [GMT 3:00]
Running from: C:\Documents and Settings\Samppa\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Samppa\UserData
C:\Documents and Settings\Samppa\UserData\4R87MDYP\IsOnIE6tbPromo[1].xml
C:\Documents and Settings\Samppa\UserData\index.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-17 17:33 . 2008-08-17 17:33 <KANSIO> d-------- C:\Program Files\CCleaner
2008-08-17 17:18 . 2008-08-17 17:18 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-08-13 17:37 . 2008-08-13 17:37 268 --ah----- C:\sqmdata00.sqm
2008-08-13 17:37 . 2008-08-13 17:37 244 --ah----- C:\sqmnoopt00.sqm
2008-08-12 20:27 . 2008-08-12 20:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-12 20:21 . 2008-08-12 20:21 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-12 20:21 . 2008-08-12 20:21 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-11 11:51 . 2004-08-10 20:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-10 16:49 . 2008-08-10 16:49 <KANSIO> d--hs---- C:\FOUND.001
2008-08-09 22:07 . 2008-08-09 22:07 <KANSIO> d-------- C:\Documents and Settings\fdf\Application Data\F-Secure
2008-08-08 12:53 . 2008-08-08 12:53 <KANSIO> d-------- C:\Documents and Settings\fdf\Application Data\Apple Computer
2008-08-08 12:20 . 2008-08-08 12:20 <KANSIO> d-------- C:\Documents and Settings\fdf\Contacts
2008-08-08 12:19 . 2006-06-27 11:49 <KANSIO> d-------- C:\Documents and Settings\fdf\Application Data\ATI
2008-08-08 12:19 . 2008-08-08 12:19 <KANSIO> d-------- C:\Documents and Settings\fdf
2008-08-04 21:23 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-04 21:22 . 2008-08-04 21:22 <KANSIO> d-------- C:\Program Files\Java
2008-08-04 21:20 . 2008-08-04 21:20 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-08-04 21:10 . 2008-08-04 21:10 <KANSIO> d-------- C:\Documents and Settings\Samppa\Application Data\mIRC
2008-08-04 10:55 . 2008-08-04 10:55 <KANSIO> d--hs---- C:\FOUND.000
2008-08-01 21:47 . 2008-08-01 21:47 <KANSIO> d-------- C:\Program Files\MSN Messenger
2008-07-31 20:42 . 2008-07-31 20:42 <KANSIO> d-------- C:\Documents and Settings\Samppa\Application Data\AdobeUM
2008-07-29 17:08 . 2008-07-29 17:08 28,884 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-29 15:40 . 2008-07-29 15:40 <KANSIO> d-------- C:\Documents and Settings\Samppa\Application Data\Apple Computer
2008-07-29 15:39 . 2008-07-29 15:39 <KANSIO> d-------- C:\Program Files\Safari
2008-07-29 15:38 . 2008-07-29 15:38 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-07-29 15:38 . 2008-07-29 15:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-29 14:48 . 2008-07-29 15:06 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-07-29 14:48 . 2008-07-29 15:06 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-07-28 20:30 . 2008-07-28 20:30 <KANSIO> d-------- C:\Program Files\Lavalys
2008-07-28 15:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-28 15:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-28 15:03 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-28 13:25 . 2008-07-28 13:25 <KANSIO> d-------- C:\WINDOWS\Sun
2008-07-28 12:32 . 2008-07-28 12:32 <KANSIO> d-------- C:\Documents and Settings\Samppa\Application Data\F-Secure
2008-07-28 11:48 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-28 11:48 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-28 11:46 . 2006-03-21 06:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-07-27 20:58 . 2008-07-27 20:58 <KANSIO> d-------- C:\Documents and Settings\Samppa\Contacts
2008-07-27 20:49 . 2008-07-27 20:49 <KANSIO> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-27 20:48 . 2008-07-27 20:48 <KANSIO> d-------- C:\Program Files\Windows Live
2008-07-27 20:48 . 2008-07-27 20:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-27 20:29 . 2008-07-27 20:29 <KANSIO> d-------- C:\Program Files\EA GAMES
2008-07-27 19:40 . 2008-07-27 19:40 <KANSIO> d--hs---- C:\Recycled
2008-07-27 19:25 . 2008-07-27 19:25 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 19:17 . 2008-07-27 19:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-27 18:55 . 2008-07-27 18:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-07-27 18:54 . 2008-07-27 18:54 <KANSIO> d-------- C:\Program Files\F-Secure
2008-07-27 18:54 . 2008-07-27 18:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-07-27 18:49 . 2008-07-27 18:49 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-07-27 18:48 . 2008-07-27 18:49 92 --a------ C:\WINDOWS\GridV.UNI
2008-07-27 18:44 . 2006-06-13 14:42 602,112 --a------ C:\WINDOWS\system32\Acer.Empowering.Windows.Forms_v820.dll
2008-07-27 18:43 . 2006-06-01 20:47 1,168,896 --a------ C:\WINDOWS\system32\ERUpdateHidden.EXE
2008-07-27 18:43 . 2006-03-23 12:02 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
2008-07-27 18:43 . 2006-03-30 13:06 258,048 --a------ C:\WINDOWS\system32\CheckD2DSystem.exe
2008-07-27 18:43 . 2004-11-03 09:06 159,744 --a------ C:\WINDOWS\system32\CloseProcessWindow.dll
2008-07-27 18:43 . 2005-12-09 09:12 16,384 --a------ C:\WINDOWS\system32\ClearEvent.exe
2008-07-27 18:43 . 2006-02-24 11:28 552 --a------ C:\WINDOWS\system32\setup.iss
2008-07-27 18:42 . 2008-07-27 18:42 <KANSIO> d-------- C:\WINDOWS\Options
2008-07-27 18:31 . 2008-07-27 18:31 <KANSIO> d-------- C:\Program Files\Launch Manager
2008-07-27 18:31 . 2008-07-27 18:31 83 --a------ C:\WINDOWS\LManager.UNI
2008-07-27 18:30 . 2008-07-27 18:30 <KANSIO> d-------- C:\Program Files\Synaptics
2008-07-27 18:30 . 2006-03-03 12:52 192,672 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-07-27 18:30 . 2006-03-03 12:55 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-07-27 18:30 . 2006-03-03 12:55 94,298 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-07-27 18:30 . 2006-03-03 12:55 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-07-27 18:30 . 2006-03-03 13:10 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2008-07-27 18:30 . 2006-03-03 13:08 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-07-27 18:26 . 2005-09-14 17:03 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
2008-07-27 18:26 . 2006-02-16 15:39 45,056 --a------ C:\WINDOWS\system32\Epm-Po.dll
2008-07-27 18:24 . 2006-05-16 03:04 2,879,488 --a------ C:\WINDOWS\SkyTel.exe
2008-07-27 18:24 . 2005-05-03 03:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-07-27 18:23 . 2008-07-27 18:23 <KANSIO> d-------- C:\WINDOWS\Acer
2008-07-27 18:23 . 2006-06-27 11:49 <KANSIO> d-------- C:\Documents and Settings\Samppa\Application Data\ATI
2008-07-27 18:23 . 2008-07-27 18:23 <KANSIO> d-------- C:\Documents and Settings\Samppa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 16:12 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-23 16:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-06-23 16:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-06-23 16:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-06-23 16:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-06-23 16:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-06-23 16:12 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-23 16:11 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-06-23 16:11 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-06-23 16:11 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-06-23 16:11 3,067,392 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 16:11 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-06-23 16:11 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-06-23 16:11 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-06-23 16:11 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 16:11 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-06-23 16:11 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:53 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 20:00 208952]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-05-25 16:11 740208]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2007-05-25 16:12 183208]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Pelit\\BF2.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-07-29 15:06]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2008-07-29 15:03]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-05-25 16:08]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 16:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-05-25 16:09]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LaunchApp - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Samppa\Application Data\Mozilla\Firefox\Profiles\788vddu0.default\
FF -: plugin - c:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 17:58:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-18 18:00:14
ComboFix-quarantined-files.txt 2008-08-18 15:00:12

Pre-Run: 42,266,918,912 bytes free
Post-Run: 42,252,730,368 tavua vapaana

209 --- E O F --- 2008-08-14 19:54:35

[ + lainaa]

Hujo

Suspended permanently

18. elokuuta 2008 @ 18:11

Linkki tähän viestiin

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

[ + lainaa]

Voiko tietsikka koskaan toimia?

PekkaStin

Newbie

18. elokuuta 2008 @ 20:01

Linkki tähän viestiin

Logi
_______
Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1065
Windows 5.1.2600 Service Pack 2

19:59:32 18.8.2008
mbam-log-08-18-2008 (19-59-32).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 100787
Kulunut aika: 32 minute(s), 33 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

[ + lainaa]

Mainos

Hujo

Suspended permanently

18. elokuuta 2008 @ 20:24

Linkki tähän viestiin

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

[ + lainaa]

Voiko tietsikka koskaan toimia?

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > tarkistakaapa htj logini


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.