|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Vundo + Monder....
|
|
|
jalokives
Junior Member
3 tuotearviota
|
14. lokakuuta 2008 @ 20:43 |
Linkki tähän viestiin
|
Eli antivir valittaa joka toinen sekunti näistä kahdesta troijalaisesta. yritin poistaa, tuloksetta... kone hidastelee jo aika pahasti.
HJT-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:59, on 14.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
I:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Ohjelmat\CursorsXP\CursorXP.exe
I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79919086
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BMf7543ce1] Rundll32.exe "C:\WINDOWS\system32\dbxnrouu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] I:\Ohjelmat\CursorsXP\CursorXP.exe
O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lenxiy.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - I:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8966 bytes
|
|
jalokives
Junior Member
3 tuotearviota
|
14. lokakuuta 2008 @ 22:48 |
Linkki tähän viestiin
|
Joo tein jotain harvinaista ja osoitin omaaloitteisuutta.
ajoin Malwaren ja ComboFix:in ja niiden jälkeen otin vielä uuden HJT-login. Olisiko jotain, mitä pitäisi vielä tehdä?
Malware:Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1268
Windows 5.1.2600 Service Pack 2
14.10.2008 22:01:37
mbam-log-2008-10-14 (22-01-37).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|P:\|)
Tarkistetut kohteet: 67040
Kulunut aika: 1 hour(s), 43 minute(s), 10 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 4
Saastuneita rekisteriavaimia: 7
Saastuneita rekisteriarvoja: 2
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 199
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
C:\WINDOWS\system32\ljJCuSMD.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dbxnrouu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lenxiy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvSkHYo.dll (Trojan.Vundo.H) -> Delete on reboot.
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1fded158-dbd2-48e4-b836-3e9bd4d9ded2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1fded158-dbd2-48e4-b836-3e9bd4d9ded2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cfa7c88-0e65-4ac6-af8d-2fd0941298fd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5cfa7c88-0e65-4ac6-af8d-2fd0941298fd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cbe6300-759b-447a-b406-31b86293e390} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvskhyo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6cbe6300-759b-447a-b406-31b86293e390} (Trojan.Vundo.H) -> Delete on reboot.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf7543ce1 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6cbe6300-759b-447a-b406-31b86293e390} (Trojan.Vundo.H) -> Delete on reboot.
Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjcusmd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjcusmd -> Delete on reboot.
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\WINDOWS\system32\lenxiy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ljJCuSMD.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\DMSuCJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSuCJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvSkHYo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fcywgxpa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apxgwycf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ioxantri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irtnaxoi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irucrgrb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brgrcuri.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pvobpfdi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idfpbovp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsektjdl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ldjtkest.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yvmdvikw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wkivdmvy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbxnrouu.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219932.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219933.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219934.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219935.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219936.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219939.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219940.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219941.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP515\A0221683.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP515\A0221684.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP515\A0221685.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\acacenxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aektgs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajjhtm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apuopwfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqbujcng.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqulnw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\astnoydx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awgleloa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aywxbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\beiprlsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bpxoluhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buljfl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bxiomwvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbrkwnga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbwxoues.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdsdqqxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\chwbte.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnslhj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\coumrmbd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cykhclmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbcujmmi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbfaculy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dkaqyics.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dkqcdaqj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dliebv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmegmraa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnltud.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpuyillr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dtwrxhvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dusoevww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dyaqke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dzsfco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edupitpg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eectmuso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\egulvxen.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eonehwxn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etpkbjxn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eulwbw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\faxqocfj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fhffwbdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frbcpoek.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frhchhma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fspykp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuprrfss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fwfwlf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fwjhuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxkoepia.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gbiffdus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gppotr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gshrxkkd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbimbswu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoohyfen.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpaqpwfl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvshslbj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihnjatim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iiplcuwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isqqitva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itspmjlf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iymrewqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jfsaclkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgkniz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jknfmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jokyfr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kciwoaga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kckjhoxk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfbljwwx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEXroo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khqkruqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmtbrwem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kohedtqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kotusg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kouoptyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuansdea.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvsfmlug.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kwehpy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\levrfqts.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ligjjugt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\limoeboy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\loursevm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lskyky.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lyvqycak.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lzxxci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\necftakf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nemvysuw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nfephkjx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nhblaehf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niifvjdt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njjlrx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nkkfupyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmdmfymg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nttfiatj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\odbthv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofppyaqm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oipyueku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ojbsypxo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ornjdwab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdwvlq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pexpqimu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnigpecl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prcamtdq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prjryokb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pssegdia.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qflygtle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qrcacotl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qvamtisk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qvdvdxwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rajhrvtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rbdbrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\refwshej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rtkxqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\scsekqem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seyuuyie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sizgqy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sqcaohyn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tbibbkva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\teuwgikh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfidsv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfobwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfpavdcu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfpzlk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\topvtjks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trhprehk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trvhmuss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucwnbjvg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udisxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udnxpipc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udwoqiuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufknjgfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugikkujx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhfucj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukubplli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulxovdlr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uqwaflmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vembdskx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vgctqhrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vlshgjdg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrtejjrf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsvutoej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vumkcvmg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vxohhm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vxyuahmx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcmdzq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgjdabci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wndesxgs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpxqdnit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqcfteot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrnvpflt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuxrxwjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxjfeowi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxuysz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xhorrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xhrroyvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmgvnm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xozbkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrgwjcvn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xriqxujn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrtbmlav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtuotjfs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwltzz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyjwby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yabjghff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ydaxhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yesecylt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yiddyqat.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ykbmyayg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yqqwrdsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zhsupo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zvnzsw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Kone piti sammuttaa ja sitten vasta pystyi poistamaan loput mömmöt.
siitä loki:
Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1268
Windows 5.1.2600 Service Pack 2
14.10.2008 22:17:14
mbam-log-2008-10-14 (22-17-14).txt
Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 46497
Kulunut aika: 5 minute(s), 5 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 7
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 4
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf7543ce1.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf7543ce1.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
ComboFix:
ComboFix 08-10-14.03 - Omistaja 2008-10-14 22:22:20.1 - NTFSx86
Sijainti: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Uusi palautuspiste luotu
VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Omistaja\Application Data\inst.exe
C:\WINDOWS\system32\fwatnseu.ini
C:\WINDOWS\system32\hbvwgcqo.ini
C:\WINDOWS\system32\osrvvifr.ini
C:\WINDOWS\system32\rvsxsmrs.ini
C:\WINDOWS\system32\uhdbxsrx.ini
C:\WINDOWS\system32\xybtaltt.ini
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-14 to 2008-10-14 )))))))))))))))))
.
2008-10-14 20:14 . 2008-10-14 20:14 <KANSIO> d----c--- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-10-14 20:13 . 2008-10-14 20:15 <KANSIO> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 20:13 . 2008-10-14 20:13 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 20:13 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 20:13 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 00:33 . 2008-10-13 00:41 <KANSIO> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-12 22:00 . 2008-10-12 22:00 <KANSIO> d----c--- C:\VundoFix Backups
2008-10-12 02:08 . 2008-10-12 02:08 268 --ah-c--- C:\sqmdata14.sqm
2008-10-12 02:08 . 2008-10-12 02:08 244 --ah-c--- C:\sqmnoopt14.sqm
2008-10-11 14:09 . 2008-10-11 14:09 230 --a--c--- C:\WINDOWS\system32\spupdsvc.inf
2008-10-11 12:27 . 2008-10-11 12:27 121 ---hsc--- C:\WINDOWS\system32\fuvwnuap.ini
2008-10-11 11:24 . 2008-10-11 11:24 121 ---hsc--- C:\WINDOWS\system32\rlgctqbj.ini
2008-10-11 01:35 . 2008-10-11 01:35 121 ---hsc--- C:\WINDOWS\system32\ksakjtwa.ini
2008-10-11 00:32 . 2008-10-11 00:32 121 ---hsc--- C:\WINDOWS\system32\hergtpuv.ini
2008-10-10 23:29 . 2008-10-10 23:29 121 ---hsc--- C:\WINDOWS\system32\bcginqbh.ini
2008-10-10 22:29 . 2008-10-10 22:29 121 ---hsc--- C:\WINDOWS\system32\sxfgujrq.ini
2008-10-10 21:23 . 2008-10-10 21:23 121 ---hsc--- C:\WINDOWS\system32\ibfbsady.ini
2008-10-10 20:23 . 2008-10-10 20:23 121 ---hsc--- C:\WINDOWS\system32\wrkvjink.ini
2008-10-10 19:17 . 2008-10-10 19:17 121 ---hsc--- C:\WINDOWS\system32\sxnfrdsf.ini
2008-10-10 18:14 . 2008-10-10 18:14 121 ---hsc--- C:\WINDOWS\system32\gryhndux.ini
2008-10-10 17:14 . 2008-10-10 17:14 121 ---hsc--- C:\WINDOWS\system32\wsmsqcqj.ini
2008-10-10 16:11 . 2008-10-10 16:11 121 ---hsc--- C:\WINDOWS\system32\goktyxmu.ini
2008-10-10 07:19 . 2008-10-10 07:19 121 ---hsc--- C:\WINDOWS\system32\leauowno.ini
2008-10-09 23:35 . 2008-10-09 23:35 121 ---hsc--- C:\WINDOWS\system32\yfdwqlff.ini
2008-10-09 21:01 . 2008-10-09 21:01 121 ---hsc--- C:\WINDOWS\system32\tdpttied.ini
2008-10-09 20:01 . 2008-10-09 20:01 121 ---hsc--- C:\WINDOWS\system32\bpmgpvbi.ini
2008-10-09 19:04 . 2008-10-09 19:04 121 ---hsc--- C:\WINDOWS\system32\phcvleti.ini
2008-10-09 17:58 . 2008-10-09 17:58 121 ---hsc--- C:\WINDOWS\system32\rbklmfpk.ini
2008-10-09 16:58 . 2008-10-09 16:58 121 ---hsc--- C:\WINDOWS\system32\nrhotfau.ini
2008-10-09 15:55 . 2008-10-09 15:55 121 ---hsc--- C:\WINDOWS\system32\vskjqgan.ini
2008-10-08 23:16 . 2008-10-08 23:16 121 ---hsc--- C:\WINDOWS\system32\upvwritr.ini
2008-10-08 23:13 . 2008-10-08 23:13 121 ---hsc--- C:\WINDOWS\system32\cxkyfjae.ini
2008-10-08 22:13 . 2008-10-08 22:14 121 ---hsc--- C:\WINDOWS\system32\oupvkhwv.ini
2008-10-08 22:11 . 2008-10-08 22:11 121 ---hsc--- C:\WINDOWS\system32\xvkifgvh.ini
2008-10-08 21:13 . 2008-10-08 21:13 121 ---hsc--- C:\WINDOWS\system32\rpmamttr.ini
2008-10-08 20:10 . 2008-10-08 20:10 121 ---hsc--- C:\WINDOWS\system32\kjurrcyp.ini
2008-10-08 19:07 . 2008-10-08 19:07 121 ---hsc--- C:\WINDOWS\system32\hfbfwggn.ini
2008-10-08 18:04 . 2008-10-08 18:04 121 ---hsc--- C:\WINDOWS\system32\kksarspd.ini
2008-10-08 17:01 . 2008-10-08 17:01 121 ---hsc--- C:\WINDOWS\system32\eimytwud.ini
2008-10-08 16:00 . 2008-10-08 16:00 121 ---hsc--- C:\WINDOWS\system32\emwuytiy.ini
2008-10-07 23:14 . 2008-10-07 23:14 121 ---hsc--- C:\WINDOWS\system32\xdqnhluc.ini
2008-10-07 22:17 . 2008-10-07 22:17 121 ---hsc--- C:\WINDOWS\system32\lrcsqqdw.ini
2008-10-07 22:11 . 2008-10-07 22:11 121 ---hsc--- C:\WINDOWS\system32\mglsxpxt.ini
2008-10-07 21:08 . 2008-10-07 21:08 121 ---hsc--- C:\WINDOWS\system32\kkxwgaln.ini
2008-10-05 22:57 . 2008-10-05 22:57 121 ---hsc--- C:\WINDOWS\system32\ufkryygp.ini
2008-10-03 22:54 . 2008-10-03 22:54 121 ---hsc--- C:\WINDOWS\system32\dhdutiap.ini
2008-10-02 20:46 . 2008-10-02 20:46 121 ---hsc--- C:\WINDOWS\system32\agdfparj.ini
2008-09-30 20:45 . 2008-09-30 20:45 121 ---hsc--- C:\WINDOWS\system32\tjbwpykc.ini
2008-09-28 14:20 . 2008-10-14 22:26 13,215,776 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-28 14:20 . 2008-10-14 22:03 158,096 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-28 13:46 . 2008-07-09 09:05 75,248 --a--c--- C:\WINDOWS\zllsputility.exe
2008-09-28 13:43 . 2008-09-30 13:43 <KANSIO> d----c--- C:\WINDOWS\system32\ZoneLabs
2008-09-28 13:43 . 2008-07-09 09:05 1,086,952 --a--c--- C:\WINDOWS\system32\zpeng24.dll
2008-09-28 13:43 . 2008-10-14 22:05 352,917 --a--c--- C:\WINDOWS\system32\vsconfig.xml
2008-09-28 11:32 . 2008-09-28 13:51 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Norton
2008-09-28 11:28 . 2008-09-28 11:28 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-27 14:37 . 2008-09-27 14:37 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Application Data\Logitech
2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-09-27 14:36 . 2007-04-19 19:19 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Työpöytä
2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Suosikit
2008-09-27 14:36 . 2008-09-27 14:38 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Omat tiedostot
2008-09-27 14:36 . 2007-04-19 19:16 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Mallit
2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Application Data\PC Suite
2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> d----c--- C:\Documents and Settings\Vieras
2008-09-27 00:23 . 2008-10-13 20:48 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-09-27 00:23 . 2008-09-27 00:23 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-09-26 21:00 . 2008-09-26 21:00 268 --ah-c--- C:\sqmdata13.sqm
2008-09-26 21:00 . 2008-09-26 21:00 244 --ah-c--- C:\sqmnoopt13.sqm
2008-09-26 00:04 . 2008-09-26 00:04 268 --ah-c--- C:\sqmdata12.sqm
2008-09-26 00:04 . 2008-09-26 00:04 244 --ah-c--- C:\sqmnoopt12.sqm
2008-09-22 15:07 . 2008-09-22 15:06 410,976 --a--c--- C:\WINDOWS\system32\deploytk.dll
2008-09-17 16:16 . 2008-09-17 16:16 549,159 -rahsc--- C:\Program Files\Norton2009Reset.exe
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 13:34 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Azureus
2008-10-13 17:46 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-10-12 17:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-11 23:10 2,190,620 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-11 22:14 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-10-11 21:52 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-10-11 20:16 --------- dc----w C:\Program Files\MagicISO
2008-10-09 17:54 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Ahead
2008-10-05 16:17 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Vso
2008-10-05 16:11 --------- dc----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-09-30 10:40 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 12:06 --------- dc----w C:\Program Files\Java
2008-09-21 19:47 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\IMVU
2008-09-12 21:12 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-09-12 21:02 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\skypePM
2008-09-12 17:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\mIRC
2008-09-08 19:59 --------- dc-h--w C:\Program Files\Zero G Registry
2008-09-06 09:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\PC Suite
2008-09-05 13:33 --------- dc----w C:\Program Files\Common Files\Corel
2008-09-05 13:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-05 13:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Corel
2008-09-05 13:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Corel
2008-08-22 18:19 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Brainwave
2008-08-17 18:16 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-08-17 14:06 --------- dc----w C:\Program Files\Winamp Toolbar
2008-08-17 14:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-07-18 19:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-05-04 06:54 1,940 -c--a-w C:\Documents and Settings\Omistaja\Application Data\lebendig.reg
2008-04-16 11:58 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-25 13:53 47,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]
"CursorXP"="I:\Ohjelmat\CursorsXP\CursorXP.exe" [2005-01-19 128000]
"PC Suite Tray"="I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"Google Update"="C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [2005-09-14 65536]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-22 144792]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"ZoneAlarm Client"="I:\Program Files\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15360]
"Nokia.PCSync"="I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Logitech SetPoint.lnk - I:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-10-08 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lenxiy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--------- 2007-07-23 13:55 341232 I:\Program Files\Ulead Videostudio\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"I:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"i:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"I:\\Program Files\\Azureus\\Azureus.exe"=
"I:\\Program Files\\Valve\\Steam\\SteamApps\\jalok1ves\\counter-strike\\hl.exe"=
"I:\\Program Files\\mIRC\\mirc.exe"=
"I:\\Ohjelmat\\Dc++\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-22 147456]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-15 14336]
R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2007-10-10 34848]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 820133]
S1 AMTBDA_P861F;anysee Capture Service;C:\WINDOWS\system32\DRIVERS\anyseeTU.SYS [ ]
S2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db15e3ef-ff56-11dc-a74d-000feacc5edd}]
\Shell\AutoRun\command - N:\InstallTomTomHOME.exe
*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - PROCEXP90
.
'Ajoitetut tehtävät'-kansion sisältö
2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job
- I:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-10-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-14 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:24]
.
.
------- Täydentävä tarkistus -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.ircdown.com/fi/index.php?rvs=hompag&d=79919086
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk -
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 22:26:30
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2008-10-14 22:28:09
ComboFix-quarantined-files.txt 2008-10-14 19:28:05
Ennen ajoa: 3 052 769 280 tavua vapaana
Ajon jälkeen: 3,020,845,056 tavua vapaana
264 --- E O F --- 2008-09-09 21:33:02
Ja lopuksi HJT-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:31, on 14.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Ohjelmat\CursorsXP\CursorXP.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79919086
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] I:\Ohjelmat\CursorsXP\CursorXP.exe
O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lenxiy.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - I:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9168 bytes
|
Senior Member
4 tuotearviota
|
15. lokakuuta 2008 @ 12:16 |
Linkki tähän viestiin
|
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\WINDOWS\system32\spupdsvc.inf
C:\WINDOWS\system32\fuvwnuap.ini
C:\WINDOWS\system32\rlgctqbj.ini
C:\WINDOWS\system32\ksakjtwa.ini
C:\WINDOWS\system32\hergtpuv.ini
C:\WINDOWS\system32\bcginqbh.ini
C:\WINDOWS\system32\sxfgujrq.ini
C:\WINDOWS\system32\ibfbsady.ini
C:\WINDOWS\system32\wrkvjink.ini
C:\WINDOWS\system32\sxnfrdsf.ini
C:\WINDOWS\system32\gryhndux.ini
C:\WINDOWS\system32\wsmsqcqj.ini
C:\WINDOWS\system32\goktyxmu.ini
C:\WINDOWS\system32\leauowno.ini
C:\WINDOWS\system32\yfdwqlff.ini
C:\WINDOWS\system32\tdpttied.ini
C:\WINDOWS\system32\bpmgpvbi.ini
C:\WINDOWS\system32\phcvleti.ini
C:\WINDOWS\system32\rbklmfpk.ini
C:\WINDOWS\system32\nrhotfau.ini
C:\WINDOWS\system32\vskjqgan.ini
C:\WINDOWS\system32\upvwritr.ini
C:\WINDOWS\system32\cxkyfjae.ini
C:\WINDOWS\system32\oupvkhwv.ini
C:\WINDOWS\system32\xvkifgvh.ini
C:\WINDOWS\system32\rpmamttr.ini
C:\WINDOWS\system32\kjurrcyp.ini
C:\WINDOWS\system32\hfbfwggn.ini
C:\WINDOWS\system32\kksarspd.ini
C:\WINDOWS\system32\eimytwud.ini
C:\WINDOWS\system32\emwuytiy.ini
C:\WINDOWS\system32\xdqnhluc.ini
C:\WINDOWS\system32\lrcsqqdw.ini
C:\WINDOWS\system32\mglsxpxt.ini
C:\WINDOWS\system32\kkxwgaln.ini
C:\WINDOWS\system32\ufkryygp.ini
C:\WINDOWS\system32\dhdutiap.ini
C:\WINDOWS\system32\agdfparj.ini
C:\WINDOWS\system32\tjbwpykc.ini
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
|
|
Mainos
|
|
|
|
jalokives
Junior Member
3 tuotearviota
|
15. lokakuuta 2008 @ 18:37 |
Linkki tähän viestiin
|
ComboFix:
ComboFix 08-10-14.07 - Omistaja 2008-10-15 18:14:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.584 [GMT 3:00]
Sijainti: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: C:\Documents and Settings\Omistaja\Työpöytä\CFScript.txt
* Uusi palautuspiste luotu
VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
FILE ::
C:\WINDOWS\system32\agdfparj.ini
C:\WINDOWS\system32\bcginqbh.ini
C:\WINDOWS\system32\bpmgpvbi.ini
C:\WINDOWS\system32\cxkyfjae.ini
C:\WINDOWS\system32\dhdutiap.ini
C:\WINDOWS\system32\eimytwud.ini
C:\WINDOWS\system32\emwuytiy.ini
C:\WINDOWS\system32\fuvwnuap.ini
C:\WINDOWS\system32\goktyxmu.ini
C:\WINDOWS\system32\gryhndux.ini
C:\WINDOWS\system32\hergtpuv.ini
C:\WINDOWS\system32\hfbfwggn.ini
C:\WINDOWS\system32\ibfbsady.ini
C:\WINDOWS\system32\kjurrcyp.ini
C:\WINDOWS\system32\kksarspd.ini
C:\WINDOWS\system32\kkxwgaln.ini
C:\WINDOWS\system32\ksakjtwa.ini
C:\WINDOWS\system32\leauowno.ini
C:\WINDOWS\system32\lrcsqqdw.ini
C:\WINDOWS\system32\mglsxpxt.ini
C:\WINDOWS\system32\nrhotfau.ini
C:\WINDOWS\system32\oupvkhwv.ini
C:\WINDOWS\system32\phcvleti.ini
C:\WINDOWS\system32\rbklmfpk.ini
C:\WINDOWS\system32\rlgctqbj.ini
C:\WINDOWS\system32\rpmamttr.ini
C:\WINDOWS\system32\spupdsvc.inf
C:\WINDOWS\system32\sxfgujrq.ini
C:\WINDOWS\system32\sxnfrdsf.ini
C:\WINDOWS\system32\tdpttied.ini
C:\WINDOWS\system32\tjbwpykc.ini
C:\WINDOWS\system32\ufkryygp.ini
C:\WINDOWS\system32\upvwritr.ini
C:\WINDOWS\system32\wrkvjink.ini
C:\WINDOWS\system32\vskjqgan.ini
C:\WINDOWS\system32\wsmsqcqj.ini
C:\WINDOWS\system32\xdqnhluc.ini
C:\WINDOWS\system32\xvkifgvh.ini
C:\WINDOWS\system32\yfdwqlff.ini
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\agdfparj.ini
C:\WINDOWS\system32\bcginqbh.ini
C:\WINDOWS\system32\bpmgpvbi.ini
C:\WINDOWS\system32\cxkyfjae.ini
C:\WINDOWS\system32\dhdutiap.ini
C:\WINDOWS\system32\eimytwud.ini
C:\WINDOWS\system32\emwuytiy.ini
C:\WINDOWS\system32\fuvwnuap.ini
C:\WINDOWS\system32\goktyxmu.ini
C:\WINDOWS\system32\gryhndux.ini
C:\WINDOWS\system32\hergtpuv.ini
C:\WINDOWS\system32\hfbfwggn.ini
C:\WINDOWS\system32\ibfbsady.ini
C:\WINDOWS\system32\kjurrcyp.ini
C:\WINDOWS\system32\kksarspd.ini
C:\WINDOWS\system32\kkxwgaln.ini
C:\WINDOWS\system32\ksakjtwa.ini
C:\WINDOWS\system32\leauowno.ini
C:\WINDOWS\system32\lrcsqqdw.ini
C:\WINDOWS\system32\mglsxpxt.ini
C:\WINDOWS\system32\nrhotfau.ini
C:\WINDOWS\system32\oupvkhwv.ini
C:\WINDOWS\system32\phcvleti.ini
C:\WINDOWS\system32\rbklmfpk.ini
C:\WINDOWS\system32\rlgctqbj.ini
C:\WINDOWS\system32\rpmamttr.ini
C:\WINDOWS\system32\spupdsvc.inf
C:\WINDOWS\system32\sxfgujrq.ini
C:\WINDOWS\system32\sxnfrdsf.ini
C:\WINDOWS\system32\tdpttied.ini
C:\WINDOWS\system32\tjbwpykc.ini
C:\WINDOWS\system32\ufkryygp.ini
C:\WINDOWS\system32\upvwritr.ini
C:\WINDOWS\system32\wrkvjink.ini
C:\WINDOWS\system32\vskjqgan.ini
C:\WINDOWS\system32\wsmsqcqj.ini
C:\WINDOWS\system32\xdqnhluc.ini
C:\WINDOWS\system32\xvkifgvh.ini
C:\WINDOWS\system32\yfdwqlff.ini
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-15 to 2008-10-15 )))))))))))))))))
.
2008-10-14 20:14 . 2008-10-14 20:14 <KANSIO> d----c--- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-10-14 20:13 . 2008-10-14 20:15 <KANSIO> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 20:13 . 2008-10-14 20:13 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 20:13 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 20:13 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 00:33 . 2008-10-13 00:41 <KANSIO> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-12 22:00 . 2008-10-12 22:00 <KANSIO> d----c--- C:\VundoFix Backups
2008-10-12 02:08 . 2008-10-12 02:08 268 --ah-c--- C:\sqmdata14.sqm
2008-10-12 02:08 . 2008-10-12 02:08 244 --ah-c--- C:\sqmnoopt14.sqm
2008-09-28 14:20 . 2008-10-15 18:17 13,402,144 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-28 14:20 . 2008-10-14 23:51 160,112 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-28 13:46 . 2008-07-09 09:05 75,248 --a--c--- C:\WINDOWS\zllsputility.exe
2008-09-28 13:43 . 2008-09-30 13:43 <KANSIO> d----c--- C:\WINDOWS\system32\ZoneLabs
2008-09-28 13:43 . 2008-07-09 09:05 1,086,952 --a--c--- C:\WINDOWS\system32\zpeng24.dll
2008-09-28 13:43 . 2008-10-15 18:03 352,917 --a--c--- C:\WINDOWS\system32\vsconfig.xml
2008-09-28 11:32 . 2008-09-28 13:51 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Norton
2008-09-28 11:28 . 2008-09-28 11:28 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-27 14:37 . 2008-09-27 14:37 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Application Data\Logitech
2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-09-27 14:36 . 2007-04-19 19:19 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Työpöytä
2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Suosikit
2008-09-27 14:36 . 2008-09-27 14:38 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Omat tiedostot
2008-09-27 14:36 . 2007-04-19 19:16 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Mallit
2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Application Data\PC Suite
2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> d----c--- C:\Documents and Settings\Vieras
2008-09-27 00:23 . 2008-10-13 20:48 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-09-27 00:23 . 2008-09-27 00:23 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-09-26 21:00 . 2008-09-26 21:00 268 --ah-c--- C:\sqmdata13.sqm
2008-09-26 21:00 . 2008-09-26 21:00 244 --ah-c--- C:\sqmnoopt13.sqm
2008-09-26 00:04 . 2008-09-26 00:04 268 --ah-c--- C:\sqmdata12.sqm
2008-09-26 00:04 . 2008-09-26 00:04 244 --ah-c--- C:\sqmnoopt12.sqm
2008-09-22 15:07 . 2008-09-22 15:06 410,976 --a--c--- C:\WINDOWS\system32\deploytk.dll
2008-09-17 16:16 . 2008-09-17 16:16 549,159 -rahsc--- C:\Program Files\Norton2009Reset.exe
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 13:34 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Azureus
2008-10-13 17:46 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-10-12 17:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-11 23:10 2,190,620 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-11 22:14 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-10-11 21:52 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-10-11 20:16 --------- dc----w C:\Program Files\MagicISO
2008-10-09 17:54 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Ahead
2008-10-05 16:17 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Vso
2008-10-05 16:11 --------- dc----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-09-30 10:40 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 12:06 --------- dc----w C:\Program Files\Java
2008-09-21 19:47 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\IMVU
2008-09-12 21:12 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-09-12 21:02 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\skypePM
2008-09-12 17:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\mIRC
2008-09-08 19:59 --------- dc-h--w C:\Program Files\Zero G Registry
2008-09-06 09:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\PC Suite
2008-09-05 13:33 --------- dc----w C:\Program Files\Common Files\Corel
2008-09-05 13:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-05 13:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Corel
2008-09-05 13:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Corel
2008-08-22 18:19 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Brainwave
2008-08-17 18:16 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-08-17 14:06 --------- dc----w C:\Program Files\Winamp Toolbar
2008-08-17 14:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-07-18 19:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-05-04 06:54 1,940 -c--a-w C:\Documents and Settings\Omistaja\Application Data\lebendig.reg
2008-04-16 11:58 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-25 13:53 47,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-14_22.27.24,03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-15 15:03:02 16,384 -c--atw C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]
"CursorXP"="I:\Ohjelmat\CursorsXP\CursorXP.exe" [2005-01-19 128000]
"PC Suite Tray"="I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"Google Update"="C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [2005-09-14 65536]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-22 144792]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"ZoneAlarm Client"="I:\Program Files\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15360]
"Nokia.PCSync"="I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Logitech SetPoint.lnk - I:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-10-08 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lenxiy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--------- 2007-07-23 13:55 341232 I:\Program Files\Ulead Videostudio\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"I:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"i:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"I:\\Program Files\\Azureus\\Azureus.exe"=
"I:\\Program Files\\Valve\\Steam\\SteamApps\\jalok1ves\\counter-strike\\hl.exe"=
"I:\\Program Files\\mIRC\\mirc.exe"=
"I:\\Ohjelmat\\Dc++\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-22 147456]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-15 14336]
R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2007-10-10 34848]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 820133]
S1 AMTBDA_P861F;anysee Capture Service;C:\WINDOWS\system32\DRIVERS\anyseeTU.SYS [ ]
S2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db15e3ef-ff56-11dc-a74d-000feacc5edd}]
\Shell\AutoRun\command - N:\InstallTomTomHOME.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job
- I:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-10-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-14 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:24]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 18:17:02
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
Valmistumisajankohta: 2008-10-15 18:18:23
ComboFix-quarantined-files.txt 2008-10-15 15:18:19
ComboFix2.txt 2008-10-14 19:28:14
Ennen ajoa: 3 151 024 128 tavua vapaana
Ajon jälkeen: 3,130,068,992 tavua vapaana
294 --- E O F --- 2008-09-09 21:33:02
HJT-loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:52, on 15.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
I:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Ohjelmat\CursorsXP\CursorXP.exe
C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79919086
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] I:\Ohjelmat\CursorsXP\CursorXP.exe
O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lenxiy.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - I:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8476 bytes
|
|
