|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
HijackThis lokitarkistettavaksi :)
|
|
|
Nametuss
Suspended due to non-functional email address
|
24. helmikuuta 2009 @ 10:40 |
Linkki tähän viestiin
|
ei varsinaisia ongelmia mutta ajattelin jos jotain "kriittistä" siltikin joku tuos näkisi tai huomaisi :P
Logfile of HijackThis v1.99.1
Scan saved at 10:37:36, on 24.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\TheNameless\Työpöytä\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {0A6469C6-BD05-46E3-8414-14F9F45B983F} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1235377740484
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: hgGayxWn - hgGayxWn.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
|
|
Hujo
Suspended permanently
|
24. helmikuuta 2009 @ 12:59 |
Linkki tähän viestiin
|
|
Poista lisää poista sovelutuksesta
Ask Toolbar <-- mikä sanookin noin
Poista kansio vikasiedossa
C:\Program Files\AskTBar
============
Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ?all Files? ja tallenna se Poisto.bat. nimisenä
työpöydällesi.
@echo off
sc stop AntiVirScheduler
sc delete AntiVirScheduler
sc stop AntiVirService
sc delete AntiVirService
Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
=========
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0A6469C6-BD05-46E3-8414-14F9F45B983F} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - Winlogon Notify: hgGayxWn - hgGayxWn.dll (file missing)
===========
sammuta käynnistä
Voiko tietsikka koskaan toimia?
|
|
Nametuss
Suspended due to non-functional email address
|
5. maaliskuuta 2009 @ 23:25 |
Linkki tähän viestiin
|
Tere jälleen kerran :) Päivitin Firefoxin mutta päivityksen jälkeen firefoxi ei enää suostunut avautumaan joten norton ei löydä mitään matosia koneelta joten aattelin laittaa uuden loki tutkittavaksi ja ajattelin samalla kysyin että mikäs on menny perseelle tuossa päivityksessä. Poistin koko firefoxin mutta kun yritin ladata uudestaan niin lataa puoleen väliin tuon setupin ja sen jälkeen "kaatuu".
Logfile of HijackThis v1.99.1
Scan saved at 23:17:48, on 5.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\TheNameless\Työpöytä\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1235377740484
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
|
|
Hujo
Suspended permanently
|
6. maaliskuuta 2009 @ 00:59 |
Linkki tähän viestiin
|
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
=============
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
Voiko tietsikka koskaan toimia?
|
|
Nametuss
Suspended due to non-functional email address
|
6. maaliskuuta 2009 @ 12:00 |
Linkki tähän viestiin
|
|
Eipä löytynyt mitään vieläkin ihmettelen miksen voi ladata mitään exe-tiedostoja. En voi päivittää esim. windowsia tai mitään muutakaan ohjelmaa.
Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1810
Windows 5.1.2600 Service Pack 3
6.3.2009 11:53:36
mbam-log-2009-03-06 (11-53-36).txt
Tarkistustyyppi: Täysi tarkistus (C:\|E:\|F:\|)
Tarkistetut kohteet: 166777
Kulunut aika: 1 hour(s), 0 minute(s), 5 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
|
|
Hujo
Suspended permanently
|
6. maaliskuuta 2009 @ 12:09 |
Linkki tähän viestiin
|
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2
Älä asenna palautus Consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
============
Päivitä Malwarebytes' Anti-Malware ei tarvii ajaa
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 6. maaliskuuta 2009 @ 12:10
|
|
Mainos
|
|
|
|
Nametuss
Suspended due to non-functional email address
|
6. maaliskuuta 2009 @ 12:59 |
Linkki tähän viestiin
|
Tuossa olisi Combon loki:
ComboFix 09-03-04.01 - TheNameless 2009-03-06 12:50:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1983.1130 [GMT 2:00]
Sijainti: c:\documents and settings\TheNameless\Työpöytä\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bn.dll
c:\windows\system32\fcvsmuny.ini
c:\windows\system32\fholmacj.ini
c:\windows\system32\lmoYFfhk.ini
c:\windows\system32\lmoYFfhk.ini2
c:\windows\system32\qaukktiq.ini
c:\windows\system32\rsxqarvb.ini
c:\windows\system32\sntpdgsy.ini
F:\Autorun.inf
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-06 to 2009-03-06 )))))))))))))))))
.
2009-03-05 23:04 . 2009-03-05 23:04 22,784 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-04 10:35 . 2009-03-04 10:35 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\Media Player Classic
2009-03-01 10:59 . 2009-03-01 10:59 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-03-01 10:59 . 2009-03-01 10:59 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-03-01 10:59 . 2008-12-11 14:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-02-28 12:02 . 2009-02-28 12:02 <KANSIO> d-------- c:\program files\Nero
2009-02-28 11:52 . 2009-02-28 11:52 0 --a------ c:\windows\Irremote.ini
2009-02-25 18:33 . 2009-02-25 18:33 <KANSIO> d-------- c:\program files\NeroInstall.bak
2009-02-25 06:55 . 2009-02-25 06:55 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 06:55 . 2009-02-25 06:55 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\Malwarebytes
2009-02-25 06:55 . 2009-02-25 06:55 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 06:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 06:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 05:28 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 11:31 . 2009-02-24 11:31 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\DivX
2009-02-24 10:37 . 2009-02-24 10:37 584 --a------ C:\Pikakuvake HijackThis.lnk
2009-02-23 23:44 . 2009-02-23 23:44 <KANSIO> d-------- c:\program files\DAEMON Tools Lite
2009-02-23 23:44 . 2009-02-23 23:44 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\DAEMON Tools Pro
2009-02-23 23:44 . 2009-02-23 23:44 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\DAEMON Tools
2009-02-23 23:36 . 2009-02-23 23:36 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\DAEMON Tools Lite
2009-02-23 20:23 . 2009-02-23 20:23 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\Sports Interactive
2009-02-23 20:22 . 2009-02-23 20:22 268 --ah----- C:\sqmdata16.sqm
2009-02-23 20:22 . 2009-02-23 20:22 244 --ah----- C:\sqmnoopt16.sqm
2009-02-23 19:33 . 2009-03-06 12:50 <KANSIO> d-------- c:\windows\system32\CatRoot2
2009-02-23 19:21 . 2009-02-23 19:21 268 --ah----- C:\sqmdata15.sqm
2009-02-23 19:21 . 2009-02-23 19:21 244 --ah----- C:\sqmnoopt15.sqm
2009-02-23 19:16 . 2009-02-23 19:16 268 --ah----- C:\sqmdata14.sqm
2009-02-23 19:16 . 2009-02-23 19:16 244 --ah----- C:\sqmnoopt14.sqm
2009-02-23 13:50 . 2009-02-23 13:50 268 --ah----- C:\sqmdata13.sqm
2009-02-23 13:50 . 2009-02-23 13:50 244 --ah----- C:\sqmnoopt13.sqm
2009-02-23 13:34 . 2009-02-23 13:34 268 --ah----- C:\sqmdata12.sqm
2009-02-23 13:34 . 2009-02-23 13:34 244 --ah----- C:\sqmnoopt12.sqm
2009-02-23 13:13 . 2009-02-23 17:24 <KANSIO> d-------- c:\documents and settings\TheNameless\Contacts
2009-02-23 12:40 . 2008-10-16 03:01 1,498,624 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-02-23 12:40 . 2008-10-16 03:01 619,008 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-02-23 12:40 . 2008-06-14 19:34 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-23 12:39 . 2008-08-14 15:25 2,191,488 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-23 12:39 . 2008-08-14 15:25 2,147,840 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-23 12:39 . 2008-08-14 15:25 2,068,352 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-23 12:39 . 2008-08-14 15:24 2,026,496 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-23 12:39 . 2008-09-15 17:27 1,846,656 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-23 12:37 . 2008-04-11 21:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-23 12:37 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-23 12:37 . 2008-12-11 12:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-23 12:37 . 2008-05-08 16:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-23 12:34 . 2008-10-15 18:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-23 12:22 . 2009-02-24 11:33 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\Nokia
2009-02-23 12:22 . 2009-02-23 12:22 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\Jasc Software Inc
2009-02-23 12:20 . 2009-02-23 12:20 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\skypePM
2009-02-23 12:19 . 2009-02-23 12:21 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\Skype
2009-02-23 12:18 . 2009-02-23 12:18 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\vlc
2009-02-23 12:10 . 2008-02-28 13:26 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2009-02-23 12:10 . 2008-02-28 13:01 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2009-02-23 11:59 . 2009-02-23 11:59 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\TuneUp Software
2009-02-23 11:55 . 2009-02-23 12:05 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\Winamp
2009-02-23 11:01 . 2009-03-05 22:43 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\uTorrent
2009-02-23 10:27 . 2009-02-23 10:27 <KANSIO> d---s---- c:\documents and settings\TheNameless\UserData
2009-02-23 10:22 . 2009-03-06 10:30 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\mIRC
2009-02-23 10:20 . 2009-02-24 00:30 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\PC Suite
2009-02-23 10:16 . 2009-02-23 10:16 <KANSIO> d-------- c:\documents and settings\TheNameless\Application Data\Nero
2009-02-23 10:15 . 2008-06-30 23:23 <KANSIO> d--h----- c:\documents and settings\TheNameless\Verkkoympäristö
2009-02-23 10:15 . 2009-03-06 12:45 <KANSIO> d-------- c:\documents and settings\TheNameless\Työpöytä
2009-02-23 10:15 . 2008-06-30 23:23 <KANSIO> d--h----- c:\documents and settings\TheNameless\Tulostinympäristö
2009-02-23 10:15 . 2009-02-23 20:44 <KANSIO> dr------- c:\documents and settings\TheNameless\Suosikit
2009-02-23 10:15 . 2009-02-26 18:50 <KANSIO> dr------- c:\documents and settings\TheNameless\Omat tiedostot
2009-02-23 10:15 . 2009-02-23 09:48 <KANSIO> d--h----- c:\documents and settings\TheNameless\Mallit
2009-02-23 10:15 . 2009-02-23 11:01 <KANSIO> dr------- c:\documents and settings\TheNameless\Käynnistä-valikko
2009-02-23 10:15 . 2009-03-03 19:46 <KANSIO> d-------- c:\documents and settings\TheNameless
2009-02-23 10:09 . 2006-03-02 14:00 10,129,408 --a--c--- c:\windows\system32\dllcache\hwxkor.dll
2009-02-23 10:08 . 2006-03-02 14:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2009-02-23 10:06 . 2006-03-02 14:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-02-23 10:06 . 2009-03-06 00:15 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-23 10:06 . 2009-03-06 00:15 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-23 10:06 . 2009-03-06 00:15 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-23 10:06 . 2009-03-06 00:15 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-23 10:06 . 2009-02-23 10:06 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-23 09:48 . 2006-03-02 14:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-02-23 09:48 . 2006-03-02 14:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2009-02-23 09:48 . 2006-03-02 14:00 14,573 -ra------ c:\windows\SETE0.tmp
2009-02-23 09:48 . 2006-03-02 14:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-02-23 09:48 . 2006-03-02 14:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2009-02-23 09:48 . 2009-03-06 10:29 1,355 --a------ c:\windows\imsins.BAK
2009-02-23 09:47 . 2006-03-02 14:00 1,086,058 -ra------ c:\windows\SETA9.tmp
2009-02-23 09:47 . 2006-03-02 14:00 1,014,139 -ra------ c:\windows\SETA6.tmp
2009-02-23 09:47 . 2006-03-02 14:00 809,684 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2009-02-23 09:47 . 2006-03-02 14:00 399,670 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2009-02-23 09:47 . 2006-03-02 14:00 37,509 --a--c--- c:\windows\system32\dllcache\MW770.CAT
2009-02-23 09:47 . 2006-03-02 14:00 14,043 -ra------ c:\windows\SETB5.tmp
2009-02-23 09:47 . 2006-03-02 14:00 13,497 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT
2009-02-23 09:47 . 2006-03-02 14:00 8,599 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT
2009-02-23 09:47 . 2006-03-02 14:00 7,407 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT
2009-02-22 01:40 . 2009-02-22 13:39 21,308 --a------ c:\windows\setupapi.old
2009-02-21 22:09 . 2009-02-21 22:09 <KANSIO> d-------- c:\program files\Eastside UK
2009-02-21 17:04 . 2009-02-21 17:04 2,560 --a------ c:\windows\Runservice.exe
2009-02-18 20:05 . 2009-02-18 20:05 <KANSIO> d-------- c:\program files\EA Sports
2009-02-15 12:34 . 2009-02-15 12:34 <KANSIO> d-------- c:\windows\system32\VIRepair
2009-02-15 12:20 . 2009-02-15 12:20 76,214 --a------ c:\windows\Icon_2.ico
2009-02-12 19:33 . 2009-02-12 19:33 <KANSIO> dr------- c:\program files\Skype
2009-02-12 19:33 . 2009-02-12 19:33 <KANSIO> d-------- c:\program files\Common Files\Skype
2009-02-12 16:53 . 2009-02-12 16:53 <KANSIO> d-------- c:\documents and settings\LocalService\Työpöytä
2009-02-12 16:16 . 2009-02-21 17:21 <KANSIO> d-------- c:\program files\VSO
2009-02-12 16:16 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2009-02-12 16:16 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2009-02-12 16:16 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2009-02-12 16:16 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2009-02-12 16:16 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2009-02-12 16:16 . 2009-02-12 16:16 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-02-12 12:34 . 2009-02-12 12:34 <KANSIO> d-------- c:\program files\K-Lite Codec Pack
2009-02-12 12:34 . 2008-11-06 18:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-02-12 12:34 . 2008-09-24 20:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-02-12 12:34 . 2004-01-25 18:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-02-12 12:34 . 2008-12-11 02:33 86,016 --a------ c:\windows\system32\dpl100.dll
2009-02-12 12:34 . 2008-12-08 13:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-02-12 12:34 . 2007-07-10 18:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-12 12:34 . 2008-10-03 14:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-02-11 18:10 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2009-02-11 18:04 . 2009-02-11 18:10 <KANSIO> d-------- c:\windows\system32\XPSViewer
2009-02-11 18:04 . 2009-02-11 18:04 <KANSIO> d-------- c:\program files\Reference Assemblies
2009-02-11 18:04 . 2009-02-11 18:04 <KANSIO> d-------- c:\program files\MSBuild
2009-02-11 18:04 . 2008-07-06 14:06 1,676,288 --a------ c:\windows\system32\xpssvcs.dll
2009-02-11 18:04 . 2008-07-06 14:06 575,488 --a------ c:\windows\system32\xpsshhdr.dll
2009-02-11 18:04 . 2008-07-06 14:06 117,760 --a------ c:\windows\system32\prntvpt.dll
2009-02-11 00:50 . 2009-02-11 00:50 268 --ah----- C:\sqmdata11.sqm
2009-02-11 00:50 . 2009-02-11 00:50 244 --ah----- C:\sqmnoopt11.sqm
2009-02-11 00:42 . 2009-02-16 20:16 <KANSIO> d-------- c:\program files\WinFlip
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 08:59 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-28 10:04 --------- d-----w c:\program files\Common Files\Nero
2009-02-28 10:02 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-02-24 21:19 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-23 22:19 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-23 21:36 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-23 10:18 --------- d-----w c:\documents and settings\TheNameless\Application Data\vlc
2009-02-23 09:10 --------- d-----w c:\program files\uTorrent
2009-02-21 15:21 --------- d-----w c:\program files\VSO
2009-02-16 18:51 --------- d-----w c:\program files\Axara
2009-02-12 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-11 16:18 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-10 22:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-02 09:35 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-02 08:43 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-02 08:43 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-02 08:43 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-02 08:43 --------- d-----w c:\program files\Symantec
2009-02-02 08:42 --------- d-----w c:\program files\Windows Sidebar
2009-02-02 08:42 --------- d-----w c:\program files\Norton Internet Security
2009-02-02 08:42 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-01 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-01-28 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-28 08:29 --------- d-----w c:\program files\Sports Interactive
2009-01-27 22:20 --------- d-----w c:\program files\Sim File Maid 2
2009-01-27 22:20 --------- d-----w c:\program files\AVIcodec
2009-01-23 17:37 --------- d-----w c:\program files\Nokia
2009-01-23 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-01-23 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-23 17:36 --------- d-----w c:\program files\Common Files\Nokia
2009-01-23 13:22 --------- d-----w c:\program files\Common Files\DirectX
2009-01-23 08:02 --------- d-----w c:\program files\Aspyr Media, Inc
2009-01-19 22:35 --------- d-----w c:\program files\EA GAMES
2009-01-16 22:18 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-16 22:18 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-16 12:41 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-16 08:02 --------- d-----w c:\program files\Java
2009-01-15 06:50 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-15 06:49 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-08 19:05 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-08 05:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-07 22:14 --------- d-----w c:\program files\SlySoft
2009-01-07 20:35 --------- d-----w c:\program files\Elaborate Bytes
2009-01-07 20:12 --------- d-----w c:\program files\Traction Software
2008-09-17 13:16 549,159 --sha-r c:\program files\Norton2009Reset.exe
2008-06-30 11:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"SkyTel"="SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-02 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-02-02 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090303.001\IDSxpx86.sys [2009-03-04 276344]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-02-21 2560]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-02 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-01 603904]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-23 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-23 8320]
S3 StickCap;Digital TV DVB-T USB Stick adapter service;c:\windows\system32\Drivers\stickcap.sys --> c:\windows\system32\Drivers\stickcap.sys [?]
S3 stickload;Digital TV stick firmware loader service;c:\windows\system32\DRIVERS\stickload.sys --> c:\windows\system32\DRIVERS\stickload.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Täydentävä tarkistus -------
.
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: live.com\safety
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
FF - ProfilePath - c:\documents and settings\TheNameless\Application Data\Mozilla\Firefox\Profiles\jakynvwr.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 12:53:09
Windows 5.1.2600 Service Pack 3 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:68,72,c9,10,9a,ad,02,87
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,e1,af,a1,62,ac,13,f7,4b,e6,59,dd,a2,d7,4f,7f,25
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\???|’’’’"??|ž»Ów�*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-03-06 12:55:01 - kone käynnistettiin uudelleen [TheNameless]
ComboFix-quarantined-files.txt 2009-03-06 10:54:58
Ennen ajoa: 13,256,523,776 tavua vapaana
Ajon jälkeen: 14,555,234,304 tavua vapaana
Current=3 Default=3 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
351 --- E O F --- 2009-02-26 01:01:13
|
|
