WinPatrol logi-onko kone ok

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

tiistai 11.11.2025 / 17:33

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > winpatrol logi-onko kone ok

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

WinPatrol logi-onko kone ok

Siirry:

Kirjoittaja

Viesti

samppuli

Suspended due to non-functional email address

18. marraskuuta 2007 @ 22:16

Linkki tähän viestiin

Log created by WinPatrol version 12.2.2007.0:12.2.2007.0
Scan saved at 9:41:09 PM, on 11/18/2007
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\PROGRAM FILES\Java\JRE1.6.0_03\bin\jusched.exe
C:\PROGRAM FILES\Sonera\INTERNETAVUSTAJA\bin\sprtcmd.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC]C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService]C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Sonera]C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe /P Sonera
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer]C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr]C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate]C:\Program Files\Logitech\Video\ManifestEngine.exe boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_03\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5...heckControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim) - http://fpdownload.macromedia.com/get/fla...t/ultrashim.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstal...indows-i586.cab
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Sovellusten hallinta - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HID (Human Interface Device) -liittymä - - C:\WINDOWS\System32\hidserv.dll
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - - C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16544
MSIE: Internet Explorer (7.00.6000.16544)
69 IE Cookies in Folder: C:\Documents and Settings\Sami\Cookies\

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\Bootfont.bin
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\Thumbs.db
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\default.rctemp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\default.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.rctemp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.rctemp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.rctemp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.rctemp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdifr.LOG
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\zllictbl.dat

WP33 - File Type .AVI: [Videoleike]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS-komentojonotiedosto]%1 %*
WP33 - File Type .CAB: [Cab-tiedosto]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Suojausluettelo]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Käännetty HTML Help -tiedosto]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS-sovellus]%1 %*
WP33 - File Type .CMD: [Windows NT -komentosarja]%1 %*
WP33 - File Type .DOC: [Microsoft Word -asiakirja]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Outlook Express Mail -viesti]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Sovellus]%1 %*
WP33 - File Type .INF: [Asennustiedot]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript-komentosarjatiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Tekstiasiakirja]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook-kohde]C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI-jakso]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3-ääni]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Pikakuvake MS-DOS-ohjelmalle]%1 %*
WP33 - File Type .REG: [Rekisterimerkinnät]regedit.exe %1
WP33 - File Type .REG: [Rekisterimerkinnät]regedit.exe %1
WP33 - File Type .RTF: [RTF]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .SBS: [Spyware supplemental file]C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
WP33 - File Type .SCR: [Näytönsäästäjä]%1 /S
WP33 - File Type .TXT: [Tekstiasiakirja]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet-linkki]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript-komentosarjatiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [Koodattu VBScript-komentosarjatiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows-komentosarjatiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Hostin asetustiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel -laskentataulukko]C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e

Memory currently in use: 70%
Physical Memory Free: 157,120 KB
Paging File Free: 977,244 KB
Virtual Memory Free: 2,042,068 KB

--
End of file

Ja escan löysi sit tämmöstä.

Fri Nov 16 18:43:18 2007 => ERROR!!! Invalid Entry C:\Program Files\ewido anti-malware\ewidoctrl.exe in SYSTEM\CurrentControlSet\Services\ewido security suite control...
Fri Nov 16 18:43:18 2007 => ERROR!!! Invalid Entry \??\C:\Program Files\ewido anti-malware\guard.sys in SYSTEM\CurrentControlSet\Services\ewido security suite driver...
Fri Nov 16 18:43:18 2007 => ERROR!!! Invalid Entry C:\Program Files\ewido anti-malware\ewidoguard.exe in SYSTEM\CurrentControlSet\Services\ewido security suite guard
ERROR!!! Invalid Entry system32\DRIVERS\pfc027.sys in SYSTEM\CurrentControlSet\Services\SoC PC-Camera Service...
ERROR!!! Invalid Entry system32\ZoneLabs\srescan.sys in SYSTEM\CurrentControlSet\Services\srescan...
ERROR!!! Invalid Entry in SYSTEM\CurrentControlSet\Services\vsdatant...
ERROR!!! ScanFile fails for C:\WINDOWS\SchedLgU.Txt
ERROR!!! ScanFile fails for C:\WINDOWS\wiadebug.log
ERROR!!! ScanFile fails for C:\WINDOWS\wiaservc.log
ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log
File C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

File C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. marraskuuta 2007 @ 22:27

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > winpatrol logi-onko kone ok


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.