|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
windows live messenger viirus
|
|
|
sampsaa
Suspended due to non-functional email address
|
30. toukokuuta 2008 @ 08:37 |
Linkki tähän viestiin
|
voisko joku auttaa mua, kun mulla on tää windows live messenger viirus? se sanoo kavereille et ''moi, onko tämä sinun kuvasi'' sitte joku linkki peräs. ja hijackthis sanoo;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:56, on 30.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\sami\steam.exe
D:\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\service.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\sami\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 10611 bytes
että voisko joku kiltti ihminen auttaa mua? =/
|
|
sampsaa
Suspended due to non-functional email address
|
30. toukokuuta 2008 @ 14:41 |
Linkki tähän viestiin
|
|
Auttakaa mua pliis, en osaa yhtään näit virushommeleita ja mun mutsi on ihan kilenä =(
|
|
sampsaa
Suspended due to non-functional email address
|
30. toukokuuta 2008 @ 14:52 |
Linkki tähän viestiin
|
|
Ku koitan avaa ton combofix nii se sanoo et ''C:/Documents and Settings/käyttäjä/Työpöytä/combofix.exe ei ole kelvollinen win32-sovellus.
|
|
sampsaa
Suspended due to non-functional email address
|
30. toukokuuta 2008 @ 15:22 |
Linkki tähän viestiin
|
tos ois combofix;
ComboFix 08-05-29.1 - Sirpa Toroi 2008-05-30 15:05:39.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.154 [GMT 3:00]
Running from: C:\Documents and Settings\Sirpa Toroi\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sirpa Toroi\Työpöytä\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\winudspm.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 02_52_39 PM_281.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_07_52 PM_312.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_18_51 PM_390.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_43_30 PM_734.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_48_13 PM_031.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 04_11_33 PM_671.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 05_09_53 PM_093.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 07_24_40 PM_312.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 10_34_28 PM_015.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 11_18_37 PM_000.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 09 - 01_54_00 PM_812.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 06_15_01 PM_703.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 06_35_18 PM_500.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 08_52_03 PM_187.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 09_07_27 PM_828.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 10_08_39 PM_984.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 10 - 11_28_11 AM_796.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 08_05_43 PM_750.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 09_39_36 PM_281.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 11_21_53 AM_921.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 02_52_39 PM_578.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 04_06_21 PM_281.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 05_24_52 PM_828.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 07_31_37 PM_906.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 08_08_31 AM_171.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 02_08_16 PM_750.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 04_19_00 PM_203.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 07_54_35 PM_828.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 14 - 01_16_01 PM_750.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\rs.dat
C:\setup.exe
C:\WINDOWS\service.exe
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
C:\WINDOWS\winudspm.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-30 )))))))))))))))))
.
2008-05-30 14:05 . 2008-05-30 14:11 60,132 --a------ C:\dci.exe
2008-05-30 08:26 . 2008-05-30 08:26 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-30 00:04 . 2008-05-30 00:04 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-05-30 00:02 . 2008-05-30 00:02 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2008-05-29 21:47 . 2008-05-29 21:47 <KANSIO> d--hs---- C:\FOUND.001
2008-05-29 15:13 . 2008-05-29 15:13 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-29 15:12 . 2008-05-29 15:12 <KANSIO> dr-h----- C:\Documents and Settings\Sirpa Toroi\Application Data\SecuROM
2008-05-29 15:12 . 2008-05-29 15:12 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-05-29 14:35 . 2008-05-29 14:35 <KANSIO> d-------- C:\Program Files\Electronic Arts
2008-05-28 17:06 . 2008-05-28 17:06 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-28 17:05 . 2008-05-28 17:06 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\DAEMON Tools
2008-05-27 20:37 . 2008-05-27 20:37 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Incomplete
2008-05-27 20:36 . 2008-05-27 20:36 <KANSIO> d-------- C:\Program Files\AskSBar
2008-05-27 20:36 . 2008-05-27 20:36 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\FrostWire
2008-05-27 18:14 . 2008-05-27 18:14 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-05-27 17:44 . 2008-03-28 17:44 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-05-27 17:42 . 2008-05-27 17:43 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\.narya
2008-05-27 17:33 . 2008-05-27 17:33 <KANSIO> d-------- C:\Program Files\Three Rings Design
2008-05-27 17:28 . 2008-05-27 17:28 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\bang
2008-05-27 16:43 . 2008-05-27 16:43 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\CyberLink
2008-05-27 14:50 . 2008-05-27 14:50 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-05-27 14:48 . 2008-05-27 14:49 <KANSIO> d-------- C:\Program Files\Sony
2008-05-27 14:44 . 2008-05-27 14:44 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-05-27 14:44 . 2008-05-27 14:44 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-27 14:41 . 2008-05-27 14:42 <KANSIO> d-------- C:\Program Files\Common Files\Sony Shared
2008-05-14 13:24 . 2008-05-14 13:24 <KANSIO> d-------- C:\Program Files\Incomplete
2008-05-14 13:22 . 2008-05-27 15:09 <KANSIO> d-------- C:\Program Files\LimeWire
2008-05-13 16:29 . 2008-05-13 16:29 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Contacts
2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 14:56 . 2008-05-12 14:56 <KANSIO> d-------- C:\WINDOWS\Sun
2008-05-12 14:56 . 2008-05-12 14:56 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2008-05-11 21:32 . 2004-09-15 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-11 15:48 . 2008-05-11 15:48 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\teamspeak2
2008-05-10 19:05 . 2008-05-10 19:05 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-05-09 23:08 . 2008-05-11 11:24 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-05-09 23:08 . 2008-05-11 11:24 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-05-09 23:08 . 2008-05-11 11:24 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-05-09 22:50 . 2008-05-09 22:50 <KANSIO> d-------- C:\Program Files\Reality Pump
2008-05-09 22:20 . 2008-05-09 22:20 <KANSIO> d-------- C:\Program Files\Eidos Interactive
2008-05-09 22:20 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-05-09 22:05 . 2008-05-09 22:05 <KANSIO> d-------- C:\TEXCACHE
2008-05-09 21:32 . 2008-05-09 21:32 <KANSIO> d-------- C:\Program Files\CENEGA
2008-05-09 21:03 . 2008-05-09 21:04 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-05-09 20:51 . 2008-05-09 20:51 <KANSIO> d--hs---- C:\FOUND.000
2008-05-09 18:29 . 2008-05-09 18:29 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\LimeWire
2008-05-09 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 18:27 . 2008-05-09 18:27 <KANSIO> d-------- C:\Program Files\Java
2008-05-09 18:25 . 2008-05-09 18:25 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-09 14:26 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-09 14:25 . 2008-05-09 14:25 <KANSIO> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-09 14:05 . 2008-05-09 14:05 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 07:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-27 20:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2006-05-07 21:40 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2006-05-07 21:40 2050816]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-27 20:36 267592]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2006-05-07 21:40 2050816]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-27 20:36 267592]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 22:34 68856]
"Steam"="d:\sami\steam.exe" [2008-05-21 19:56 1271032]
"DAEMON Tools Lite"="D:\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="" []
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2006-05-07 21:39 1177368]
"USSShReg"="C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe" [1997-11-23 04:16 20992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Windows UDP Control"="winudspm.exe" []
"Windows svchost"="service.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 20:00 15360]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
Album Fast Start.lnk - C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE [2006-05-07 23:50:17 22016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\SAMI\\SteamApps\\figther92\\counter-strike source\\hl2.exe"=
"D:\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2006-05-07 21:40]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2006-05-07 21:39]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2006-05-07 21:39]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2006-05-07 21:40]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-30 11:17:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 15:07:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-30 15:08:11
ComboFix-quarantined-files.txt 2008-05-30 12:08:10
Pre-Run: 19,190,317,056 tavua vapaana
Post-Run: 19,262,210,048 tavua vapaana
240 --- E O F --- 2008-05-29 12:56:12
|
|
sampsaa
Suspended due to non-functional email address
|
30. toukokuuta 2008 @ 15:27 |
Linkki tähän viestiin
|
tos ois combofix;
ComboFix 08-05-29.1 - Sirpa Toroi 2008-05-30 15:05:39.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.154 [GMT 3:00]
Running from: C:\Documents and Settings\Sirpa Toroi\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sirpa Toroi\Työpöytä\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\winudspm.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 02_52_39 PM_281.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_07_52 PM_312.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_18_51 PM_390.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_43_30 PM_734.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 03_48_13 PM_031.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 04_11_33 PM_671.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 05_09_53 PM_093.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 07_24_40 PM_312.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 10_34_28 PM_015.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 08 - 11_18_37 PM_000.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2006 May 09 - 01_54_00 PM_812.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 06_15_01 PM_703.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 06_35_18 PM_500.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 08_52_03 PM_187.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 09_07_27 PM_828.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 09 - 10_08_39 PM_984.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 10 - 11_28_11 AM_796.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 08_05_43 PM_750.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 09_39_36 PM_281.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 11 - 11_21_53 AM_921.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 02_52_39 PM_578.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 04_06_21 PM_281.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 05_24_52 PM_828.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 07_31_37 PM_906.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 12 - 08_08_31 AM_171.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 02_08_16 PM_750.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 04_19_00 PM_203.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 13 - 07_54_35 PM_828.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\Log\2008 May 14 - 01_16_01 PM_750.log
C:\Documents and Settings\Sirpa Toroi\Application Data\AntispywareBot\rs.dat
C:\setup.exe
C:\WINDOWS\service.exe
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
C:\WINDOWS\winudspm.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-30 )))))))))))))))))
.
2008-05-30 14:05 . 2008-05-30 14:11 60,132 --a------ C:\dci.exe
2008-05-30 08:26 . 2008-05-30 08:26 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-30 00:04 . 2008-05-30 00:04 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-05-30 00:02 . 2008-05-30 00:02 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2008-05-29 21:47 . 2008-05-29 21:47 <KANSIO> d--hs---- C:\FOUND.001
2008-05-29 15:13 . 2008-05-29 15:13 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-29 15:12 . 2008-05-29 15:12 <KANSIO> dr-h----- C:\Documents and Settings\Sirpa Toroi\Application Data\SecuROM
2008-05-29 15:12 . 2008-05-29 15:12 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-05-29 14:35 . 2008-05-29 14:35 <KANSIO> d-------- C:\Program Files\Electronic Arts
2008-05-28 17:06 . 2008-05-28 17:06 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-28 17:05 . 2008-05-28 17:06 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\DAEMON Tools
2008-05-27 20:37 . 2008-05-27 20:37 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Incomplete
2008-05-27 20:36 . 2008-05-27 20:36 <KANSIO> d-------- C:\Program Files\AskSBar
2008-05-27 20:36 . 2008-05-27 20:36 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\FrostWire
2008-05-27 18:14 . 2008-05-27 18:14 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-05-27 17:44 . 2008-03-28 17:44 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-05-27 17:42 . 2008-05-27 17:43 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\.narya
2008-05-27 17:33 . 2008-05-27 17:33 <KANSIO> d-------- C:\Program Files\Three Rings Design
2008-05-27 17:28 . 2008-05-27 17:28 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\bang
2008-05-27 16:43 . 2008-05-27 16:43 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\CyberLink
2008-05-27 14:50 . 2008-05-27 14:50 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-05-27 14:48 . 2008-05-27 14:49 <KANSIO> d-------- C:\Program Files\Sony
2008-05-27 14:44 . 2008-05-27 14:44 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-05-27 14:44 . 2008-05-27 14:44 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-27 14:41 . 2008-05-27 14:42 <KANSIO> d-------- C:\Program Files\Common Files\Sony Shared
2008-05-14 13:24 . 2008-05-14 13:24 <KANSIO> d-------- C:\Program Files\Incomplete
2008-05-14 13:22 . 2008-05-27 15:09 <KANSIO> d-------- C:\Program Files\LimeWire
2008-05-13 16:29 . 2008-05-13 16:29 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Contacts
2008-05-12 18:03 . 2008-05-12 18:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 14:56 . 2008-05-12 14:56 <KANSIO> d-------- C:\WINDOWS\Sun
2008-05-12 14:56 . 2008-05-12 14:56 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2008-05-11 21:32 . 2004-09-15 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-11 15:48 . 2008-05-11 15:48 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\teamspeak2
2008-05-10 19:05 . 2008-05-10 19:05 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-05-09 23:08 . 2008-05-11 11:24 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-05-09 23:08 . 2008-05-11 11:24 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-05-09 23:08 . 2008-05-11 11:24 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-05-09 22:50 . 2008-05-09 22:50 <KANSIO> d-------- C:\Program Files\Reality Pump
2008-05-09 22:20 . 2008-05-09 22:20 <KANSIO> d-------- C:\Program Files\Eidos Interactive
2008-05-09 22:20 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-05-09 22:05 . 2008-05-09 22:05 <KANSIO> d-------- C:\TEXCACHE
2008-05-09 21:32 . 2008-05-09 21:32 <KANSIO> d-------- C:\Program Files\CENEGA
2008-05-09 21:03 . 2008-05-09 21:04 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-05-09 20:51 . 2008-05-09 20:51 <KANSIO> d--hs---- C:\FOUND.000
2008-05-09 18:29 . 2008-05-09 18:29 <KANSIO> d-------- C:\Documents and Settings\Sirpa Toroi\Application Data\LimeWire
2008-05-09 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 18:27 . 2008-05-09 18:27 <KANSIO> d-------- C:\Program Files\Java
2008-05-09 18:25 . 2008-05-09 18:25 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-09 14:26 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-09 14:25 . 2008-05-09 14:25 <KANSIO> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-09 14:05 . 2008-05-09 14:05 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 07:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:32 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-27 20:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2006-05-07 21:40 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2006-05-07 21:40 2050816]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-27 20:36 267592]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2006-05-07 21:40 2050816]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-27 20:36 267592]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 22:34 68856]
"Steam"="d:\sami\steam.exe" [2008-05-21 19:56 1271032]
"DAEMON Tools Lite"="D:\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="" []
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 20:00 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2006-05-07 21:39 1177368]
"USSShReg"="C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe" [1997-11-23 04:16 20992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Windows UDP Control"="winudspm.exe" []
"Windows svchost"="service.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 20:00 15360]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
Album Fast Start.lnk - C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE [2006-05-07 23:50:17 22016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\SAMI\\SteamApps\\figther92\\counter-strike source\\hl2.exe"=
"D:\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2006-05-07 21:40]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2006-05-07 21:39]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2006-05-07 21:39]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2006-05-07 21:40]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-30 11:17:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 15:07:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-30 15:08:11
ComboFix-quarantined-files.txt 2008-05-30 12:08:10
Pre-Run: 19,190,317,056 tavua vapaana
Post-Run: 19,262,210,048 tavua vapaana
240 --- E O F --- 2008-05-29 12:56:12
|
|
sampsaa
Suspended due to non-functional email address
|
30. toukokuuta 2008 @ 15:31 |
Linkki tähän viestiin
|
Joo ja tos ois sitten uunituore HJT logi..;
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\sami\steam.exe
D:\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\sami\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact\ABMTSR.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 10016 bytes
ja nyt toivon vaa et joku auttais xD
|
|
sampsaa
Suspended due to non-functional email address
|
31. toukokuuta 2008 @ 10:30 |
Linkki tähän viestiin
|
|
Voisko joku nyt auttaa ?????
|
Member
5 tuotearviota
|
31. toukokuuta 2008 @ 11:08 |
Linkki tähän viestiin
|
|
Windows kansiossa on joku service.exe poista se ja se lähtee myös pois kun vaihtaa salasanaa mesessä.
|
|
sampsaa
Suspended due to non-functional email address
|
31. toukokuuta 2008 @ 11:11 |
Linkki tähän viestiin
|
|
mul ei löydy tollasta exee...
|
Member
5 tuotearviota
|
31. toukokuuta 2008 @ 11:12 |
Linkki tähän viestiin
|
|
no vaiha salista.
|
|
Mainos
|
|
|
|
sampsaa
Suspended due to non-functional email address
|
31. toukokuuta 2008 @ 11:15 |
Linkki tähän viestiin
|
joo vaihoin jo mut palomuuri huus eilene et koneel on troijjalainen, sit tein sen combofixin ja poistin hijackthis yhen tiedoston ja enää se ei huuda, luulen et sain sen poistettuu :D ps. Kiitti avusta
|
|
