AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
tiistai 10.6.2025 / 11:23
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > kone hidas mese viruksen jäljiltä
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
kone hidas mese viruksen jäljiltä
  Siirry:
 
Kirjoittaja Viesti
heinuri1
Newbie
_ 		2. kesäkuuta 2008 @ 22:11 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Eli sain jollain tavoin viruksen ehkä pois kun nyt netti toimii, jotenkin, mutta silti kone huomattavasti normaalia hitaampi. Ajoin compo fixillä koneen ja seuraavanlainen logi seurasi. Mitä näistä pitää poistaa?


.

C:\WINDOWS\BM2bd07b2b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbjxvnej.ini
C:\WINDOWS\system32\ddccyyvu.dll
C:\WINDOWS\system32\dskyhwhr.dll
C:\WINDOWS\system32\efcDVppp.dll
C:\WINDOWS\system32\fccyxuUo.dll
C:\WINDOWS\system32\ijuhypsj.ini
C:\WINDOWS\system32\jkkKedcy.dll
C:\WINDOWS\system32\jspyhuji.dll
C:\WINDOWS\system32\kltdmyni.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\myfhrqfh.dll
C:\WINDOWS\system32\opnLedeB.dll
C:\WINDOWS\system32\opnmkhHA.dll
C:\WINDOWS\system32\sAcKmnpo.ini
C:\WINDOWS\system32\sAcKmnpo.ini2
C:\WINDOWS\system32\tivxnemc.dll
C:\WINDOWS\system32\usoiwsmx.ini
C:\WINDOWS\system32\xgaeojph.dll
C:\WINDOWS\system32\xmswiosu.dll
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-02 20:27 . 2008-06-02 21:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 20:27 . 2008-06-02 21:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-02 19:12 . 2008-06-02 19:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-01 22:39 . 2008-06-01 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-01 21:31 . 2008-06-02 18:54 93,184 --------- C:\WINDOWS\is154890.exe
2008-05-29 23:08 . 2008-05-29 23:08 86,340 --a------ C:\profile.com
2008-05-29 22:03 . 2008-05-30 00:38 96,768 --------- C:\is15480.exe
2008-05-29 20:18 . 2008-05-29 20:18 86,340 --a------ C:\img.com
2008-05-29 17:03 . 2008-05-29 18:13 56,832 --a------ C:\fa.com
2008-05-29 04:39 . 2008-05-29 04:39 40,960 --a------ C:\d.MSNFix
2008-05-28 23:47 . 2008-05-28 23:47 214,528 --a------ C:\vundoFIX.exe
2008-05-28 20:10 . 2008-05-28 20:10 56,832 --a------ C:\sxy1.com
2008-05-28 15:49 . 2008-05-28 15:49 3,770 --a------ C:\WINDOWS\system32\ybmurgor.dll
2008-05-28 01:38 . 2008-06-02 18:00 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
2008-05-28 01:08 . 2008-05-28 01:08 370,688 --a------ C:\WINDOWS\system32\opnmKcAs.dll
2008-05-28 01:03 . 2008-05-29 21:35 96,768 --------- C:\is154890.exe
2008-05-28 00:33 . 1999-11-10 11:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-05-28 00:33 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-05-28 00:32 . 2008-05-28 00:33 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-28 00:32 . 2008-05-28 01:33 <DIR> d-------- C:\Program Files\QuickTime
2008-05-28 00:32 . 2008-05-28 01:31 <DIR> d-------- C:\Program Files\Longman iBT
2008-05-28 00:32 . 2008-05-28 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-27 22:53 . 2008-05-28 06:30 56,832 --a------ C:\sexy.com
2008-05-27 19:30 . 2008-05-27 19:30 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-25 16:58 . 2008-05-25 16:58 1,409 --a------ C:\WINDOWS\system32\tmpE1A59.FOT
2008-05-25 16:58 . 2008-05-25 16:58 1,409 --a------ C:\WINDOWS\system32\tmpC6A59.FOT
2008-05-25 16:58 . 2008-05-25 16:58 1,409 --a------ C:\WINDOWS\system32\tmpAAA59.FOT
2008-05-22 20:53 . 2008-05-28 01:08 <DIR> d-------- C:\Program Files\PowerISO
2008-05-22 05:37 . 2008-05-22 21:14 <DIR> d-------- C:\Program Files\AskTBar
2008-05-21 22:50 . 2008-05-21 22:51 <DIR> d-------- C:\Program Files\MagicDisc
2008-05-21 22:50 . 2008-02-18 17:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-05-21 17:06 . 2008-05-21 17:06 50 --a------ C:\WINDOWS\cdplayer.ini
2008-05-21 17:04 . 2006-05-31 20:26 7 --------- C:\M-HTOEFL.MS
2008-05-21 06:37 . 2008-05-23 05:24 <DIR> d-------- C:\Program Files\ETS TOEFL Guide
2008-05-21 06:23 . 2008-05-21 06:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-21 06:20 . 2008-05-21 06:20 <DIR> d-------- C:\Documents and Settings\Antti Karppinen\Application Data\DAEMON Tools
2008-05-21 06:20 . 2008-05-21 06:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-20 23:42 . 2008-05-20 23:42 <DIR> d-------- C:\Program Files\MagicISO
2008-05-09 21:57 . 2008-05-13 12:02 <DIR> d-------- C:\Program Files\Kap.TOEFL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 15:12 --------- d-----w C:\Program Files\Windows Live
2008-06-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\NPF
2008-05-28 20:47 214,528 ----a-w C:\vundoFIX.exe
2008-05-27 22:40 --------- d-----w C:\Documents and Settings\Antti Karppinen\Application Data\uTorrent
2008-05-22 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 16:49 --------- d-----w C:\Program Files\Ahead
2008-05-21 18:14 --------- d-----w C:\Program Files\uTorrent
2008-04-22 19:03 --------- d-----w C:\Documents and Settings\Antti Karppinen\Application Data\dvdcss
2008-04-11 07:41 --------- d-----w C:\Program Files\Java
2008-04-04 07:26 --------- d-----w C:\Program Files\YouTube Downloader
2007-02-18 17:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B19287C4-F9BB-41F0-B144-5E8E6D41FEF4}]
2008-05-28 01:08 370688 --a------ C:\WINDOWS\system32\opnmKcAs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-05 17:46 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 06:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 21:29 35328]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-04 21:35 1838592]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"Windows UDP Control"="winudspm.exe" [2008-05-27 19:30 56832 C:\WINDOWS\winudspm.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-28 00:33 77824]
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15:00 15360]

C:\Documents and Settings\Antti Karppinen\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-05-21 22:50:17 546816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-19 23:27:41 438272]
NPF Messenger.lnk - C:\Program Files\Norman\NPF\NPFMSG.EXE [2007-02-16 21:43:23 290865]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 23:24:38 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-03-19 14:04 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9048:TCP"= 9048:TCP:BitComet 9048 TCP
"9048:UDP"= 9048:UDP:BitComet 9048 UDP

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 11:18]
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 17:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 18:01]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 16:22]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 23:01]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 00:38]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 21:22:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Norman\npm\bin\elogsvc.exe
C:\Norman\npm\bin\Zanda.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\AstSrv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Norman\NVC\Bin\Nip.exe
C:\Program Files\Norman\NPF\npfsvice.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Norman\npm\bin\Njeeves.exe
C:\Norman\NVC\Bin\CClaw.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-02 21:42:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 18:42:08

Pre-Run: 26,396,282,880 bytes free
Post-Run: 27,194,957,824 bytes free

206 --- E O F --- 2008-05-27 18:35:21
[ + lainaa]
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > kone hidas mese viruksen jäljiltä
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy