DSS-logi tutkimista varten (sis.HJT-login)

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

keskiviikko 1.4.2026 / 21:41

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > dss-logi tutkimista varten (sis.hjt-login)

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

DSS-logi tutkimista varten (sis.HJT-login)

Siirry:

Kirjoittaja

Viesti

Hanger

Junior Member

20. kesäkuuta 2008 @ 11:59

Linkki tähän viestiin

Haluan varmistaa, että Vistan Service Pack 1 on asentunut kunnollisesti koneelleni (testi tehty kun palomuuri ja virustorjuntaohjelma ovat olleet pois päältä).

Deckard's System Scanner v20071014.68
Run by Mikko on 2008-06-20 11:48:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1022 MiB (1024 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-20 11:48:24
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Perheturva\fssui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Users\Mikko\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Perheturva\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Perheturva\fssui.exe" -autorun
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0DCFA2BF-94AD-45A9-8938-AF014F381C9F} (F-Secure Health Check 1.0) - http://support.f-secure.com/beta/hctp/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} () - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.virustorjunta.net/modules/Online_Scanner/fscax.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CDA71007-85DF-4E3C-8DE8-C2C31705504A} () - http://support.f-secure.com/ols/beta/olslauncher.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10680 bytes

-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-19 22:33:14 0 d-------- C:\Users\All Users\Avg8
2008-06-19 22:20:39 0 d-------- C:\Program Files\AVG
2008-06-18 20:16:47 0 d-------- C:\PerfLogs
2008-06-18 19:57:36 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® -käyttöjärjestelmä>
2008-06-18 19:15:21 0 d-------- C:\8204e5cc7c8500b11e27dd
2008-06-05 13:32:17 0 d-------- C:\Program Files\COMODO
2008-05-31 15:43:36 0 d-------- C:\Program Files\Alwil Software
2008-05-25 17:30:03 0 d-------- C:\Program Files\Lavasoft
2008-05-25 17:13:44 0 d-------- C:\Users\All Users\comodo

-- Find3M Report ---------------------------------------------------------------

2008-06-20 11:38:45 440918 --a------ C:\Windows\system32\perfh00B.dat
2008-06-20 11:38:45 83252 --a------ C:\Windows\system32\perfc00B.dat
2008-06-19 18:44:23 0 d-------- C:\Program Files\SpywareBlaster
2008-06-18 22:37:36 0 d-------- C:\Program Files\a-squared Free
2008-06-18 21:51:51 174 --ahs---- C:\Program Files\desktop.ini
2008-06-18 20:24:17 0 d-------- C:\Program Files\Windows Calendar
2008-06-18 20:24:16 0 d-------- C:\Program Files\Movie Maker
2008-06-18 20:24:12 0 d-------- C:\Program Files\Windows Mail
2008-06-18 20:24:09 0 d-------- C:\Program Files\Windows Sidebar
2008-06-18 20:24:04 0 d-------- C:\Program Files\Windows Collaboration
2008-06-18 20:24:01 0 d-------- C:\Program Files\Windows Journal
2008-06-18 20:23:59 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-18 20:23:40 0 d-------- C:\Program Files\Windows Defender
2008-06-16 21:07:51 0 d-------- C:\Users\Mikko\AppData\Roaming\ZoomBrowser EX
2008-06-13 21:40:24 0 d-------- C:\Users\Mikko\AppData\Roaming\OpenOffice.org2
2008-06-11 20:22:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 13:32:26 0 d-------- C:\Users\Mikko\AppData\Roaming\Comodo
2008-05-25 17:29:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 11:49:43 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-16 14:24:46 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-16 13:52:50 0 d-------- C:\Program Files\LeechFTP
2008-05-12 19:07:05 0 d-------- C:\Program Files\eMule
2008-05-12 18:57:59 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-05-12 18:07:09 0 d-------- C:\Program Files\HP
2008-05-06 12:36:56 0 d-------- C:\Program Files\Windows Live
2008-05-05 17:39:48 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-05 17:37:25 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-05 17:34:57 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 17:46:15 0 d-------- C:\Users\Mikko\AppData\Roaming\Google
2008-04-20 12:54:02 0 d-------- C:\Program Files\OpenOffice.org 2.4

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
17.12.2007 11:12 56360 --a------ C:\Program Files\Windows Live\Perheturva\fssbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18.01.2008 23:38]
"RtHDVCpl"="RtHDVCpl.exe" [23.03.2007 20:04 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [26.02.2007 20:46]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04.11.2007 12:22]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18.06.2007 16:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16]
"MSConfig"="C:\Windows\system32\msconfig.exe" [18.01.2008 23:33]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [17.12.2007 11:12]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05.06.2008 13:32]
"Skytel"="Skytel.exe" [16.03.2007 16:06 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [12.09.2007 06:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12.09.2007 06:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12.09.2007 06:28]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [16.05.2008 02:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [18.01.2008 23:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [18.11.2007 18:29:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\Windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-20 11:50:45 ------------

[ + lainaa]

Hanger

Junior Member

20. kesäkuuta 2008 @ 13:14

Linkki tähän viestiin

Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 871

13:10:49 20.6.2008
mbam-log-6-20-2008 (13-10-49).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 115052
Kulunut aika: 48 minute(s), 47 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

[ + lainaa]

Hujo

Suspended permanently

20. kesäkuuta 2008 @ 13:42

Linkki tähän viestiin

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Voiko tietsikka koskaan toimia?

Hanger

Junior Member

20. kesäkuuta 2008 @ 14:52

Linkki tähän viestiin

(Virustorjuntaohjelma ja palomuuri kytketty pois päältä)

ComboFix 08-06-19.2 - Mikko 2008-06-20 14:42:07.3 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1035.18.378 [GMT 3:00]
Running from: C:\Users\Mikko\Desktop\ComboFix.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-20 to 2008-06-20 )))))))))))))))))
.

2008-06-20 14:11 . 2008-06-20 14:41 <KANSIO> d-------- C:\327882R2FWJFW
2008-06-19 22:35 . 2008-05-16 02:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-06-19 22:33 . 2008-06-19 22:33 <KANSIO> d-------- C:\Users\All Users\Avg8
2008-06-19 22:33 . 2008-06-19 22:33 <KANSIO> d-------- C:\ProgramData\Avg8
2008-06-19 22:20 . 2008-06-19 22:20 <KANSIO> d-------- C:\Program Files\AVG
2008-06-18 20:16 . 2008-06-18 20:16 <KANSIO> d-------- C:\PerfLogs
2008-06-18 19:57 . 2008-06-18 19:15 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-06-18 19:57 . 2008-06-18 19:15 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-06-18 19:34 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-06-18 19:34 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-06-18 19:33 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-06-18 19:33 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-06-18 19:33 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-06-18 19:23 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-06-18 19:21 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-06-18 19:16 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-06-18 19:15 . 2008-06-18 19:15 <KANSIO> d-------- C:\8204e5cc7c8500b11e27dd
2008-06-18 19:15 . 2008-06-18 19:59 65,536 --a------ C:\Windows\SPInstall.etl
2008-06-14 00:36 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 00:36 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 00:36 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 00:36 . 2008-01-19 10:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 00:36 . 2008-01-19 10:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 00:36 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 14:46 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 14:46 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 14:46 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 14:46 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-05 13:32 . 2008-06-05 13:32 <KANSIO> d-------- C:\Program Files\COMODO
2008-06-05 13:32 . 2008-06-05 13:32 143,104 --a------ C:\Windows\System32\guard32.dll
2008-06-05 13:32 . 2008-06-05 13:32 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-06-05 13:32 . 2008-06-05 13:32 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-05-31 15:43 . 2008-05-31 15:43 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-05-28 13:43 . 2008-03-08 05:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 13:43 . 2008-03-08 07:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-25 17:30 . 2008-05-25 17:30 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-05-25 17:13 . 2008-06-05 17:13 <KANSIO> d-------- C:\Users\All Users\comodo
2008-05-25 17:13 . 2008-06-05 17:13 <KANSIO> d-------- C:\ProgramData\comodo

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 11:05 --------- d-----w C:\Program Files\Yahoo!
2008-06-20 09:29 --------- d-----w C:\Program Files\a-squared Free
2008-06-20 09:06 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 07:43 --------- d-----w C:\Users\Suvi\AppData\Roaming\OpenOffice.org2
2008-06-19 19:17 --------- d-----w C:\ProgramData\Avira
2008-06-19 15:57 --------- d---a-w C:\ProgramData\TEMP
2008-06-19 15:44 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-19 14:48 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-19 14:47 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-18 19:15 --------- d-----w C:\ProgramData\NVIDIA
2008-06-18 18:51 174 --sha-w C:\Program Files\desktop.ini
2008-06-18 17:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-18 17:24 --------- d-----w C:\Program Files\Windows Mail
2008-06-18 17:24 --------- d-----w C:\Program Files\Windows Journal
2008-06-18 17:24 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-18 17:24 --------- d-----w C:\Program Files\Windows Calendar
2008-06-18 17:23 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-18 17:23 --------- d-----w C:\Program Files\Windows Defender
2008-06-18 17:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-18 17:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-18 07:26 --------- d-----w C:\Users\Suvi\AppData\Roaming\ZoomBrowser EX
2008-06-18 07:25 --------- d-----w C:\ProgramData\ZoomBrowser
2008-06-16 18:07 --------- d-----w C:\Users\Mikko\AppData\Roaming\ZoomBrowser EX
2008-06-13 18:40 --------- d-----w C:\Users\Mikko\AppData\Roaming\OpenOffice.org2
2008-06-05 10:32 --------- d-----w C:\Users\Mikko\AppData\Roaming\Comodo
2008-05-25 14:30 --------- d-----w C:\ProgramData\Lavasoft
2008-05-25 14:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 08:49 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-16 11:24 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-16 10:52 --------- d-----w C:\Program Files\LeechFTP
2008-05-16 08:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-13 07:40 43,520 ----a-w C:\Windows\system32\drivers\fetnd6v.sys
2008-05-12 16:07 --------- d-----w C:\Program Files\eMule
2008-05-12 15:59 --------- d-----w C:\ProgramData\Microsoft Corporation
2008-05-12 15:57 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-05-12 15:07 --------- d-----w C:\Program Files\HP
2008-05-06 09:36 --------- d-----w C:\Program Files\Windows Live
2008-05-05 14:39 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-05 14:37 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-05 14:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-05 14:30 --------- d-----w C:\ProgramData\WLInstaller
2008-05-02 11:32 --------- d-----w C:\Users\Suvi\AppData\Roaming\SUPERAntiSpyware.com
2008-04-29 08:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-04-28 08:17 --------- d-----w C:\ProgramData\Google Updater
2008-04-20 11:47 290 ----a-w C:\Users\Suvi\AppData\Roaming\wklnhst.dat
2008-04-20 09:54 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-03-16 17:56 2,244 ----a-w C:\Users\Mikko\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-20_14.18.00.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 08:33:19 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-20 11:28:21 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-20 08:33:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-20 11:28:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-20 08:33:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-20 11:28:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-20 08:36:31 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-20 11:30:04 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-20 08:35:52 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-20 11:29:59 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-06-20 08:33:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-20 11:28:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-20 08:33:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-20 11:28:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-20 08:33:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 11:28:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-20 08:38:45 99,428 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-20 11:33:55 103,740 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-20 08:38:45 83,252 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-06-20 11:33:56 83,252 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-06-20 08:38:45 588,160 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-20 11:33:56 592,472 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-20 08:38:45 440,918 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-06-20 11:33:56 440,918 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-06-20 08:37:22 76,024 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-20 11:30:53 76,150 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Perheturva\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 20:04 4423680 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-04 12:22 1840128]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-18 23:33 227840]
"fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [2007-12-17 11:12 243240]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-05 13:32 1655552]
"Skytel"="Skytel.exe" [2007-03-16 16:06 1822720 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 06:28 81920]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

C:\Users\Suvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 17:54:44 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-18 18:29:35 126136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C320BCB3-9897-4FEF-9DD2-877439565DA1}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{B0736DD5-38A7-40D3-961D-7A1EA22DC8A3}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{8237FEFF-B595-4D17-9CE1-86C7FCE90813}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{97239A9F-F41B-4C3C-94CD-47CEA666846F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{B216E51D-E54C-4AD2-90B4-3E9BEB068BD5}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{0BF9924E-C0B9-4124-A4FF-E7D54E18FB34}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{8A639679-C292-4332-A851-D0DD6C76095C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{18630ED2-3B02-4BAC-B991-53B29FAB6496}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{D21D74AD-1B32-44F1-BD2C-9E8AE72FC7CE}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.254\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.254\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{CD57BC58-5688-460A-BDE3-BE62E6A4EFB4}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.254\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.254\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{2ABC6798-FDE8-4FC2-9261-CC5B2F4001A2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DD50476E-3391-4CE2-8F8B-BF0BA378E199}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{426E9C85-D6E8-4E59-AAED-41A4DD19E2B7}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{FD50B139-F1DB-48CE-AD52-282AF4CE8D38}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{B3E82DA7-849B-4BF3-A108-8D9FCD0BB2F3}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A2097E09-0372-4B53-A9CD-F6933A83A245}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{759ED70C-5F02-4A17-90B3-253A8AC0ADF1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{28C96E3C-4939-4259-926F-3F5A519E890B}C:\\program files\\leechftp\\leechftp.exe"= UDP:C:\program files\leechftp\leechftp.exe:LeechFTP
"UDP Query User{DBB80A7E-5478-4800-B549-4BA7F0DD0EF5}C:\\program files\\leechftp\\leechftp.exe"= TCP:C:\program files\leechftp\leechftp.exe:LeechFTP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2008-03-01 19:08]
R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2006-10-17 22:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\Windows\system32\DRIVERS\xfilt.sys [2006-10-18 19:39]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-06-05 13:32]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 13:32]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 02:18]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare ? perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" [2007-12-17 11:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 20:52]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-05-13 10:40]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-04 12:22]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-05 14:37:27 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 14:44:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-20 14:46:01
ComboFix-quarantined-files.txt 2008-06-20 11:45:57
ComboFix2.txt 2008-06-20 11:36:12
ComboFix3.txt 2008-06-20 11:18:36

Pre-Run: 113,642,831,872 tavua vapaana
Post-Run: 113,610,207,232 tavua vapaana

224 --- E O F --- 2008-06-20 10:47:13

[ + lainaa]

Mainos

Hujo

Suspended permanently

20. kesäkuuta 2008 @ 14:59

Linkki tähän viestiin

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

[ + lainaa]

Voiko tietsikka koskaan toimia?

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > dss-logi tutkimista varten (sis.hjt-login)


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.