|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Kone jumissa mese virus Hjt log+Combofix log
|
|
Newbie
|
22. kesäkuuta 2008 @ 17:02 |
Linkki tähän viestiin
|
Kone erittäin jumissa ja hiiri vetelee itsestään suuntiinsa. Netti niin jumissa, että viestin saanti palstalle kesti 2h.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58, on 2008-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.238.88.64:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: {2e4dbf05-166d-743b-ab14-20795ec5c9a0} - {0a9c5ce5-9702-41ba-b347-d66150fbd4e2} - C:\WINDOWS\system32\ffavjdax.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [fcd0d9d2] rundll32.exe "C:\WINDOWS\system32\dpjlhnpe.dll",b
O4 - HKLM\..\Run: [BMffe3ea4e] Rundll32.exe "C:\WINDOWS\system32\ntvkqvqi.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZCfox000
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?e4ab05b8cdeb4a9c810de1879497a108
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?e4ab05b8cdeb4a9c810de1879497a108
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efcDwUoP - efcDwUoP.dll (file missing)
ComboFix 08-06-20.4 - Mika 2008-06-22 15:28:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.121 [GMT 3:00]
Running from: C:\Documents and Settings\Mika\Työpöytä\SFScript.exe
* Created a new restore point
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
C:\Program Files\Seekmo Programs
C:\WINDOWS\BMffe3ea4e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awttSiih.dll
C:\WINDOWS\system32\bbxdwxpt.dll
C:\WINDOWS\system32\bilnoich.ini
C:\WINDOWS\system32\cuoritmx.dll
C:\WINDOWS\system32\DJjlRtwa.ini
C:\WINDOWS\system32\DJjlRtwa.ini2
C:\WINDOWS\system32\epnhljpd.ini
C:\WINDOWS\system32\fbsgvtep.ini
C:\WINDOWS\system32\gbhaatlv.ini
C:\WINDOWS\system32\jriocaeh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdsosdut.ini
C:\WINDOWS\system32\nsotomor.ini
C:\WINDOWS\system32\qpbnbhic.ini
C:\WINDOWS\system32\qqedtmxl.ini
C:\WINDOWS\system32\rXEKRqss.ini
C:\WINDOWS\system32\rXEKRqss.ini2
C:\WINDOWS\system32\ssqRKEXr.dll
C:\WINDOWS\system32\tsewiqjp.ini
C:\WINDOWS\system32\uviwvtyo.ini
C:\WINDOWS\system32\widkiwkk.ini
C:\WINDOWS\system32\xcbhnaqq.ini
C:\WINDOWS\system32\xjwlymja.ini
E:\Autorun.inf
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-05-22 to 2008-06-22 )))))))))))))))))
.
2008-06-22 15:37 . 2008-06-22 15:37 110,419 --a--c--- C:\WINDOWS\BMffe3ea4e.xml
2008-06-21 19:30 . 2008-06-21 19:30 81,408 --a--c--- C:\WINDOWS\system32\dpjlhnpe.dll
2008-06-21 19:27 . 2008-06-21 19:27 99,328 --a--c--- C:\WINDOWS\system32\ffavjdax.dll
2008-06-21 19:24 . 2008-06-21 19:24 90,112 --a--c--- C:\WINDOWS\system32\ntvkqvqi.dll
2008-06-21 19:05 . 2008-06-21 19:14 <KANSIO> d----c--- C:\Program Files\EA GAMES
2008-06-20 19:24 . 2008-06-20 19:24 99,840 --a--c--- C:\WINDOWS\system32\kqbpikse.dll
2008-06-20 19:24 . 2008-06-20 19:24 90,112 --a--c--- C:\WINDOWS\system32\ugftimxj.dll
2008-06-19 11:43 . 2008-06-19 11:43 <KANSIO> d----c--- C:\Program Files\Steam-Down
2008-06-19 11:41 . 2008-06-19 11:41 89,600 -----c--- C:\WINDOWS\system32\tdgrqmpu.0ll
2008-06-19 11:41 . 2008-06-19 11:41 80,896 -----c--- C:\WINDOWS\system32\petvgsbf.0ll
2008-06-18 00:47 . 2008-06-18 00:47 98,816 -----c--- C:\WINDOWS\system32\wpeibbkl.0ll
2008-06-18 00:45 . 2008-06-18 00:45 90,112 --a--c--- C:\WINDOWS\system32\yvmpbodu.0ll
2008-06-18 00:45 . 2008-06-18 00:45 82,432 --a--c--- C:\WINDOWS\system32\romotosn.0ll
2008-06-16 22:30 . 2008-06-16 22:30 99,328 -----c--- C:\WINDOWS\system32\rfckarnl.0ll
2008-06-16 22:24 . 2008-06-16 22:24 90,112 -----c--- C:\WINDOWS\system32\wqsacypx.0ll
2008-06-16 19:35 . 2008-06-16 19:35 <KANSIO> d----c--- C:\Program Files\AviSynth 2.5
2008-06-16 19:34 . 2008-06-16 19:34 <KANSIO> d----c--- C:\Program Files\Red Kawa
2008-06-15 22:24 . 2008-06-15 22:24 99,840 -----c--- C:\WINDOWS\system32\rcmtopar.0ll
2008-06-15 22:22 . 2008-06-15 22:22 90,112 -----c--- C:\WINDOWS\system32\ghqhoyex.0ll
2008-06-15 22:04 . 2005-01-01 23:45 <KANSIO> d----c--- C:\Documents and Settings\Ella\WINDOWS
2008-06-15 22:04 . 2004-12-14 20:30 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Verkkoymp?rist?
2008-06-15 22:04 . 2005-01-01 23:49 <KANSIO> d----c--- C:\Documents and Settings\Ella\Ty?p?yt?
2008-06-15 22:04 . 2004-12-14 20:30 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Tulostinymp?rist?
2008-06-15 22:04 . 2006-03-14 10:10 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Suosikit
2008-06-15 22:04 . 2008-06-15 22:04 <KANSIO> dr---c--- C:\Documents and Settings\Ella\Omat tiedostot
2008-06-15 22:04 . 2006-03-14 10:11 <KANSIO> d--h-c--- C:\Documents and Settings\Ella\Mallit
2008-06-15 22:04 . 2006-03-14 10:10 <KANSIO> dr---c--- C:\Documents and Settings\Ella\K?ynnist?-valikko
2008-06-15 22:04 . 2008-06-15 22:04 <KANSIO> d----c--- C:\Documents and Settings\Ella
2008-06-13 22:45 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 22:45 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 21:12 . 2008-06-12 21:12 80,896 -----c--- C:\WINDOWS\system32\kkwikdiw.0ll
2008-06-11 18:59 . 2008-06-11 18:59 89,600 -----c--- C:\WINDOWS\system32\xhvnirpo.0ll
2008-06-11 17:19 . 2008-06-11 17:19 89,600 --a--c--- C:\WINDOWS\system32\ycnpudyl.0ll
2008-06-06 16:25 . 2008-06-10 16:51 51,072 --a--c--- C:\WINDOWS\system32\drivers\fsdfw.sys
2008-06-06 16:25 . 2008-06-10 16:51 30,016 --a--c--- C:\WINDOWS\system32\drivers\fsndis5.sys
2008-06-06 16:23 . 2008-06-06 16:23 2,560 -----c--- C:\WINDOWS\system32\vmhdkmmx.0xe
2008-06-06 16:20 . 2008-06-06 16:20 134,656 -----c--- C:\WINDOWS\system32\imxlmmgj.0ll
2008-06-06 16:17 . 2008-06-06 16:17 117,248 -----c--- C:\WINDOWS\system32\qqanhbcx.0ll
2008-06-06 16:14 . 2008-06-06 16:14 125,440 -----c--- C:\WINDOWS\system32\xhbwiydg.0ll
2008-06-06 15:39 . 2008-06-06 15:39 <KANSIO> d----c--- C:\Documents and Settings\Mika\Application Data\TurvaPC
2008-06-06 15:34 . 2008-06-06 16:41 <KANSIO> d----c--- C:\Program Files\TurvaPC
2008-06-06 15:34 . 2008-06-06 15:34 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\TurvaPC
2008-06-06 15:34 . 2008-06-06 15:34 <KANSIO> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-06-06 15:17 . 2008-06-06 15:17 2,560 -----c--- C:\WINDOWS\system32\qpfohcfh.0xe
2008-06-06 15:15 . 2008-06-06 16:32 49,156 -----c--- C:\WINDOWS\ups.0xe
2008-06-06 15:15 . 2008-06-06 16:35 49,156 -----c--- C:\sz.0xe
2008-06-05 17:20 . 2008-06-22 15:37 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-06-05 17:20 . 2008-06-05 17:20 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-06-03 14:53 . 2008-06-05 09:24 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Omat tiedostot
2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Ty?p?yt?
2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> dr---c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Suosikit
2008-06-03 14:50 . 2008-06-03 14:50 <KANSIO> d----c--- C:\Documents and Settings\matias.YOUR-B62381BA23\K?ynnist?-valikko
2008-06-03 13:42 . 2008-06-03 13:42 <KANSIO> d--h-c--- C:\Documents and Settings\matias.YOUR-B62381BA23\Mallit
2008-06-02 17:32 . 2008-06-02 17:32 132,096 -----c--- C:\WINDOWS\system32\tsgoonwv.0ll
2008-06-02 17:32 . 2008-06-02 17:32 2,560 -----c--- C:\WINDOWS\system32\cuddnlhc.0xe
2008-06-01 16:55 . 2008-06-01 16:55 373,248 -----c--- C:\WINDOWS\system32\awtRljJD.0ll
2008-06-01 16:51 . 2008-06-01 16:51 93,184 -----c--- C:\is154890.0xe
2008-06-01 16:50 . 2008-06-02 14:10 3,423 --a--c--- C:\WINDOWS\is154890.exe
2008-06-01 16:46 . 2008-06-01 16:46 86,512 --a--c--- C:\irc.0om
2008-05-31 15:41 . 2008-06-01 16:41 60,124 -----c--- C:\bot.0xe
2008-05-31 15:40 . 2008-05-31 15:39 86,512 -r-hsc--- C:\WINDOWS\service.0xe
2008-05-28 17:57 . 2008-06-17 02:22 <KANSIO> d----c--- C:\Program Files\iTunes
2008-05-28 17:57 . 2008-05-28 17:57 <KANSIO> d----c--- C:\Program Files\iPod
2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Program Files\Common Files\Apple
2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Program Files\Apple Software Update
2008-05-27 19:21 . 2008-05-27 19:21 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-27 19:21 . 2008-02-18 11:16 30,464 --a--c--- C:\WINDOWS\system32\drivers\usbaapl.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 10:01 --------- dc----w C:\Documents and Settings\Mika\Application Data\uTorrent
2008-06-21 19:01 --------- dc----w C:\Documents and Settings\Mika\Application Data\Skype
2008-06-20 17:41 --------- dc----w C:\Program Files\DC++
2008-06-19 12:13 --------- dc----w C:\Program Files\Ski Jump International
2008-06-19 12:11 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-06-17 12:11 --------- dc----w C:\Program Files\ZipCentral
2008-06-12 09:38 --------- dc----w C:\Program Files\PAFPoker
2008-06-10 13:57 --------- dc----w C:\Program Files\dna Nettiturva
2008-06-06 13:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-06 13:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\fssg
2008-06-05 14:50 --------- dc----w C:\Program Files\Wolfenstein - Enemy Territory
2008-06-05 14:48 --------- dc----w C:\Program Files\GameSpy Arcade
2008-05-27 16:24 --------- dc----w C:\Program Files\QuickTime
2008-05-27 16:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 13:13 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys
2007-10-06 18:14 9,679,815 -c--a-w C:\Program Files\vlc-0.8.6c-win32(2).exe
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0a9c5ce5-9702-41ba-b347-d66150fbd4e2}]
2008-06-21 19:27 99328 --a--c--- C:\WINDOWS\system32\ffavjdax.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 22:34 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 22:29 659456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 05:05 339968]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 23:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 13:52 1836544]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Windows svchost"="ups.exe" [2004-09-15 15:00 18432 C:\WINDOWS\system32\ups.exe]
"F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.EXE" [2007-04-26 20:12 183208]
"F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"fcd0d9d2"="C:\WINDOWS\system32\dpjlhnpe.dll" [2008-06-21 19:30 81408]
"BMffe3ea4e"="C:\WINDOWS\system32\ntvkqvqi.dll" [2008-06-21 19:24 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDwUoP]
efcDwUoP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqRKEXr
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-10 16:51]
R0 Stealth;Stealth;C:\WINDOWS\system32\DRIVERS\stealth.sys [2002-06-21 10:58]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\dna Nettiturva\HIPS\fshs.sys [2008-06-10 16:50]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS []
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-06-18 07:26:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 08:08:25 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\DNANET~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\DNANET~1\ANTI-V~1\report.txt
"2008-06-22 11:36:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
|
AfterDawn Addict
|
23. kesäkuuta 2008 @ 14:49 |
Linkki tähän viestiin
|
Logit ovat jääneet vajaiksi !!!
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki kokonaan.
.
(:)
|
|
