|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Kone hidastelee
|
|
|
Quutamo
Junior Member
|
24. kesäkuuta 2008 @ 22:18 |
Linkki tähän viestiin
|
Kone siis hidas ja sanoo esim. dwwin:stä, että "muisti ei voi olla ´read`".
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:03, on 24.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Omistaja\Työpöytä\HiJackThis.exe
C:\WINDOWS\system32\dwwin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-21-1594549898-2933576815-3338973209-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1594549898-2933576815-3338973209-1003\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (User '?')
O4 - HKUS\S-1-5-21-1594549898-2933576815-3338973209-1003\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-21-1594549898-2933576815-3338973209-1003\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
O4 - S-1-5-21-1594549898-2933576815-3338973209-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-1594549898-2933576815-3338973209-1003 Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe (User '?')
O4 - S-1-5-21-1594549898-2933576815-3338973209-1003 Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 8207 bytes
_______________________________
Combofix
ComboFix 08-06-20.4 - Omistaja 2008-06-24 22:18:42.10 - NTFSx86
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-24 to 2008-06-24 )))))))))))))))))
.
2008-06-24 22:19 . 2008-06-24 22:20 <KANSIO> d--hs---- C:\WINDOWS\system32\wsnpoem
2008-06-23 21:49 . 2008-06-23 21:53 63,920 --a------ C:\WINDOWS\system32\drivers\dee452f2.sys
2008-06-23 21:49 . 2008-06-23 21:49 56,832 --a------ C:\knth.exe
2008-06-23 21:49 . 2008-06-23 21:49 20,480 --a------ C:\jbdem.exe
2008-06-23 21:49 . 2008-06-23 21:49 12,288 --a------ C:\waxd.exe
2008-06-23 21:49 . 2008-06-23 21:49 11,776 --a------ C:\d1.exe
2008-06-19 22:38 . 2008-06-19 22:49 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\X-Chat 2
2008-06-19 22:37 . 2008-06-19 22:37 <KANSIO> d-------- C:\Program Files\X-Chat 2
2008-06-19 21:35 . 2008-06-19 21:35 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\mIRC
2008-06-11 17:24 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 11:22 . 2008-06-09 11:22 244 --ah----- C:\sqmnoopt08.sqm
2008-06-09 11:22 . 2008-06-09 11:22 232 --ah----- C:\sqmdata08.sqm
2008-06-09 11:22 . 2008-06-09 11:22 148 --ah----- C:\sqmdata09.sqm
2008-06-09 11:22 . 2008-06-09 11:22 136 --ah----- C:\sqmnoopt09.sqm
2008-05-30 18:46 . 2008-05-30 18:46 <KANSIO> d-------- C:\WINDOWS\text
2008-05-30 18:46 . 2008-05-30 18:46 <KANSIO> d-------- C:\WINDOWS\movies
2008-05-30 18:44 . 2008-05-30 18:46 <KANSIO> d-------- C:\WINDOWS\models
2008-05-30 18:44 . 2008-05-30 18:44 <KANSIO> d-------- C:\WINDOWS\data
2008-05-30 18:38 . 2008-05-30 18:38 <KANSIO> d-------- C:\WINDOWS\audio
2008-05-30 18:37 . 2008-05-30 18:38 <KANSIO> d-------- C:\WINDOWS\anim
2008-05-30 18:37 . 2005-06-08 12:40 14,388,348 --a------ C:\WINDOWS\GTA_SA.EXE
2008-05-30 18:37 . 2003-11-16 10:48 1,060,864 --a------ C:\WINDOWS\vorbis.dll
2008-05-30 18:37 . 2004-01-06 10:43 188,416 --a------ C:\WINDOWS\eax.dll
2008-05-30 18:37 . 2003-11-16 10:48 65,536 --a------ C:\WINDOWS\vorbisFile.dll
2008-05-30 18:37 . 2003-11-15 17:54 36,864 --a------ C:\WINDOWS\ogg.dll
2008-05-30 18:37 . 2004-05-18 19:19 197 --a------ C:\WINDOWS\stream.ini
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 21:27 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Azureus
2008-06-21 22:36 --------- d-----w C:\Program Files\EA GAMES
2008-06-19 15:48 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 15:47 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 20:45 --------- d-----w C:\Program Files\Microsoft Works
2008-06-10 09:51 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2008-06-05 09:20 --------- d-----w C:\Program Files\Azureus
2008-05-30 19:28 --------- d-----w C:\Program Files\RevConnect
2008-05-30 15:54 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-30 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-14 07:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-14 07:13 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 15:24 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-26 13:16 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-04-26 13:16 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-04-26 13:16 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-04-26 12:51 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-04-26 12:51 102,400 ----a-w C:\WINDOWS\DIIUnin.exe
2008-04-24 17:33 --------- d-----w C:\Program Files\RecordNow!
2008-04-24 17:32 --------- d-----w C:\Program Files\QuickTime
2008-04-24 17:29 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-24 17:27 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-24 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-02-09 13:11 94,208 ----a-w C:\Documents and Settings\Omistaja\Application Data\ezplay.sys
2008-02-09 13:11 47,360 ----a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys
2007-01-31 17:22 784 ----a-w C:\Documents and Settings\Omistaja\Application Data\mpauth.dat
2007-01-03 18:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-07-20 20:57 30,056 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\3.dat
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\2.dat
2005-08-25 12:18 0 ----a-w C:\Documents and Settings\Omistaja\1.dat
.
------- Sigcheck -------
2007-06-13 16:22 1040896 ab890174e9b3dab933c71067069f9a14 C:\WINDOWS\explorer.exe
2007-06-13 16:10 1040896 43f8b440aa7b080bdb7ff450d8baeed9 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-02-12 19:47 1011712 66ca67cbedc4cda12250174f30188147 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-09-15 02:12 1039872 7e47546ad5b44ecac714e334d3bf7d48 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-09-15 02:12 1039872 9df634cbf80009f4a4fe42e2cdf71c2c C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-09-15 02:12 1039872 2666ad6b17aeee79d5520e473a2cac80 C:\WINDOWS\SoftwareDistribution\Download\83d925adf4843bb70ca8fb6fff0e163b\explorer.exe
2004-09-15 02:12 1039872 d52863fa9fdb4ebc3a01880b205b83dd C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\36fbce143f18c09a40a74d1b7d380983\explorer.exe
2007-06-13 16:22 1040896 be9164bcdf96729a3ee997dafa6a92e4 C:\WINDOWS\system32\dllcache\explorer.exe
2004-02-12 19:44 20480 8bfad08ef4307f01793b5ac8711dfe46 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-09-15 02:12 22528 d8ccffee6c30c7c0d0ac9caf52423a15 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-09-15 02:12 22528 8e31b631957f8cdf55a8483d9e4c4507 C:\WINDOWS\SoftwareDistribution\Download\83d925adf4843bb70ca8fb6fff0e163b\ctfmon.exe
2004-09-15 02:12 22528 379bbc08f9251cdeaeff21c05a91079d C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\36fbce143f18c09a40a74d1b7d380983\ctfmon.exe
2004-09-15 02:12 22528 d52db4ff9211edc0f99f6dac2df2f0ff C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot_2008-06-24_22.38.01,89 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 17:02:28 174,080 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 05:00:00 37,888 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 05:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 05:00:00 169,472 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 05:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34 40960]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 08:00 106496]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 09:26 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 59904]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 16:38 249856]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 57344]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:16 491520]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 69632]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 241664]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 90112]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-10-09 15:13 70800]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 08:32 5537792]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 118784]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 65536]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-06 22:29 185896]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 08:00 106496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 08:32 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
C:\Documents and Settings\Omistaja\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 120832]
BUFFALO Disk Backup Utility.lnk - C:\Program Files\BUFFALO\HDBackup\HDBackup.exe [2004-07-28 17:02:00 212992]
BUFFALO Power Save Utility for HD.lnk - C:\Program Files\BUFFALO\HDManage\HDManage.exe [2004-07-29 08:24:06 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\ntos.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Steam\\steamapps\\myrighthand\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\X-Chat 2\\xchat.exe"=
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-13 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-18 17:50:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-30 12:00:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 22:20:12
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-06-24 22:22:59
ComboFix-quarantined-files.txt 2008-06-24 19:21:57
ComboFix2.txt 2008-06-24 19:38:57
ComboFix3.txt 2008-05-15 11:48:17
ComboFix4.txt 2008-04-24 17:24:29
ComboFix5.txt 2008-03-31 15:07:55
Pre-Run: 50,138,345,472 tavua vapaana
Post-Run: 50,170,576,896 tavua vapaana
188 --- E O F --- 2008-06-20 09:20:12
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. kesäkuuta 2008 @ 22:25
|
Senior Member
4 tuotearviota
|
25. kesäkuuta 2008 @ 11:42 |
Linkki tähän viestiin
|
Lataa CCleaner tästä
- Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
- Asennuksen jälkeen aukaise CCleaner.
- Valitse vasemmalta pystyrivistä Options.
- Valitse viereisestä pystyrivistä Settings.
- Language kohtaan valitse Suomi.
- Käynnistä CCleaner.
- Valitse Valinnat.
- Paina Lisäasetukset.
- Ota ruksi pois kohdasta "Poista vain yli 48 tuntia vanhat tiedostot Windowsin tilapäiskansioista".
Puhdistaja
- Valitse vasemmalta pystyrivistä Puhdistaja.
- Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
- Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
- Valitse vasemmalta pystyrivistä Rekisteri.
- Paina alhaalta Etsi rekisterin virheitä.
- Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
- Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
- Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
- Saat vielä varmistus kysymyksen, paina Ok.
- Kun virheet on korjattu, paina Sulje.
Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
|
|
Quutamo
Junior Member
|
26. kesäkuuta 2008 @ 20:13 |
Linkki tähän viestiin
|
Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 870
20:05:01 26.6.2008
mbam-log-6-26-2008 (20-05-01).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 271783
Kulunut aika: 3 hour(s), 48 minute(s), 53 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 9
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\Program Files\CPV\CPV7.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\JavaCore\UnInstall.exe.vir (Adware.Insider) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1001186.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iyhsc.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:35, on 26.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Omistaja\Työpöytä\HiJackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Winini.dll] C:\WINDOWS\system32\winini.vbs
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [Winini.dll] C:\WINDOWS\system32\winini.vbs (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SAmail] C:\Documents and Settings\Omistaja\Työpöytä\e-mail from#madiha_ariana@yahoo.fr.htm (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Winini.dll] C:\WINDOWS\system32\winini.vbs (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 7932 bytes
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. kesäkuuta 2008 @ 20:15
|
|
