|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Suuri ongelma ja epätietoisuuttaa, apua!
|
|
|
Viar
Inactive
|
11. elokuuta 2008 @ 16:27 |
Linkki tähän viestiin
|
Hei.
Tänään koneellani istuessa huomasin, että Antivirus XP 2008 löysi 424 virusta koneeltani, joka suorastaan järkytti.
Kuitenkin pääosin käytän Avira Antivirusta, joka ei löytänyt kuin yhden viruksen nimeltä TR/Dldr.FraudLoa.NC
Yritin poistaa, mutta valittaa ettei käyttöoikeuksia ole. Olen koneen ainoa käyttäjä täysillä oikeuksilla)
|
Senior Member
3 tuotearviota
|
11. elokuuta 2008 @ 17:21 |
Linkki tähän viestiin
|
No näitähän riittää näköjään vaikka kuinka paljon! Tuo Antivirus XP 2008 on itsessään haittaohjelma, antaa virheellisiä ilmoituksia koneen virustilanteesta yms, googlettamalla saat lisää tietoa :) Laita hjt-loki joko tänne Afterdawniin tai Virustorjunta.nettiin, saat lisäohjeita sen jälkeen!
GA B85M D3H | E3-1230V3 | True Spirit 120 M BW Rev.A | Asus R9 270X DCII TOP | SF-600P14XE-PRO | 8GB RAM | PNY 120GB SSD | WDC WD10EZEX | Fractal Define Mini | Win7 64bit Pro |
|
|
Viar
Inactive
|
11. elokuuta 2008 @ 17:31 |
Linkki tähän viestiin
|
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/re...e=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphccrrj0e349] C:\Windows\system32\lphccrrj0e349.exe
O4 - HKLM\..\Run: [SMrhc9rrj0e349] C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 6134 bytes
Tossa olisi :)
|
Senior Member
4 tuotearviota
|
11. elokuuta 2008 @ 20:59 |
Linkki tähän viestiin
|
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
|
|
Viar
Inactive
|
11. elokuuta 2008 @ 21:24 |
Linkki tähän viestiin
|
Jooh, no täs ois nää. Lähetän peräkkäin HJT ja ComboFixin, Malwarebytes' Anti-Malware tulee perässä vähän myöhemmin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:51, on 11.8.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/re...e=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphccrrj0e349] C:\Windows\system32\lphccrrj0e349.exe
O4 - HKLM\..\Run: [SMrhc9rrj0e349] C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 6134 bytes
Tässä seuraava
ComboFix 08-08-10.05 - Lauri 2008-08-11 21:10:51.1 - NTFSx86
Running from: C:\Users\Lauri\Desktop\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\rhc9rrj0e349
C:\Program Files\RichVideoCodec
C:\Program Files\RichVideoCodec\MultiLoader.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Users\Lauri\AppData\Local\Temp\E_4
C:\Users\Lauri\AppData\Local\Temp\E_4\HtmlView.fne
C:\Users\Lauri\AppData\Local\Temp\E_4\krnln.fnr
C:\Users\Lauri\AppData\Roaming\rhc9rrj0e349
C:\Users\Public\Desktop\Antivirus XP 2008.lnk
C:\Windows\system32\lphccrrj0e349.exe
C:\Windows\system32\phccrrj0e349.bmp
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-07-11 to 2008-08-11 )))))))))))))))))
.
2008-08-11 19:01 . 2008-08-11 19:01 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-11 17:27 . 2008-08-11 17:27 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-08-11 15:10 . 2008-08-11 15:10 0 --a------ C:\Windows\System32\212A.tmp
2008-08-03 19:24 . 2008-08-03 19:24 <KANSIO> d-------- C:\Program Files\Magelo
2008-08-02 10:02 . 2008-02-12 14:06 184,320 --a------ C:\Control Panel.exe
2008-08-02 10:01 . 2008-08-02 10:04 <KANSIO> d-------- C:\Tools
2008-08-02 10:01 . 2008-01-07 23:03 <KANSIO> d-a------ C:\Server
2008-08-02 10:01 . 2008-08-02 11:09 <KANSIO> d-------- C:\Ascent
2008-08-01 21:08 . 2008-08-01 21:08 <KANSIO> d-------- C:\PerfLogs
2008-07-29 19:25 . 2008-08-02 19:18 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\LimeWire
2008-07-29 19:25 . 2008-07-29 19:25 <KANSIO> d-------- C:\Program Files\LimeWire
2008-07-28 12:38 . 2008-07-28 12:38 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music
2008-07-28 12:36 . 2008-07-28 12:36 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Apple Computer
2008-07-28 12:35 . 2008-07-28 12:35 <KANSIO> d-------- C:\Program Files\iTunes
2008-07-28 12:35 . 2008-07-28 12:35 <KANSIO> d-------- C:\Program Files\iPod
2008-07-28 12:35 . 2008-07-28 12:35 <KANSIO> d-------- C:\Program Files\Bonjour
2008-07-28 12:33 . 2008-07-28 12:35 <KANSIO> d-------- C:\Users\All Users\Apple Computer
2008-07-28 12:33 . 2008-07-28 12:35 <KANSIO> d-------- C:\ProgramData\Apple Computer
2008-07-28 12:33 . 2008-07-28 12:34 <KANSIO> d-------- C:\Program Files\QuickTime
2008-07-28 12:32 . 2008-07-28 12:32 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-07-28 12:31 . 2008-07-28 12:31 <KANSIO> d-------- C:\Users\All Users\Apple
2008-07-28 12:31 . 2008-07-28 12:31 <KANSIO> d-------- C:\ProgramData\Apple
2008-07-28 12:31 . 2008-07-28 12:31 <KANSIO> d-------- C:\Program Files\Common Files\Apple
2008-07-20 21:04 . 2008-07-20 21:05 <KANSIO> d-------- C:\.NS_file_store_32
2008-07-20 20:53 . 2008-07-20 20:58 <KANSIO> d-------- C:\.mpr_file_store_32
2008-07-20 20:40 . 2008-07-20 20:44 <KANSIO> d-------- C:\weedscapecache
2008-07-20 20:39 . 2008-07-20 20:39 <KANSIO> d-------- C:\Program Files\Sun
2008-07-20 20:38 . 2008-07-20 20:38 <KANSIO> d-------- C:\Program Files\Java
2008-07-20 20:37 . 2008-07-20 20:37 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-07-20 18:42 . 2008-07-20 18:42 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-07-20 11:33 . 2008-01-19 10:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-07-20 11:32 . 2008-01-19 10:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-07-20 11:31 . 2008-01-19 09:53 130,048 --a------ C:\Windows\System32\drivers\drmk.sys
2008-07-20 11:30 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-07-20 11:29 . 2008-01-19 10:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-07-20 11:28 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-07-20 11:28 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-07-20 11:28 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-07-20 11:27 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-07-20 11:27 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-07-20 11:25 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-07-20 11:25 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-07-20 11:25 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-07-20 11:25 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-07-20 01:26 . 2008-08-11 15:44 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\uTorrent
2008-07-20 01:26 . 2008-07-20 01:26 <KANSIO> d-------- C:\Program Files\uTorrent
2008-07-19 23:56 . 2008-07-19 23:56 <KANSIO> d-------- C:\Program Files\MySQL
2008-07-18 18:50 . 2008-07-18 18:50 131,072,000 --a------ C:\Windows\MEMORY.DMP
2008-07-18 11:03 . 2008-07-18 11:03 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-07-18 10:58 . 2008-07-18 10:58 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-07-18 10:58 . 2008-07-18 10:58 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-07-18 10:58 . 2008-07-18 10:58 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-18 10:58 . 2008-07-18 10:58 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-18 10:58 . 2008-07-18 10:58 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-18 10:58 . 2008-07-18 10:58 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-16 12:56 . 2008-07-16 12:57 <KANSIO> d-------- C:\Program Files\ExpressZIP
2008-07-16 12:56 . 2008-07-16 12:56 6,144 --ahs---- C:\Windows\System32\access.ctl
2008-07-15 13:50 . 2008-07-15 13:50 <KANSIO> d-------- C:\Windows\PCHEALTH
2008-07-15 11:34 . 2008-07-15 11:34 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-15 11:29 . 2008-07-15 11:29 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-07-15 11:28 . 2008-07-15 11:28 988,216 --a------ C:\Windows\System32\winload.exe
2008-07-15 11:28 . 2008-07-15 11:28 927,288 --a------ C:\Windows\System32\winresume.exe
2008-07-15 11:28 . 2008-07-15 11:28 615,992 --a------ C:\Windows\System32\ci.dll
2008-07-15 11:28 . 2008-07-15 11:28 378,368 --a------ C:\Windows\System32\srcore.dll
2008-07-15 11:28 . 2008-07-15 11:28 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-07-15 11:28 . 2008-07-15 11:28 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-07-15 11:28 . 2008-07-15 11:28 40,960 --a------ C:\Windows\System32\srclient.dll
2008-07-15 11:28 . 2008-07-15 11:28 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-07-15 11:28 . 2008-07-15 11:28 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-07-15 11:27 . 2008-07-15 11:27 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-07-15 11:26 . 2008-07-15 11:26 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-07-15 11:25 . 2008-07-15 11:25 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-15 11:25 . 2008-07-15 11:25 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-07-15 11:23 . 2008-07-15 11:23 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-15 11:23 . 2008-07-15 11:23 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-07-15 11:18 . 2008-07-15 11:18 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-07-15 11:18 . 2008-07-15 11:18 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-07-15 11:16 . 2008-07-15 11:16 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-07-15 11:16 . 2008-07-15 11:16 826,880 --a------ C:\Windows\System32\wininet.dll
2008-07-15 02:12 . 2008-07-15 02:12 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
2008-07-14 12:33 . 2008-07-20 18:52 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Hamachi
2008-07-13 20:10 . 2008-07-17 15:46 <KANSIO> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-13 19:38 . 2008-07-15 13:50 <KANSIO> d-------- C:\Program Files\Windows Live
2008-07-13 19:38 . 2008-07-15 13:50 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-13 19:37 . 2008-07-15 13:45 <KANSIO> d-------- C:\Users\All Users\WLInstaller
2008-07-13 19:37 . 2008-07-15 13:45 <KANSIO> d-------- C:\ProgramData\WLInstaller
2008-07-13 19:29 . 2008-07-13 19:29 <KANSIO> d-------- C:\Users\All Users\Avira
2008-07-13 19:29 . 2008-07-13 19:29 <KANSIO> d-------- C:\ProgramData\Avira
2008-07-13 19:29 . 2008-07-13 19:29 <KANSIO> d-------- C:\Program Files\Avira
2008-07-13 19:13 . 2008-07-13 19:13 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Talkback
2008-07-13 18:56 . 2008-07-13 19:15 16 --a------ C:\Windows\System32\coh.cache
2008-07-13 18:53 . 2008-07-13 18:53 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Roxio
2008-07-13 18:53 . 2008-07-13 19:04 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Packard Bell
2008-07-13 18:53 . 2008-07-13 18:53 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\CyberLink
2008-07-13 18:52 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Searches
2008-07-13 18:52 . 2008-07-30 14:32 <KANSIO> dr------- C:\Users\Lauri\Contacts
2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Videos
2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Saved Games
2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Pictures
2008-07-13 18:34 . 2008-07-28 12:36 <KANSIO> dr------- C:\Users\Lauri\Music
2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Links
2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Downloads
2008-07-13 18:34 . 2008-07-29 19:26 <KANSIO> dr------- C:\Users\Lauri\Documents
2008-07-13 18:34 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Media Center Programs
2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> d--h----- C:\Users\Lauri\AppData
2008-07-13 18:34 . 2008-07-28 12:31 <KANSIO> d-------- C:\Users\Lauri
2008-07-13 18:31 . 2008-07-13 18:31 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-07-13 16:14 . 2008-07-18 18:50 177,429,440 --a------ C:\Windows\DUMP3024.tmp
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 18:29 174 --sha-w C:\Program Files\desktop.ini
2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Mail
2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Journal
2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Defender
2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Calendar
2008-07-20 08:27 --------- d-----w C:\Program Files\Reference Assemblies
2008-07-19 07:59 --------- d-----w C:\Program Files\Google
2008-07-15 08:23 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-15 08:23 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-15 08:23 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-15 08:23 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-15 08:23 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-13 16:23 --------- d-----w C:\ProgramData\Sonic
2008-07-13 16:22 --------- d-----w C:\ProgramData\Symantec
2008-07-13 16:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Työpöytä
2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Tiedostot
2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Suosikit
2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Mallit
2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 10:33 227840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 22:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 22:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 22:15 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 19:07 4390912 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-07-18 19:04 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-09-01 07:18 1836544 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPService]
--a------ 2007-06-12 23:36 102400 C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-07-06 22:15 8466432 C:\Windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-07-06 22:15 81920 C:\Windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-07-06 22:15 86016 C:\Windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-01-11 11:40 232184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 10:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--a------ 2007-07-19 16:32 1120568 C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 19:20 28672 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 10:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-02-15 19:07 4390912 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-19 10:36 2153472 C:\Windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{E7B348B8-8E16-44CF-B01E-3E2512A257A5}C:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= UDP:C:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{EBD5C045-CB1D-4026-AB48-F7AC48717A47}C:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= TCP:C:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{A4C2F173-11D2-42B6-AFE0-A778BC942CA3}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{3AAC7C09-5A0D-4D7E-A769-E331C869321A}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{1B426326-1EF9-4A5D-B272-BC6FF3AFA208}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9646ED42-2288-4D3E-AA52-0B23F6083D38}"= UDP:C:\Program Files\World of Warcraft\WoW-2.4.2-enGB-downloader.exe:Blizzard Downloader
"{650590AF-D3E1-4541-A745-E9458BCFD3B7}"= TCP:C:\Program Files\World of Warcraft\WoW-2.4.2-enGB-downloader.exe:Blizzard Downloader
"{592D5DA4-AB38-4ED8-9AEA-A53F94EC9680}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{56451D80-DB61-4F6C-8693-D62A9ADAEEFA}C:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= UDP:C:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
"UDP Query User{057CB7B1-BEFE-4E29-BD36-E84F4C68F337}C:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= TCP:C:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
"{3E9597DC-F2CC-4A74-93AD-53AA80F004AB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{190D0A95-6F7D-4A68-84F6-28A337F4878A}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{45528739-5F4A-4D36-9A30-861EAE6CB75D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{75C71410-29B5-4034-8FEC-425D2376F49D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisableNotifications"= 1 (0x1)
.
'Ajoitetut teht?v?t'-kansion sis?lt?
2008-08-11 C:\Windows\Tasks\Laajennettu takuu.job
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 19:38]
2008-08-11 C:\Windows\Tasks\PBRegbk.job
- C:\Program Files\HDReg\HDRegApp.exe [2005-06-21 13:05]
2008-08-11 C:\Windows\Tasks\Recovery DVD Creator.job
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 19:34]
2008-08-11 C:\Windows\Tasks\User_Feed_Synchronization-{AF5175DA-DFF2-45C3-A4EA-076924D5B3C2}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 10:33]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lphccrrj0e349 - C:\Windows\system32\lphccrrj0e349.exe
HKLM-Run-SMrhc9rrj0e349 - C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Lauri\AppData\Roaming\Mozilla\Firefox\Profiles\3dqugozu.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 21:15:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\Lauri\AppData\Local\Temp\CabDC0B.tmp 27455 bytes
C:\Users\Lauri\AppData\Local\Temp\TarDC0C.tmp 0 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-11 21:17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-11 18:17:36
Pre-Run: 298,929,758,208 tavua vapaana
Post-Run: 299,313,618,944 tavua vapaana
289 --- E O F --- 2008-08-11 08:34:57
|
|
Mainos
|
|
|
|
Viar
Inactive
|
11. elokuuta 2008 @ 21:51 |
Linkki tähän viestiin
|
Tässä Malwarebytes ja viimeisin HJT
Malwarebytes' Anti-Malware 1.24
Tietokantaversio: 1042
Windows 6.0.6001 Service Pack 1
21:49:08 11.8.2008
mbam-log-8-11-2008 (21-49-08).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|)
Tarkistetut kohteet: 89042
Kulunut aika: 21 minute(s), 56 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 3
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc9rrj0e349 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc9rrj0e349 (Rogue.Multiple) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:51, on 11.8.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/re...e=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphccrrj0e349] C:\Windows\system32\lphccrrj0e349.exe
O4 - HKLM\..\Run: [SMrhc9rrj0e349] C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 6134 bytes
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Users\Lauri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
|
|
