Mahdollisesti jotain häikkää

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

lauantai 15.11.2025 / 04:56

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > mahdollisesti jotain häikkää

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Mahdollisesti jotain häikkää

Siirry:

Kirjoittaja

Viesti

zd_

Newbie

14. lokakuuta 2008 @ 08:02

Linkki tähän viestiin

Eli, kone on piipitellyt tässä eilen ja tänään troijalaisesta, joka tuli ladattuani ja avattuani yhden ohjelman..

Tuntuu että kone on jotenkin outo vieläkin. Tässä HijackThis logi:
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Users\V\Desktop\EasyClea.exe
C:\Windows\system32\wuauclt.exe
C:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\conime.exe
C:\Windows\hh.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [90F.tmp] C:\Windows\temp\90F.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-2444759761-3619051014-149038793-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED79AE6-6AFF-456B-9DE9-AFCE1D283403}: NameServer = 85.255.112.114;85.255.112.14
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kddzp.exe (file missing)

--
End of file - 7217 bytes

[ + lainaa]

yaht

Senior Member

4 tuotearviota

14. lokakuuta 2008 @ 10:07

Linkki tähän viestiin

1. Käynnistä Spybot-S&D Edistyneessä tilassa
2. Jos se ei ole Edistyneessä tilassa, mene Tila-valikkoon ja valitse Edistynyt tila
3. Klikkaa vasemmalla Työkalut
4. Klikkaa listassa Pysyvä suojaus
5. Ota rasti pois kohdasta "Pysyvä TeaTimer" ja paina OK.
6. Käynnistä kone uudelleen.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

[ + lainaa]

zd_

Newbie

14. lokakuuta 2008 @ 17:24

Linkki tähän viestiin

Homma selvä, tässä raportit.

Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-2444759761-3619051014-149038793-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kddzp.exe (file missing)

--
End of file - 6259 bytes

--------------------------------------------

ComboFix 08-10-12.01 - Veli-Matti 2008-10-14 17:09:02.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.2069 [GMT 3:00]
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
C:\Windows\system32\jusched.exe
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-14 to 2008-10-14 )))))))))))))))))
.

2008-10-14 07:47 . 2008-10-14 08:15 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-14 07:47 . 2008-10-14 08:15 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-14 07:47 . 2008-10-14 07:47 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-14 07:39 . 2008-10-14 07:39 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-10-14 07:26 . 2008-10-14 07:26 <KANSIO> d-------- C:\Program Files\ToniArts
2008-10-13 21:57 . 2008-10-13 21:58 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-10-13 21:57 . 2008-10-13 21:58 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-10-13 21:57 . 2008-10-13 21:57 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-10-13 21:38 . 2008-10-13 21:38 <KANSIO> d-------- C:\Users\All Users\CheckPoint
2008-10-13 21:38 . 2008-10-13 21:38 <KANSIO> d-------- C:\ProgramData\CheckPoint
2008-10-13 21:38 . 2008-10-13 21:38 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-10-13 21:35 . 2008-10-14 17:07 <KANSIO> d-------- C:\Windows\Internet Logs
2008-10-13 21:35 . 2008-10-14 17:04 350,468 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-10-13 21:35 . 2007-06-04 05:28 270,488 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-10-13 21:19 . 2008-10-13 21:31 <KANSIO> d-------- C:\Program Files\RevConnect
2008-10-13 21:03 . 2008-10-13 21:57 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-12 12:21 . 2008-10-12 12:21 <KANSIO> d-------- C:\Windows\Sun
2008-10-11 10:52 . 2008-10-11 10:52 <KANSIO> d-------- C:\Program Files\Sunbelt Software
2008-10-11 10:48 . 2008-10-11 10:48 <KANSIO> d-------- C:\Users\All Users\Avira
2008-10-11 10:48 . 2008-10-11 10:48 <KANSIO> d-------- C:\ProgramData\Avira
2008-10-11 10:48 . 2008-10-11 10:48 <KANSIO> d-------- C:\Program Files\Avira
2008-10-08 18:52 . 2008-10-08 18:52 59 --a------ C:\Windows\pp.enc
2008-10-08 18:48 . 2008-10-08 21:52 <KANSIO> d-------- C:\Users\Veli-Matti\AppData\Roaming\Microgaming
2008-10-08 18:47 . 2008-10-08 18:47 <KANSIO> d-------- C:\Microgaming
2008-10-01 19:24 . 2008-10-01 19:24 <KANSIO> d-------- C:\Program Files\PokerEV
2008-09-30 19:27 . 2008-10-13 03:16 <KANSIO> d-------- C:\Users\Veli-Matti\AppData\Roaming\ChessBase
2008-09-30 19:27 . 2008-09-30 19:27 <KANSIO> d-------- C:\Program Files\ChessBase
2008-09-28 16:13 . 2008-09-28 16:13 <KANSIO> d-------- C:\Program Files\ffdshow
2008-09-28 16:13 . 2008-06-08 23:58 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-09-28 16:13 . 2008-06-12 20:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-09-28 16:13 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-09-24 16:45 . 2008-09-24 16:45 0 --a------ C:\Windows\HMHud.INI
2008-09-24 16:34 . 2006-11-02 13:23 <KANSIO> dr------- C:\Users\postgres\Videos
2008-09-24 16:34 . 2006-11-02 13:23 <KANSIO> d-------- C:\Users\postgres\Saved Games
2008-09-24 16:34 . 2006-11-02 13:23 <KANSIO> dr------- C:\Users\postgres\Pictures
2008-09-24 16:34 . 2006-11-02 13:23 <KANSIO> dr------- C:\Users\postgres\Music
2008-09-24 16:34 . 2006-11-02 13:23 <KANSIO> dr------- C:\Users\postgres\Links
2008-09-24 16:34 . 2006-11-02 13:23 <KANSIO> dr------- C:\Users\postgres\Downloads
2008-09-24 16:34 . 2008-09-24 16:34 <KANSIO> dr------- C:\Users\postgres\Documents
2008-09-24 16:34 . 2006-11-02 14:18 <KANSIO> d--h----- C:\Users\postgres\AppData
2008-09-24 16:34 . 2008-09-24 16:34 <KANSIO> d-------- C:\Users\postgres
2008-09-24 16:34 . 2008-09-24 16:34 <KANSIO> d-------- C:\Program Files\PostgreSQL
2008-09-24 16:22 . 2008-09-24 16:22 <KANSIO> d-------- C:\Program Files\RVG Software
2008-09-22 20:57 . 2008-10-13 17:01 <KANSIO> d-------- C:\Program Files\Bestpoker
2008-09-22 00:43 . 2008-09-22 00:43 268 --ah----- C:\sqmdata02.sqm
2008-09-22 00:43 . 2008-09-22 00:43 244 --ah----- C:\sqmnoopt02.sqm
2008-09-21 17:30 . 2008-09-21 17:30 268 --ah----- C:\sqmdata01.sqm
2008-09-21 17:30 . 2008-09-21 17:30 244 --ah----- C:\sqmnoopt01.sqm
2008-09-21 17:23 . 2008-07-31 02:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-21 17:23 . 2008-07-31 06:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-21 17:23 . 2008-06-26 06:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-21 17:23 . 2008-07-31 06:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 14:03 --------- d-----w C:\Users\Veli-Matti\AppData\Roaming\mIRC
2008-10-14 13:13 --------- d-----w C:\Users\Veli-Matti\AppData\Roaming\uTorrent
2008-10-14 13:13 --------- d-----w C:\Program Files\Betsson
2008-10-14 12:59 --------- d-----w C:\Program Files\mIRC
2008-10-14 04:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-11 07:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-11 07:36 --------- d-----w C:\ProgramData\Symantec
2008-10-01 20:42 --------- d-----w C:\Users\Veli-Matti\AppData\Roaming\BSplayer
2008-09-22 09:38 --------- d-----w C:\Program Files\Poker Evolver
2008-09-02 17:09 --------- d-----w C:\Program Files\e3C
2008-09-02 17:01 --------- d-----w C:\Program Files\MMEDIA
2008-09-02 16:59 --------- d-----w C:\Users\Veli-Matti\AppData\Roaming\InstallShield
2008-08-14 07:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 07:21 268,800 ----a-w C:\Windows\System32\es.dll
2008-08-12 21:34 174 --sha-w C:\Program Files\desktop.ini
2008-08-12 21:03 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-08-12 21:03 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-08-12 21:03 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-08-12 21:03 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-08-12 21:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-12 21:01 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-08-12 20:59 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-12 20:59 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-12 20:56 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-08-12 20:56 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-08-12 20:56 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-08-12 20:56 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-08-12 20:54 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-08-12 20:54 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-08-12 20:54 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-08-12 20:53 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-08-12 20:53 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-08-12 20:53 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-08-12 20:53 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-08-12 20:53 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-08-12 20:52 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-08-12 20:52 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-08-12 20:52 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-11 757192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-11 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-29 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"tvjbmonitor"="C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 53248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-04 960240]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1AED2A79-5048-454B-8931-18F5BAD75C76}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{FAE76303-2D4B-41AE-BE37-8FE7D177ED31}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DBBAD3C1-0D2C-4023-8350-863A042E2DB6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C13B92D9-E97E-41A1-AE04-0010FCEB7F84}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{2FBB7C55-281C-49C0-AC1C-D89306E55DD9}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{541F2831-37CE-401C-8A4D-110460D2B8AF}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{E5E9C6F2-D39A-4B18-B900-6AD131883B1D}C:\\program files\\revconnect\\dcplusplus.exe"= UDP:C:\program files\revconnect\dcplusplus.exe:DC++
"UDP Query User{01D7DEAD-6C16-4A04-9E82-BD692F630E6D}C:\\program files\\revconnect\\dcplusplus.exe"= TCP:C:\program files\revconnect\dcplusplus.exe:DC++

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 -D C:\Program Files\PostgreSQL\8.3\data\ [ ]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-04 3483136]
R3 EC168BDA;EC168BDA service;C:\Windows\system32\DRIVERS\EC168BDA.sys [2007-10-17 107904]
S2 Windows Tribute Service;Windows Tribute Service;C:\Windows\system32\kddzp.exe [ ]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 131616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b80ee0fa-6895-11dd-8816-806e6f6e6963}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\resycled\boot.com f:
\shell\Open\command - F:\resycled\boot.com f:

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Users\Veli-Matti\AppData\Roaming\Mozilla\Firefox\Profiles\iuod546o.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fi.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fi:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 17:10:57
Windows 6.0.6000 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-10-14 17:12:21
ComboFix-quarantined-files.txt 2008-10-14 14:12:19

Ennen ajoa: 203 573 669 888 tavua vapaana
Ajon jälkeen: 203,951,071,232 tavua vapaana

213 --- E O F --- 2008-09-26 15:04:33

[ + lainaa]

Mainos

zd_

Newbie

14. lokakuuta 2008 @ 17:57

Linkki tähän viestiin

Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1268
Windows 6.0.6000

14.10.2008 17:55:08
mbam-log-2008-10-14 (17-55-08).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Tarkistetut kohteet: 127804
Kulunut aika: 27 minute(s), 27 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Pornovid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

[ + lainaa]

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > mahdollisesti jotain häikkää


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.