Eli kone vähän hidastellu viime aikoina, eli löytyskö jotain?
Kiitoksiidia jo etukäteen..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:21, on 19.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Users\Toni\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\pelit\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Lataa FDM:llä - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lataa kaikki FDM:llä - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9474 bytes
HJT-loki putsattavaksi
4
306
Vastaukset
- ----
Poista lisää poista sovelutuksesta
ShoppingReport
Poista kansio vikasiedossa
C:\Program Files\==> ShoppingReport- josjotainon
Ok, fixailin hjt:llä noi pari kohtaa ja poistin sen yhden kansion, tässä sitten combofixin raportti..
ComboFix 08-03-18.1 - Toni 2008-03-20 18:57:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1294 [GMT 2:00]
Running from: C:\Users\Toni\Desktop\Roinaa\Tarpeellinen\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-20 to 2008-03-20 )))))))))))))))))
.
2008-03-19 23:07 . 2008-03-19 23:07 d-------- C:\Program Files\Trend Micro
2008-03-18 18:57 . 2007-07-27 03:07 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-03-18 18:57 . 2007-07-27 04:17 36,864 --a------ C:\Windows\System32\cdd.dll
2008-03-17 18:47 . 2008-03-18 16:58 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-17 15:46 . 2008-03-17 15:46 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-03-17 15:46 . 2008-03-17 15:46 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-03-17 15:20 . 2008-03-17 15:20 d-------- C:\Users\Toni\AppData\Roaming\DAEMON Tools Pro
2008-03-13 15:42 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-13 15:42 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-06 10:15 . 2008-03-06 10:15 286 --a------ C:\Windows\vtmb.ini
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:55 --------- d-----w C:\Users\Toni\AppData\Roaming\Free Download Manager
2008-03-20 16:55 --------- d-----w C:\Users\Toni\AppData\Roaming\AVG7
2008-03-19 17:06 27,744 ----a-w C:\Users\Toni\AppData\Roaming\nvModes.dat
2008-03-19 16:11 --------- d-----w C:\Users\Toni\AppData\Roaming\uTorrent
2008-03-18 20:27 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-18 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 16:52 --------- d-----w C:\Users\Toni\AppData\Roaming\Skype
2008-03-18 16:50 --------- d-----w C:\Users\Toni\AppData\Roaming\skypePM
2008-03-17 13:39 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-14 13:28 --------- d-----w C:\Program Files\Windows Mail
2008-03-14 13:18 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-10 07:55 4,492 ----a-w C:\Users\Toni\AppData\Roaming\wklnhst.dat
2008-03-05 10:37 --------- d-----w C:\Program Files\Warcraft III
2008-02-15 14:53 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 14:53 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 14:48 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 14:48 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 14:48 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 14:48 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 14:48 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 14:48 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 14:48 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 14:48 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 14:48 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 14:48 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 14:48 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-15 14:48 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 14:47 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 14:47 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 14:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 14:47 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 14:47 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 14:47 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 14:44 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 14:44 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 14:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 14:44 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 09:06 --------- d-----w C:\Users\Toni\AppData\Roaming\Hamachi
2008-02-11 08:28 --------- d-----w C:\Program Files\Diablo II
2008-02-07 15:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 15:16 --------- d-----w C:\ProgramData\Symantec
2008-02-07 15:16 --------- d-----w C:\Program Files\Symantec
2008-02-02 17:44 --------- d-----w C:\Program Files\ToniArts
2008-01-25 20:47 --------- d-----w C:\Users\Toni\AppData\Roaming\DAEMON Tools
2008-01-14 11:55 174 --sha-w C:\Program Files\desktop.ini
2008-01-14 11:43 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-14 11:43 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-14 11:43 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-14 11:43 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-14 11:42 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-14 11:42 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-13 17:12 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-01-10 20:54 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-08 15:19 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-08 15:19 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 21:48 360,448 ----a-w C:\Windows\System32\nvuninst.exe
2007-12-30 18:47 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-10 17:08 171448]
"Steam"="d:\pelit\steam.exe" [2007-12-15 15:56 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 14:50 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-02 19:08 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-02 19:08 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-02 19:08 81920]
"nwiz"="nwiz.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-14 13:40 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-14 13:40 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67C1EF2A-B860-4456-BCD1-B25F1B5C5455}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5729045D-9D55-4D83-A466-8D9154487C09}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{61B0293A-B10B-440F-8D17-67169C2AFF18}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{F9AA3A8B-33FF-4595-9D2A-50E5A2D7D466}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{72CCFB5F-F846-4DC7-8E3F-781D842BC764}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{C30C765D-3687-423C-92D8-3B45E32B7BB3}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{59F429A3-20A2-49DC-B088-B326AD078E70}"= UDP:D:\Pelit 2\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{0964BBCA-DD1E-46EE-A903-BA1C0AA32C95}"= TCP:D:\Pelit 2\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{72197B78-9F44-4403-8AAE-0F70CFA59C9E}"= UDP:D:\Pelit 2\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{C28014AF-ED81-48E6-ADFB-080B3046EE93}"= TCP:D:\Pelit 2\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{5412BEF4-FA9D-483A-A171-A9552D737430}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3DC969F9-B816-49C0-9B84-67BB804CD37D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{2240ABD0-241C-4123-8F01-EAF1142AD574}D:\\pelit\\steamapps\\yurrrnerro\\counter-strike source\\hl2.exe"= UDP:D:\pelit\steamapps\yurrrnerro\counter-strike source\hl2.exe:hl2
"UDP Query User{51E87D99-C478-481E-916D-480B849897C5}D:\\pelit\\steamapps\\yurrrnerro\\counter-strike source\\hl2.exe"= TCP:D:\pelit\steamapps\yurrrnerro\counter-strike source\hl2.exe:hl2
"TCP Query User{66431FFA-661F-4E82-A81E-AA064CF58F8E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{42335E2D-9FF6-4B1D-87B8-84E6FB7642CC}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{51E60828-C402-4B01-8068-BB357082A90E}C:\\program files\\diablo ii\\game.exe"= UDP:C:\program files\diablo ii\game.exe:Diablo II
"UDP Query User{7FB6F179-5F7E-4A37-B2C5-9C5FBE1B5B15}C:\\program files\\diablo ii\\game.exe"= TCP:C:\program files\diablo ii\game.exe:Diablo II
"TCP Query User{E041BBB4-4B9B-477B-83AB-A2C9BDD5C2BA}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{B56DC642-39E6-4013-BF3D-2BD62382DC65}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{337B8796-43FC-4FF1-AEAF-195903A5C01E}C:\\users\\toni\\desktop\\roinaa\\tarpeellinen\\blan\\blan.exe"= UDP:C:\users\toni\desktop\roinaa\tarpeellinen\blan\blan.exe:blan.exe
"UDP Query User{6FFB1B4F-BEDB-44CD-B865-468AAC92C7B8}C:\\users\\toni\\desktop\\roinaa\\tarpeellinen\\blan\\blan.exe"= TCP:C:\users\toni\desktop\roinaa\tarpeellinen\blan\blan.exe:blan.exe
"TCP Query User{0D0C04DF-085B-4E4B-8645-95EDE4F477BD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{91480C90-ACF5-4122-B3CC-121C02329942}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DD77C0E0-BF0D-48F2-B7EE-C20D9D6C6B8F}D:\\pelit 2\\empire interactive\\flatout2\\flatout2.exe"= UDP:D:\pelit 2\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{5DC64B87-B6C5-4EC3-A458-56F9C705469E}D:\\pelit 2\\empire interactive\\flatout2\\flatout2.exe"= TCP:D:\pelit 2\empire interactive\flatout2\flatout2.exe:FlatOut2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 02:46]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-18 22:27]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 03:05]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-13 15:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2748ce79-8e43-11dc-9731-806e6f6e6963}]
\shell\AutoRun\command - F:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{904d3c12-cb85-11dc-9185-001b385219ed}]
\shell\AutoRun\command - H:\Setup\rsrc\Autorun.exe
\shell\dinstall\command - H:\Directx\dxsetup.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 18:58:56
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-20 18:59:26
ComboFix-quarantined-files.txt 2008-03-20 16:59:23
.
2008-03-20 16:36:47 --- E O F --- - -----
josjotainon kirjoitti:
Ok, fixailin hjt:llä noi pari kohtaa ja poistin sen yhden kansion, tässä sitten combofixin raportti..
ComboFix 08-03-18.1 - Toni 2008-03-20 18:57:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1294 [GMT 2:00]
Running from: C:\Users\Toni\Desktop\Roinaa\Tarpeellinen\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-20 to 2008-03-20 )))))))))))))))))
.
2008-03-19 23:07 . 2008-03-19 23:07 d-------- C:\Program Files\Trend Micro
2008-03-18 18:57 . 2007-07-27 03:07 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-03-18 18:57 . 2007-07-27 04:17 36,864 --a------ C:\Windows\System32\cdd.dll
2008-03-17 18:47 . 2008-03-18 16:58 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-17 15:46 . 2008-03-17 15:46 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-03-17 15:46 . 2008-03-17 15:46 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-03-17 15:20 . 2008-03-17 15:20 d-------- C:\Users\Toni\AppData\Roaming\DAEMON Tools Pro
2008-03-13 15:42 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-13 15:42 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-06 10:15 . 2008-03-06 10:15 286 --a------ C:\Windows\vtmb.ini
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:55 --------- d-----w C:\Users\Toni\AppData\Roaming\Free Download Manager
2008-03-20 16:55 --------- d-----w C:\Users\Toni\AppData\Roaming\AVG7
2008-03-19 17:06 27,744 ----a-w C:\Users\Toni\AppData\Roaming\nvModes.dat
2008-03-19 16:11 --------- d-----w C:\Users\Toni\AppData\Roaming\uTorrent
2008-03-18 20:27 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-18 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 16:52 --------- d-----w C:\Users\Toni\AppData\Roaming\Skype
2008-03-18 16:50 --------- d-----w C:\Users\Toni\AppData\Roaming\skypePM
2008-03-17 13:39 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-14 13:28 --------- d-----w C:\Program Files\Windows Mail
2008-03-14 13:18 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-10 07:55 4,492 ----a-w C:\Users\Toni\AppData\Roaming\wklnhst.dat
2008-03-05 10:37 --------- d-----w C:\Program Files\Warcraft III
2008-02-15 14:53 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 14:53 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 14:48 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 14:48 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 14:48 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 14:48 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 14:48 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 14:48 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 14:48 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 14:48 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 14:48 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 14:48 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 14:48 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-15 14:48 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 14:47 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 14:47 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 14:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 14:47 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 14:47 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 14:47 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 14:44 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 14:44 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 14:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 14:44 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 09:06 --------- d-----w C:\Users\Toni\AppData\Roaming\Hamachi
2008-02-11 08:28 --------- d-----w C:\Program Files\Diablo II
2008-02-07 15:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 15:16 --------- d-----w C:\ProgramData\Symantec
2008-02-07 15:16 --------- d-----w C:\Program Files\Symantec
2008-02-02 17:44 --------- d-----w C:\Program Files\ToniArts
2008-01-25 20:47 --------- d-----w C:\Users\Toni\AppData\Roaming\DAEMON Tools
2008-01-14 11:55 174 --sha-w C:\Program Files\desktop.ini
2008-01-14 11:43 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-14 11:43 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-14 11:43 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-14 11:43 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-14 11:42 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-14 11:42 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-13 17:12 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-01-10 20:54 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-08 15:19 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-08 15:19 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 21:48 360,448 ----a-w C:\Windows\System32\nvuninst.exe
2007-12-30 18:47 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-10 17:08 171448]
"Steam"="d:\pelit\steam.exe" [2007-12-15 15:56 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 14:50 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-02 19:08 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-02 19:08 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-02 19:08 81920]
"nwiz"="nwiz.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-14 13:40 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-14 13:40 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67C1EF2A-B860-4456-BCD1-B25F1B5C5455}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5729045D-9D55-4D83-A466-8D9154487C09}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{61B0293A-B10B-440F-8D17-67169C2AFF18}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{F9AA3A8B-33FF-4595-9D2A-50E5A2D7D466}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{72CCFB5F-F846-4DC7-8E3F-781D842BC764}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{C30C765D-3687-423C-92D8-3B45E32B7BB3}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{59F429A3-20A2-49DC-B088-B326AD078E70}"= UDP:D:\Pelit 2\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{0964BBCA-DD1E-46EE-A903-BA1C0AA32C95}"= TCP:D:\Pelit 2\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{72197B78-9F44-4403-8AAE-0F70CFA59C9E}"= UDP:D:\Pelit 2\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{C28014AF-ED81-48E6-ADFB-080B3046EE93}"= TCP:D:\Pelit 2\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{5412BEF4-FA9D-483A-A171-A9552D737430}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3DC969F9-B816-49C0-9B84-67BB804CD37D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{2240ABD0-241C-4123-8F01-EAF1142AD574}D:\\pelit\\steamapps\\yurrrnerro\\counter-strike source\\hl2.exe"= UDP:D:\pelit\steamapps\yurrrnerro\counter-strike source\hl2.exe:hl2
"UDP Query User{51E87D99-C478-481E-916D-480B849897C5}D:\\pelit\\steamapps\\yurrrnerro\\counter-strike source\\hl2.exe"= TCP:D:\pelit\steamapps\yurrrnerro\counter-strike source\hl2.exe:hl2
"TCP Query User{66431FFA-661F-4E82-A81E-AA064CF58F8E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{42335E2D-9FF6-4B1D-87B8-84E6FB7642CC}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{51E60828-C402-4B01-8068-BB357082A90E}C:\\program files\\diablo ii\\game.exe"= UDP:C:\program files\diablo ii\game.exe:Diablo II
"UDP Query User{7FB6F179-5F7E-4A37-B2C5-9C5FBE1B5B15}C:\\program files\\diablo ii\\game.exe"= TCP:C:\program files\diablo ii\game.exe:Diablo II
"TCP Query User{E041BBB4-4B9B-477B-83AB-A2C9BDD5C2BA}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{B56DC642-39E6-4013-BF3D-2BD62382DC65}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{337B8796-43FC-4FF1-AEAF-195903A5C01E}C:\\users\\toni\\desktop\\roinaa\\tarpeellinen\\blan\\blan.exe"= UDP:C:\users\toni\desktop\roinaa\tarpeellinen\blan\blan.exe:blan.exe
"UDP Query User{6FFB1B4F-BEDB-44CD-B865-468AAC92C7B8}C:\\users\\toni\\desktop\\roinaa\\tarpeellinen\\blan\\blan.exe"= TCP:C:\users\toni\desktop\roinaa\tarpeellinen\blan\blan.exe:blan.exe
"TCP Query User{0D0C04DF-085B-4E4B-8645-95EDE4F477BD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{91480C90-ACF5-4122-B3CC-121C02329942}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DD77C0E0-BF0D-48F2-B7EE-C20D9D6C6B8F}D:\\pelit 2\\empire interactive\\flatout2\\flatout2.exe"= UDP:D:\pelit 2\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{5DC64B87-B6C5-4EC3-A458-56F9C705469E}D:\\pelit 2\\empire interactive\\flatout2\\flatout2.exe"= TCP:D:\pelit 2\empire interactive\flatout2\flatout2.exe:FlatOut2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 02:46]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-18 22:27]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 03:05]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-13 15:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2748ce79-8e43-11dc-9731-806e6f6e6963}]
\shell\AutoRun\command - F:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{904d3c12-cb85-11dc-9185-001b385219ed}]
\shell\AutoRun\command - H:\Setup\rsrc\Autorun.exe
\shell\dinstall\command - H:\Directx\dxsetup.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 18:58:56
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-20 18:59:26
ComboFix-quarantined-files.txt 2008-03-20 16:59:23
.
2008-03-20 16:36:47 --- E O F ---hjt:n loki
- josjotainon
----- kirjoitti:
hjt:n loki
hjt:n logi, saamas pitää..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:24, on 20.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Pelit\Steam.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\google\googletoolbar1user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\pelit\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Lataa FDM:llä - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lataa kaikki FDM:llä - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8691 bytes
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Oletko kertonut jo muille tunteistasi?
Ystävillesi esimerkiksi? Minä en ole vielä kertonut kenellekään tästä meidän jutusta.774592- 1801837
- 1241540
- 351016
Miten minusta tuntuu että kaikki tietää sun tunteista mua kohtaan
Paitsi suoraan minä itse, vai mitä hlvettiä täällä tapahtuu ja miksi ihmiset susta kyselee minulta 🤔❤️16981- 103930
- 78913
Hyvää huomenta!
Mietin miten suhtaudut minuun, jos kerron tunteista. Voinko enää sen jälkeen olla samassa paikassa kanssasi, jos koet as78842- 45807
- 4798