menin lataan sen meseviruksen ja jotku neuvoivat pasteemaan hjt login tänne
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:07:37, on 4.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
D:\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\winudspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\service.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\mservice.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\explorer.exe
D:\Winamp\winamp.exe
C:\Program Files\EvilLyrics\EvilLyrics.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Documents and Settings\Antti\Työpöytä\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: xxywwXqp - xxywwXqp.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 7812 bytes
mese virus hjt log
10
351
Vastaukset
- FixFix
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.- kusessa
latasin tuon malwarebytesin ja uskoisin sen poistaneen kaikki virukset, laitanpa silti tämän combofix login
ComboFix 08-06-04.3 - Antti 2008-06-05 12:20:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1550 [GMT 3:00]
Running from: C:\Documents and Settings\Antti\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Antti\new.txt
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-05 to 2008-06-05 )))))))))))))))))
.
2008-06-04 13:15 . 2008-06-04 13:15 d-------- C:\Documents and Settings\Antti\Application Data\Malwarebytes
2008-06-04 13:14 . 2008-06-04 13:15 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 13:14 . 2008-06-04 13:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 13:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 13:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-03 23:24 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Antti\setupa.exe
2008-06-03 23:11 . 2008-06-03 23:11 4,217 --a------ C:\WINDOWS\is154890.exe
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:30 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-05-28 09:30 . 2008-05-28 09:30 d-------- C:\Documents and Settings\Antti\Application Data\vlc
2008-05-25 16:58 . 2008-05-25 22:26 d-------- C:\Program Files\EvilLyrics
2008-05-21 21:47 . 2008-05-21 21:56 d-------- C:\Documents and Settings\Antti\Phone Browser
2008-05-21 21:47 . 2008-05-21 21:47 d-------- C:\Documents and Settings\Antti\Application Data\DataLayer
2008-05-21 21:46 . 2008-05-21 21:46 d-------- C:\Documents and Settings\Antti\Application Data\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Common Files\PCSuite
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Common Files\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Documents and Settings\Antti\Application Data\PC Suite
2008-05-21 21:44 . 2008-05-21 21:44 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-18 12:38 . 2008-05-18 12:38 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-05-18 12:38 . 2008-05-18 12:47 35,143 --a------ C:\WINDOWS\DIIUnin.dat
2008-05-18 12:38 . 2008-05-18 12:38 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-05-18 12:31 . 2008-06-03 13:27 d-------- C:\Program Files\Diablo II
2008-05-17 19:41 . 2008-06-03 13:26 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-17 19:32 . 2008-05-18 12:46 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-05-17 19:32 . 2008-05-18 12:46 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-05-17 19:32 . 2008-05-18 12:46 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-05-15 19:31 . 2008-05-15 19:31 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 20:50 . 2008-05-14 20:50 d-------- C:\Program Files\Illustrate
2008-05-14 20:50 . 2008-05-14 20:50 d-------- C:\Documents and Settings\Antti\Application Data\AccurateRip
2008-05-14 20:50 . 2008-05-14 20:49 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-14 20:50 . 2008-05-14 20:50 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-05-14 20:50 . 2008-05-14 20:50 12,896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-05-14 20:41 . 2008-05-14 20:41 d-------- C:\Program Files\Daniusoft
2008-05-13 22:24 . 2008-05-13 22:24 d-------- C:\WINDOWS\Sun
2008-05-13 13:56 . 2008-05-15 08:52 d-------- C:\Documents and Settings\Antti\Application Data\DivX
2008-05-13 13:54 . 2008-05-13 13:54 d-------- C:\Program Files\DivX
2008-05-13 13:54 . 2008-03-21 23:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 13:54 . 2008-03-21 23:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 13:46 . 2008-05-13 13:46 d-------- C:\Program Files\AVIcodec
2008-05-06 14:53 . 2008-05-06 14:53 d-------- C:\Documents and Settings\Antti\Application Data\Logitech
2008-05-06 14:52 . 2008-05-06 14:52 d-------- C:\Program Files\Common Files\LogiShared
2008-05-06 14:52 . 2008-05-06 14:52 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-06 14:49 . 2008-05-06 14:56 d-------- C:\Program Files\Logitech
2008-05-06 14:49 . 2008-05-06 14:56 d-------- C:\Program Files\Common Files\Logitech
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\Antti\Application Data\InstallShield
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 08:52 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-05 08:49 --------- d-----w C:\Documents and Settings\Antti\Application Data\OpenOffice.org2
2008-05-28 06:30 --------- d-----w C:\Documents and Settings\Antti\Application Data\vlc
2008-05-17 12:29 --------- d-----w C:\Program Files\mozilla
2008-05-13 20:40 --------- d-----w C:\Documents and Settings\Antti\Application Data\uTorrent
2008-05-06 14:14 --------- d-----w C:\Documents and Settings\Antti\Application Data\mIRC
2008-05-06 14:06 --------- d-----w C:\Program Files\mIRC
2008-05-06 11:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-06 11:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-04 10:11 --------- d-----w C:\Program Files\CCleaner
2008-05-03 10:48 --------- d-----w C:\Program Files\Ventrilo
2008-05-03 07:45 --------- d-----w C:\Documents and Settings\Antti\Application Data\Winamp
2008-05-02 20:08 --------- d-----w C:\Documents and Settings\Antti\Application Data\Ventrilo
2008-05-02 20:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 18:24 --------- d-----w C:\Program Files\PowerISO
2008-04-28 18:22 --------- d-----w C:\Documents and Settings\Antti\Application Data\DAEMON Tools
2008-04-20 20:53 --------- d-----w C:\Program Files\Lexmark_HostCD
2008-04-20 20:53 --------- d-----w C:\Program Files\Lexmark
2008-04-16 08:39 --------- d-----w C:\Program Files\uTorrent
2008-04-15 14:57 --------- d-----w C:\Program Files\Java
2008-04-15 14:56 --------- d-----w C:\Program Files\Common Files\Java
2008-04-13 11:28 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-08 14:30 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-08 14:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-08 14:16 --------- d--h--r C:\Documents and Settings\Antti\Application Data\SecuROM
2008-04-08 14:08 --------- d-----w C:\Program Files\Alwil Software
2008-04-08 14:04 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-04-08 13:33 --------- d-----w C:\Program Files\Windows Live
2008-04-08 13:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 09:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 08:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 16:52 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-03-24 08:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 02:50 233472]
"WinampAgent"="D:\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 04:22 1126400]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]
C:\Documents and Settings\Antti\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 17:54:44 393216]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-06 14:52:26 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-06 14:50:06 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwXqp]
xxywwXqp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"D:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 12:21:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-05 12:22:08
ComboFix-quarantined-files.txt 2008-06-05 09:22:05
Pre-Run: 30,536,101,888 tavua vapaana
Post-Run: 30,547,443,712 tavua vapaana
185 --- E O F --- 2008-05-28 21:16:30 - FixFix
kusessa kirjoitti:
latasin tuon malwarebytesin ja uskoisin sen poistaneen kaikki virukset, laitanpa silti tämän combofix login
ComboFix 08-06-04.3 - Antti 2008-06-05 12:20:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1550 [GMT 3:00]
Running from: C:\Documents and Settings\Antti\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Antti\new.txt
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-05 to 2008-06-05 )))))))))))))))))
.
2008-06-04 13:15 . 2008-06-04 13:15 d-------- C:\Documents and Settings\Antti\Application Data\Malwarebytes
2008-06-04 13:14 . 2008-06-04 13:15 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 13:14 . 2008-06-04 13:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 13:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 13:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-03 23:24 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Antti\setupa.exe
2008-06-03 23:11 . 2008-06-03 23:11 4,217 --a------ C:\WINDOWS\is154890.exe
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:30 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-05-28 09:30 . 2008-05-28 09:30 d-------- C:\Documents and Settings\Antti\Application Data\vlc
2008-05-25 16:58 . 2008-05-25 22:26 d-------- C:\Program Files\EvilLyrics
2008-05-21 21:47 . 2008-05-21 21:56 d-------- C:\Documents and Settings\Antti\Phone Browser
2008-05-21 21:47 . 2008-05-21 21:47 d-------- C:\Documents and Settings\Antti\Application Data\DataLayer
2008-05-21 21:46 . 2008-05-21 21:46 d-------- C:\Documents and Settings\Antti\Application Data\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Common Files\PCSuite
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Common Files\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Documents and Settings\Antti\Application Data\PC Suite
2008-05-21 21:44 . 2008-05-21 21:44 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-18 12:38 . 2008-05-18 12:38 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-05-18 12:38 . 2008-05-18 12:47 35,143 --a------ C:\WINDOWS\DIIUnin.dat
2008-05-18 12:38 . 2008-05-18 12:38 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-05-18 12:31 . 2008-06-03 13:27 d-------- C:\Program Files\Diablo II
2008-05-17 19:41 . 2008-06-03 13:26 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-17 19:32 . 2008-05-18 12:46 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-05-17 19:32 . 2008-05-18 12:46 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-05-17 19:32 . 2008-05-18 12:46 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-05-15 19:31 . 2008-05-15 19:31 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 20:50 . 2008-05-14 20:50 d-------- C:\Program Files\Illustrate
2008-05-14 20:50 . 2008-05-14 20:50 d-------- C:\Documents and Settings\Antti\Application Data\AccurateRip
2008-05-14 20:50 . 2008-05-14 20:49 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-14 20:50 . 2008-05-14 20:50 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-05-14 20:50 . 2008-05-14 20:50 12,896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-05-14 20:41 . 2008-05-14 20:41 d-------- C:\Program Files\Daniusoft
2008-05-13 22:24 . 2008-05-13 22:24 d-------- C:\WINDOWS\Sun
2008-05-13 13:56 . 2008-05-15 08:52 d-------- C:\Documents and Settings\Antti\Application Data\DivX
2008-05-13 13:54 . 2008-05-13 13:54 d-------- C:\Program Files\DivX
2008-05-13 13:54 . 2008-03-21 23:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 13:54 . 2008-03-21 23:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 13:46 . 2008-05-13 13:46 d-------- C:\Program Files\AVIcodec
2008-05-06 14:53 . 2008-05-06 14:53 d-------- C:\Documents and Settings\Antti\Application Data\Logitech
2008-05-06 14:52 . 2008-05-06 14:52 d-------- C:\Program Files\Common Files\LogiShared
2008-05-06 14:52 . 2008-05-06 14:52 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-06 14:49 . 2008-05-06 14:56 d-------- C:\Program Files\Logitech
2008-05-06 14:49 . 2008-05-06 14:56 d-------- C:\Program Files\Common Files\Logitech
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\Antti\Application Data\InstallShield
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 08:52 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-05 08:49 --------- d-----w C:\Documents and Settings\Antti\Application Data\OpenOffice.org2
2008-05-28 06:30 --------- d-----w C:\Documents and Settings\Antti\Application Data\vlc
2008-05-17 12:29 --------- d-----w C:\Program Files\mozilla
2008-05-13 20:40 --------- d-----w C:\Documents and Settings\Antti\Application Data\uTorrent
2008-05-06 14:14 --------- d-----w C:\Documents and Settings\Antti\Application Data\mIRC
2008-05-06 14:06 --------- d-----w C:\Program Files\mIRC
2008-05-06 11:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-06 11:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-04 10:11 --------- d-----w C:\Program Files\CCleaner
2008-05-03 10:48 --------- d-----w C:\Program Files\Ventrilo
2008-05-03 07:45 --------- d-----w C:\Documents and Settings\Antti\Application Data\Winamp
2008-05-02 20:08 --------- d-----w C:\Documents and Settings\Antti\Application Data\Ventrilo
2008-05-02 20:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 18:24 --------- d-----w C:\Program Files\PowerISO
2008-04-28 18:22 --------- d-----w C:\Documents and Settings\Antti\Application Data\DAEMON Tools
2008-04-20 20:53 --------- d-----w C:\Program Files\Lexmark_HostCD
2008-04-20 20:53 --------- d-----w C:\Program Files\Lexmark
2008-04-16 08:39 --------- d-----w C:\Program Files\uTorrent
2008-04-15 14:57 --------- d-----w C:\Program Files\Java
2008-04-15 14:56 --------- d-----w C:\Program Files\Common Files\Java
2008-04-13 11:28 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-08 14:30 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-08 14:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-08 14:16 --------- d--h--r C:\Documents and Settings\Antti\Application Data\SecuROM
2008-04-08 14:08 --------- d-----w C:\Program Files\Alwil Software
2008-04-08 14:04 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-04-08 13:33 --------- d-----w C:\Program Files\Windows Live
2008-04-08 13:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 09:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 08:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 16:52 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-03-24 08:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 02:50 233472]
"WinampAgent"="D:\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 04:22 1126400]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]
C:\Documents and Settings\Antti\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 17:54:44 393216]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-06 14:52:26 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-06 14:50:06 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwXqp]
xxywwXqp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"D:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 12:21:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-05 12:22:08
ComboFix-quarantined-files.txt 2008-06-05 09:22:05
Pre-Run: 30,536,101,888 tavua vapaana
Post-Run: 30,547,443,712 tavua vapaana
185 --- E O F --- 2008-05-28 21:16:30kyllä tämä tästä
***
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\WINDOWS\is154890.exe
C:\WINDOWS\service.exe
C:\Windows\mservice.exe
C:\WINDOWS\winudspm.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
****
pistä combofix loki
ja scannaa uusi hjt:n loki - kusessa
FixFix kirjoitti:
kyllä tämä tästä
***
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\WINDOWS\is154890.exe
C:\WINDOWS\service.exe
C:\Windows\mservice.exe
C:\WINDOWS\winudspm.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
****
pistä combofix loki
ja scannaa uusi hjt:n lokitein kuten käskettiin, tietokonetta ei kyllä tarvinnut käynnistää uudelleen. tässä kuitenkin se combofix
ComboFix 08-06-04.3 - Antti 2008-06-05 16:08:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1539 [GMT 3:00]
Running from: C:\Documents and Settings\Antti\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Antti\Omat tiedostot\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\is154890.exe
C:\Windows\mservice.exe
C:\WINDOWS\service.exe
C:\WINDOWS\winudspm.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\is154890.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-05 to 2008-06-05 )))))))))))))))))
.
2008-06-04 13:15 . 2008-06-04 13:15 d-------- C:\Documents and Settings\Antti\Application Data\Malwarebytes
2008-06-04 13:14 . 2008-06-04 13:15 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 13:14 . 2008-06-04 13:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 13:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 13:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-03 23:24 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Antti\setupa.exe
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:30 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-05-28 09:30 . 2008-05-28 09:30 d-------- C:\Documents and Settings\Antti\Application Data\vlc
2008-05-25 16:58 . 2008-05-25 22:26 d-------- C:\Program Files\EvilLyrics
2008-05-21 21:47 . 2008-05-21 21:56 d-------- C:\Documents and Settings\Antti\Phone Browser
2008-05-21 21:47 . 2008-05-21 21:47 d-------- C:\Documents and Settings\Antti\Application Data\DataLayer
2008-05-21 21:46 . 2008-05-21 21:46 d-------- C:\Documents and Settings\Antti\Application Data\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Common Files\PCSuite
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Common Files\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Documents and Settings\Antti\Application Data\PC Suite
2008-05-21 21:44 . 2008-05-21 21:44 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-18 12:38 . 2008-05-18 12:38 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-05-18 12:38 . 2008-05-18 12:47 35,143 --a------ C:\WINDOWS\DIIUnin.dat
2008-05-18 12:38 . 2008-05-18 12:38 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-05-18 12:31 . 2008-06-03 13:27 d-------- C:\Program Files\Diablo II
2008-05-17 19:41 . 2008-06-03 13:26 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-17 19:32 . 2008-05-18 12:46 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-05-17 19:32 . 2008-05-18 12:46 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-05-17 19:32 . 2008-05-18 12:46 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-05-15 19:31 . 2008-05-15 19:31 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 20:50 . 2008-05-14 20:50 d-------- C:\Program Files\Illustrate
2008-05-14 20:50 . 2008-05-14 20:50 d-------- C:\Documents and Settings\Antti\Application Data\AccurateRip
2008-05-14 20:50 . 2008-05-14 20:49 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-14 20:50 . 2008-05-14 20:50 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-05-14 20:50 . 2008-05-14 20:50 12,896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-05-14 20:41 . 2008-05-14 20:41 d-------- C:\Program Files\Daniusoft
2008-05-13 22:24 . 2008-05-13 22:24 d-------- C:\WINDOWS\Sun
2008-05-13 13:56 . 2008-05-15 08:52 d-------- C:\Documents and Settings\Antti\Application Data\DivX
2008-05-13 13:54 . 2008-05-13 13:54 d-------- C:\Program Files\DivX
2008-05-13 13:54 . 2008-03-21 23:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 13:54 . 2008-03-21 23:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 13:46 . 2008-05-13 13:46 d-------- C:\Program Files\AVIcodec
2008-05-06 14:53 . 2008-05-06 14:53 d-------- C:\Documents and Settings\Antti\Application Data\Logitech
2008-05-06 14:52 . 2008-05-06 14:52 d-------- C:\Program Files\Common Files\LogiShared
2008-05-06 14:52 . 2008-05-06 14:52 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-06 14:49 . 2008-05-06 14:56 d-------- C:\Program Files\Logitech
2008-05-06 14:49 . 2008-05-06 14:56 d-------- C:\Program Files\Common Files\Logitech
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\Antti\Application Data\InstallShield
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 11:52 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-05 08:49 --------- d-----w C:\Documents and Settings\Antti\Application Data\OpenOffice.org2
2008-05-28 06:30 --------- d-----w C:\Documents and Settings\Antti\Application Data\vlc
2008-05-17 12:29 --------- d-----w C:\Program Files\mozilla
2008-05-13 20:40 --------- d-----w C:\Documents and Settings\Antti\Application Data\uTorrent
2008-05-06 14:14 --------- d-----w C:\Documents and Settings\Antti\Application Data\mIRC
2008-05-06 14:06 --------- d-----w C:\Program Files\mIRC
2008-05-06 11:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-06 11:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-04 10:11 --------- d-----w C:\Program Files\CCleaner
2008-05-03 10:48 --------- d-----w C:\Program Files\Ventrilo
2008-05-03 07:45 --------- d-----w C:\Documents and Settings\Antti\Application Data\Winamp
2008-05-02 20:08 --------- d-----w C:\Documents and Settings\Antti\Application Data\Ventrilo
2008-05-02 20:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 18:24 --------- d-----w C:\Program Files\PowerISO
2008-04-28 18:22 --------- d-----w C:\Documents and Settings\Antti\Application Data\DAEMON Tools
2008-04-20 20:53 --------- d-----w C:\Program Files\Lexmark_HostCD
2008-04-20 20:53 --------- d-----w C:\Program Files\Lexmark
2008-04-16 08:39 --------- d-----w C:\Program Files\uTorrent
2008-04-15 14:57 --------- d-----w C:\Program Files\Java
2008-04-15 14:56 --------- d-----w C:\Program Files\Common Files\Java
2008-04-13 11:28 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-08 14:30 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-08 14:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-08 14:16 --------- d--h--r C:\Documents and Settings\Antti\Application Data\SecuROM
2008-04-08 14:08 --------- d-----w C:\Program Files\Alwil Software
2008-04-08 14:04 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-04-08 13:33 --------- d-----w C:\Program Files\Windows Live
2008-04-08 13:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 09:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 08:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 16:52 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-03-24 08:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 02:50 233472]
"WinampAgent"="D:\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 04:22 1126400]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]
C:\Documents and Settings\Antti\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 17:54:44 393216]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-06 14:52:26 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-06 14:50:06 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwXqp]
xxywwXqp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"D:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 16:09:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-05 16:09:51
ComboFix-quarantined-files.txt 2008-06-05 13:09:47
ComboFix2.txt 2008-06-05 09:22:09
Pre-Run: 30,515,097,600 tavua vapaana
Post-Run: 30,507,356,160 tavua vapaana
191 --- E O F --- 2008-05-28 21:16:30 - FixFix
kusessa kirjoitti:
tein kuten käskettiin, tietokonetta ei kyllä tarvinnut käynnistää uudelleen. tässä kuitenkin se combofix
ComboFix 08-06-04.3 - Antti 2008-06-05 16:08:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1539 [GMT 3:00]
Running from: C:\Documents and Settings\Antti\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Antti\Omat tiedostot\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\is154890.exe
C:\Windows\mservice.exe
C:\WINDOWS\service.exe
C:\WINDOWS\winudspm.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\is154890.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-05 to 2008-06-05 )))))))))))))))))
.
2008-06-04 13:15 . 2008-06-04 13:15 d-------- C:\Documents and Settings\Antti\Application Data\Malwarebytes
2008-06-04 13:14 . 2008-06-04 13:15 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 13:14 . 2008-06-04 13:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 13:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 13:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-03 23:24 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Antti\setupa.exe
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:30 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-05-28 09:30 . 2008-05-28 09:30 d-------- C:\Documents and Settings\Antti\Application Data\vlc
2008-05-25 16:58 . 2008-05-25 22:26 d-------- C:\Program Files\EvilLyrics
2008-05-21 21:47 . 2008-05-21 21:56 d-------- C:\Documents and Settings\Antti\Phone Browser
2008-05-21 21:47 . 2008-05-21 21:47 d-------- C:\Documents and Settings\Antti\Application Data\DataLayer
2008-05-21 21:46 . 2008-05-21 21:46 d-------- C:\Documents and Settings\Antti\Application Data\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Common Files\PCSuite
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Program Files\Common Files\Nokia
2008-05-21 21:45 . 2008-05-21 21:45 d-------- C:\Documents and Settings\Antti\Application Data\PC Suite
2008-05-21 21:44 . 2008-05-21 21:44 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-18 12:38 . 2008-05-18 12:38 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-05-18 12:38 . 2008-05-18 12:47 35,143 --a------ C:\WINDOWS\DIIUnin.dat
2008-05-18 12:38 . 2008-05-18 12:38 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-05-18 12:31 . 2008-06-03 13:27 d-------- C:\Program Files\Diablo II
2008-05-17 19:41 . 2008-06-03 13:26 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-17 19:32 . 2008-05-18 12:46 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-05-17 19:32 . 2008-05-18 12:46 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-05-17 19:32 . 2008-05-18 12:46 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-05-15 19:31 . 2008-05-15 19:31 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 20:50 . 2008-05-14 20:50 d-------- C:\Program Files\Illustrate
2008-05-14 20:50 . 2008-05-14 20:50 d-------- C:\Documents and Settings\Antti\Application Data\AccurateRip
2008-05-14 20:50 . 2008-05-14 20:49 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-14 20:50 . 2008-05-14 20:50 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-05-14 20:50 . 2008-05-14 20:50 12,896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-05-14 20:41 . 2008-05-14 20:41 d-------- C:\Program Files\Daniusoft
2008-05-13 22:24 . 2008-05-13 22:24 d-------- C:\WINDOWS\Sun
2008-05-13 13:56 . 2008-05-15 08:52 d-------- C:\Documents and Settings\Antti\Application Data\DivX
2008-05-13 13:54 . 2008-05-13 13:54 d-------- C:\Program Files\DivX
2008-05-13 13:54 . 2008-03-21 23:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 13:54 . 2008-03-21 23:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 13:46 . 2008-05-13 13:46 d-------- C:\Program Files\AVIcodec
2008-05-06 14:53 . 2008-05-06 14:53 d-------- C:\Documents and Settings\Antti\Application Data\Logitech
2008-05-06 14:52 . 2008-05-06 14:52 d-------- C:\Program Files\Common Files\LogiShared
2008-05-06 14:52 . 2008-05-06 14:52 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-06 14:49 . 2008-05-06 14:56 d-------- C:\Program Files\Logitech
2008-05-06 14:49 . 2008-05-06 14:56 d-------- C:\Program Files\Common Files\Logitech
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\Antti\Application Data\InstallShield
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-06 14:49 . 2008-05-06 14:49 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 11:52 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-05 08:49 --------- d-----w C:\Documents and Settings\Antti\Application Data\OpenOffice.org2
2008-05-28 06:30 --------- d-----w C:\Documents and Settings\Antti\Application Data\vlc
2008-05-17 12:29 --------- d-----w C:\Program Files\mozilla
2008-05-13 20:40 --------- d-----w C:\Documents and Settings\Antti\Application Data\uTorrent
2008-05-06 14:14 --------- d-----w C:\Documents and Settings\Antti\Application Data\mIRC
2008-05-06 14:06 --------- d-----w C:\Program Files\mIRC
2008-05-06 11:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-06 11:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-04 10:11 --------- d-----w C:\Program Files\CCleaner
2008-05-03 10:48 --------- d-----w C:\Program Files\Ventrilo
2008-05-03 07:45 --------- d-----w C:\Documents and Settings\Antti\Application Data\Winamp
2008-05-02 20:08 --------- d-----w C:\Documents and Settings\Antti\Application Data\Ventrilo
2008-05-02 20:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 18:24 --------- d-----w C:\Program Files\PowerISO
2008-04-28 18:22 --------- d-----w C:\Documents and Settings\Antti\Application Data\DAEMON Tools
2008-04-20 20:53 --------- d-----w C:\Program Files\Lexmark_HostCD
2008-04-20 20:53 --------- d-----w C:\Program Files\Lexmark
2008-04-16 08:39 --------- d-----w C:\Program Files\uTorrent
2008-04-15 14:57 --------- d-----w C:\Program Files\Java
2008-04-15 14:56 --------- d-----w C:\Program Files\Common Files\Java
2008-04-13 11:28 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-08 14:30 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-08 14:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-08 14:16 --------- d--h--r C:\Documents and Settings\Antti\Application Data\SecuROM
2008-04-08 14:08 --------- d-----w C:\Program Files\Alwil Software
2008-04-08 14:04 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-04-08 13:33 --------- d-----w C:\Program Files\Windows Live
2008-04-08 13:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 09:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 08:38 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 16:52 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-03-24 08:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 02:50 233472]
"WinampAgent"="D:\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 04:22 1126400]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]
C:\Documents and Settings\Antti\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 17:54:44 393216]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-06 14:52:26 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-06 14:50:06 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwXqp]
xxywwXqp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"D:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 16:09:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-05 16:09:51
ComboFix-quarantined-files.txt 2008-06-05 13:09:47
ComboFix2.txt 2008-06-05 09:22:09
Pre-Run: 30,515,097,600 tavua vapaana
Post-Run: 30,507,356,160 tavua vapaana
191 --- E O F --- 2008-05-28 21:16:30uusi scannattu hjtn loki
- kusessa
FixFix kirjoitti:
uusi scannattu hjtn loki
tässä
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:00:08, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
D:\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Antti\Työpöytä\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: xxywwXqp - xxywwXqp.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 7583 bytes - FixFix
kusessa kirjoitti:
tässä
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:00:08, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
D:\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Antti\Työpöytä\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: xxywwXqp - xxywwXqp.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 7583 bytesvähän vielä korjataan
scannaa hjt:llä merkkaa paina Fix checked
O20 - Winlogon Notify: xxywwXqp - xxywwXqp.dll (file missing)
********
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
******
sitten poista tuo hjt
==>Trend Micro HijackThis v2.0.0 (BETA) - kusessa
FixFix kirjoitti:
vähän vielä korjataan
scannaa hjt:llä merkkaa paina Fix checked
O20 - Winlogon Notify: xxywwXqp - xxywwXqp.dll (file missing)
********
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
******
sitten poista tuo hjt
==>Trend Micro HijackThis v2.0.0 (BETA)uusi hjt loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:47:30, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
D:\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6321 bytes
malwerebyte loki
Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 821
1:04:48 6.6.2008
mbam-log-6-6-2008 (01-04-48).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|)
Tarkistetut kohteet: 70643
Kulunut aika: 15 minute(s), 16 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty) - FixFix
kusessa kirjoitti:
uusi hjt loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:47:30, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
D:\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6321 bytes
malwerebyte loki
Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 821
1:04:48 6.6.2008
mbam-log-6-6-2008 (01-04-48).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|)
Tarkistetut kohteet: 70643
Kulunut aika: 15 minute(s), 16 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)toimii jo täysillä :)
Lataa: RegSeeker.zip työpöydälle:
http://fileforum.betanews.com/detail/RegSeeker/1035382760/1
Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen. - kusessa
FixFix kirjoitti:
toimii jo täysillä :)
Lataa: RegSeeker.zip työpöydälle:
http://fileforum.betanews.com/detail/RegSeeker/1035382760/1
Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.nyt on kaikki tehty, luulis viruksen poistuneen.
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornosta
https://www.kymensanomat.fi/paikalliset/8081054 Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornon hallussapi1233134Vanhalle ukon rähjälle
Satutit mua niin paljon kun erottiin. Oletko todella niin itsekäs että kuvittelet että huolisin sut kaiken tapahtuneen372496Olen tosi outo....
Päättelen palstajuttujen perusteella mitä mieltä minun kaipauksen kohde minusta on. Joskus kuvittelen tänne selkeitä tap302435Maisa on SALAKUVATTU huumepoliisinsa kanssa!
https://www.seiska.fi/vain-seiskassa/ensimmainen-yhteiskuva-maisa-torpan-ja-poliisikullan-lahiorakkaus-roihuaa/15256631112159- 1141700
Hommaatko kinkkua jouluksi?
Itse tein pakastimeen n. 3Kg:n murekkeen sienillä ja juustokuorrutuksella. Voihan se olla, että jonkun pienen, valmiin k1721406Nurmossa kuoli 2 Lasta..
Autokolarissa. Näin kertovat iltapäivälehdet juuri nyt. 22.11. Ja aina ennen Joulua näitä tulee. . .261345Aatteleppa ite!
Jos ei oltaisikaan nyt NATOssa, olisimme puolueettomana sivustakatsojia ja elelisimme tyytyväisenä rauhassa maassamme.2911239Mikko Koivu yrittää pestä mustan valkoiseksi
Ilmeisesti huomannut, että Helenan tukijoukot kasvaa kasvamistaan. Riistakamera paljasti hiljattain kylmän totuuden Mi2791231- 621077