Työpöydälläni on seuraavanlainen ikkuna :
"Spyware detected on your computer, install an antivirus or spyware remover to clean your computer"
Mulla on käytössä Aviran antivirus, joka herjailee tuon tuosta Trojalaisia : VBS/Agent.1002, TR/Crypt.Xpack.gen ja TR/Peed.A.661 yms. enkä saa niitä poistettua! Olisko ketään joka pystyis auttamaan? Tässä HijackThis loki. Kiitti!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:15, on 21.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\lphcn0oj0egct.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - I:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphcn0oj0egct] C:\WINDOWS\system32\lphcn0oj0egct.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://I:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://I:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://I:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - I:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
--
End of file - 10038 bytes
Apua virusten poistoon
13
1900
Vastaukset
- 123321
Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.- Mikko6773
Oon töissä aamukuuteen, joten lähetän listauksen kunhan pääsen kotio :) Kiitti jo tästä!
- Mikko6773
Mikko6773 kirjoitti:
Oon töissä aamukuuteen, joten lähetän listauksen kunhan pääsen kotio :) Kiitti jo tästä!
SmitFraudFix v2.339
Scan done at 6:59:53,92, pe 22.08.2008
Run from C:\Documents and Settings\Mikko Kirjavainen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\lphcn0oj0egct.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Kirjavainen
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Kirjavainen\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKOK~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: AMD PCnet-Home Based Network Adapter (Generic)
DNS Server Search Order: 85.194.193.94
DNS Server Search Order: 85.194.193.92
DNS Server Search Order: 85.194.193.91
DNS Server Search Order: 85.194.193.90
DNS Server Search Order: 85.194.193.65
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8716B7D1-0FEC-44D8-AE0A-9EFF30F8540D}: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8716B7D1-0FEC-44D8-AE0A-9EFF30F8540D}: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8716B7D1-0FEC-44D8-AE0A-9EFF30F8540D}: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End - 123321
Mikko6773 kirjoitti:
SmitFraudFix v2.339
Scan done at 6:59:53,92, pe 22.08.2008
Run from C:\Documents and Settings\Mikko Kirjavainen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\lphcn0oj0egct.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Kirjavainen
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikko Kirjavainen\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKKOK~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: AMD PCnet-Home Based Network Adapter (Generic)
DNS Server Search Order: 85.194.193.94
DNS Server Search Order: 85.194.193.92
DNS Server Search Order: 85.194.193.91
DNS Server Search Order: 85.194.193.90
DNS Server Search Order: 85.194.193.65
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8716B7D1-0FEC-44D8-AE0A-9EFF30F8540D}: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8716B7D1-0FEC-44D8-AE0A-9EFF30F8540D}: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8716B7D1-0FEC-44D8-AE0A-9EFF30F8540D}: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=85.194.193.94 85.194.193.92 85.194.193.91 85.194.193.90 85.194.193.65
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» EndLataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi.
- 123321
sulla on myös ad:llä lokit lähetetty
- Mikko6773
Joo, lähetin sinne myös lokin ajatellen et saan vastauksen mahdollisimman pian.
Ajoin ton Malwarebytesin Anti-Malwaren, mutta eipä löytänyt mitään epäilyttävää. Virustorjunta(Antivir) kyllä piippaili skannauksen aikana ilmoittaen lukuisista Troijalaisista yms. Onko muuten merkitystä ajaako noita skannauksia normaali vai safe-modessa?
Ps. Tuli "kuuluisa" sininen ruutu kerran skannauksen aikana!
Mites tästä edetään? - Mikko6773
Mikko6773 kirjoitti:
Joo, lähetin sinne myös lokin ajatellen et saan vastauksen mahdollisimman pian.
Ajoin ton Malwarebytesin Anti-Malwaren, mutta eipä löytänyt mitään epäilyttävää. Virustorjunta(Antivir) kyllä piippaili skannauksen aikana ilmoittaen lukuisista Troijalaisista yms. Onko muuten merkitystä ajaako noita skannauksia normaali vai safe-modessa?
Ps. Tuli "kuuluisa" sininen ruutu kerran skannauksen aikana!
Mites tästä edetään?Muutos äskeiseen. Ajoin ton ohjelman myös Safe-modessa ja johan alkoi löytymään Troijalaisia! Työpöytäkin näyttää taas normaalilta ja Antivir ei enää herjaile :)
Pitäiskö vielä varmistaa jotakin?
Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1076
Windows 5.1.2600 Service Pack 3
16:44:27 22.8.2008
mbam-log-08-22-2008 (16-44-27).txt
Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 47963
Kulunut aika: 2 minute(s), 23 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 5
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 4
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcn0oj0egct (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\WINDOWS\system32\blphcn0oj0egct.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcn0oj0egct.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcn0oj0egct.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Kirjavainen\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. - 123321
Mikko6773 kirjoitti:
Muutos äskeiseen. Ajoin ton ohjelman myös Safe-modessa ja johan alkoi löytymään Troijalaisia! Työpöytäkin näyttää taas normaalilta ja Antivir ei enää herjaile :)
Pitäiskö vielä varmistaa jotakin?
Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1076
Windows 5.1.2600 Service Pack 3
16:44:27 22.8.2008
mbam-log-08-22-2008 (16-44-27).txt
Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 47963
Kulunut aika: 2 minute(s), 23 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 5
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 4
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcn0oj0egct (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Saastuneita rekisterikohteita:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\WINDOWS\system32\blphcn0oj0egct.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcn0oj0egct.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcn0oj0egct.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikko Kirjavainen\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. - Mikko6773
123321 kirjoitti:
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.ComboFix 08-08-21.02 - Mikko Kirjavainen 2008-08-23 15:55:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1432 [GMT 3:00]
Running from: C:\Documents and Settings\Mikko Kirjavainen\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-22 15:47 . 2008-08-22 15:47 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 15:47 . 2008-08-22 15:47 d-------- C:\Documents and Settings\Mikko Kirjavainen\Application Data\Malwarebytes
2008-08-22 15:47 . 2008-08-22 15:47 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 15:47 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-22 15:47 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-22 08:30 . 2008-08-23 15:54 3,162,278 --a------ C:\WINDOWS\{00000005-00000000-00000001-00001102-00000004-00511102}.BAK
2008-08-22 08:11 . 2008-08-22 08:11 d-------- C:\Program Files\CCleaner
2008-08-22 07:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-22 07:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-22 07:58 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-22 07:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-22 07:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-22 07:58 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-22 07:58 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-22 07:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-22 07:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-22 07:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-22 06:59 . 2008-08-22 07:21 3,826 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-21 16:31 . 2008-08-21 16:31 d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY
2008-08-21 16:31 . 2008-08-21 16:31 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY
2008-08-21 16:06 . 2008-08-21 16:06 d-------- C:\spywaredoctor
2008-08-21 07:33 . 2008-08-21 07:39 164 --a------ C:\install.dat
2008-08-21 07:22 . 2005-01-20 13:47 175,616 --a------ C:\WINDOWS\system32\strings.exe
2008-08-21 07:22 . 2005-01-13 21:41 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2008-08-21 07:22 . 2005-10-19 18:50 16,384 --a------ C:\WINDOWS\system32\restart.exe
2008-08-21 07:22 . 2005-01-13 21:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-08-20 17:40 . 2008-08-20 17:40 1,938 --a------ C:\backup.zip
2008-08-20 17:36 . 2008-08-20 17:36 d-------- C:\l2mfix
2008-08-20 17:34 . 2008-08-20 17:34 d-------- C:\Program Files\Trend Micro
2008-08-20 17:13 . 2008-08-20 17:13 d-------- C:\Documents and Settings\Mikko Kirjavainen\Application Data\DAEMON Tools
2008-08-20 17:13 . 2008-08-20 17:13 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-19 15:16 . 2008-05-09 13:53 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-08-19 15:16 . 2008-05-09 13:53 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll
2008-08-19 15:16 . 2008-05-09 13:53 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-08-19 15:16 . 2008-05-09 13:53 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-08-19 15:16 . 2008-05-08 14:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-08-19 15:16 . 2008-05-09 11:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe
2008-08-19 15:16 . 2008-05-09 13:53 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
2008-08-19 07:19 . 2008-08-19 07:20 d-------- C:\WINDOWS\ServicePackFiles
2008-08-19 07:16 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\[u]0[/u]03564_.tmp
2008-08-17 18:10 . 2008-08-17 18:11 d-------- C:\Temp\Microsoft Service Packs
2008-08-17 14:30 . 2008-08-16 12:59 23,766,320 --a------ C:\Temp\QuickTimeInstaller.exe
2008-08-16 12:59 . 2008-08-16 12:59 d-------- C:\Program Files\Apple Software Update
2008-08-16 12:59 . 2008-08-16 12:59 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-15 22:55 . 2008-08-16 13:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-15 22:55 . 2008-08-16 13:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-14 15:12 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-14 15:11 . 2008-08-14 15:11 d-------- C:\Program Files\Microsoft Works
2008-08-14 15:09 . 2008-08-14 15:09 d-------- C:\Program Files\Microsoft.NET
2008-08-14 15:06 . 2008-08-14 15:06 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-13 18:26 . 2008-08-13 18:26 d-------- C:\WINDOWS\system32\XPSViewer
2008-08-13 18:26 . 2008-08-13 18:26 d-------- C:\Program Files\Reference Assemblies
2008-08-13 18:26 . 2008-08-14 15:10 d-------- C:\Program Files\MSBuild
2008-08-13 18:26 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-13 15:44 . 2008-06-24 19:43 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-13 15:43 . 2008-07-07 23:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-08-13 15:41 . 2008-06-26 11:15 1,499,136 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-08-13 15:41 . 2008-06-26 11:15 619,520 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-13 15:27 . 2008-04-11 22:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-07-30 15:16 . 2008-07-30 15:18 d-------- C:\Program Files\BlueVoda Website Builder
2008-07-30 15:16 . 2008-07-30 15:16 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-07-28 19:25 . 2008-06-20 14:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-07-28 19:25 . 2008-06-20 20:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-07-28 19:25 . 2008-06-20 14:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-07-28 19:25 . 2008-06-20 20:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-07-28 19:25 . 2008-06-20 14:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 17:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-08-22 14:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-16 10:00 --------- d-----w C:\Program Files\QuickTime
2008-08-16 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-13 15:04 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-29 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-20 20:19 --------- d-----w C:\Program Files\Java
2008-07-18 15:57 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
2008-07-16 22:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 19:38 --------- d-----w C:\Documents and Settings\Mikko Kirjavainen\Application Data\TomTom
2008-07-16 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-07-16 19:37 --------- d-----w C:\Program Files\TomTom HOME 2
2008-07-16 19:37 --------- d-----w C:\Program Files\TomTom HOME
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-02 17:35 --------- d-----w C:\Documents and Settings\Mikko Kirjavainen\Application Data\Skype
2008-07-02 14:51 --------- d-----w C:\Documents and Settings\Mikko Kirjavainen\Application Data\skypePM
2008-06-27 10:59 --------- d-----w C:\Documents and Settings\Mikko Kirjavainen\Application Data\InstallShield
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-12-26 18:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-19 13:41 120,286 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2007-06-03 11:25 604 ---ha-w C:\Program Files\STLL Notifier
.
[code]
----a-w 1,422,675 2007-08-28 13:38:00 C:\Temp\Audio\PluginMegaPack\Lexicon PSP 42 v1.0 .exe
----a-w 5,104,459 2007-08-28 13:31:58 C:\Temp\Audio\PluginMegaPack\NI FM7 Synth Native instruments .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56 278528]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 11:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-05 02:44 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-13 02:18 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-02-02 22:41 495616]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"MAFWTaskbarApp"="C:\WINDOWS\system32\MAFWTray.exe" [2005-09-20 18:17 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39 461584]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 01:45 266497]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 10:59 570664]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-09-14 23:34 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi3"= evolusbn.dll
"msacm.ac3filter"= ac3filter.acm
"wave7"= rddv1052.dll
"midi4"= rddv1052.dll
"midi8"= evolusbn.dll
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"I:\\Program Files\\fulDC\\DCPlusPlus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15011:TCP"= 15011:TCP:BitComet 15011 TCP
"15011:UDP"= 15011:UDP:BitComet 15011 UDP
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 PCnetHL;AMD PCnet-Home Adapter Driver;C:\WINDOWS\system32\DRIVERS\pcntn5hl.sys [2001-08-17 12:11]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;C:\WINDOWS\system32\drivers\bfturboh.sys [2007-08-02 01:04]
S3 EVOLUSB;Swissonic CK490 USB Driver;C:\WINDOWS\system32\drivers\evolusb.sys [2004-03-15 19:14]
S3 RDID1052;BOSS GT-PRO;C:\WINDOWS\system32\Drivers\rdwm1052.sys [2005-01-11 18:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fab0072-a7d9-11dc-b596-000854d08bbd}]
\Shell\AutoRun\command - J:\LAUNCHU3.EXE -A
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f76669d-536b-11dd-b6a6-000854d08bbd}]
\Shell\AutoRun\command - J:\INSTALLTOMTOMHOME.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f76669e-536b-11dd-b6a6-000854d08bbd}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-23 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 08:05]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mikko Kirjavainen\Application Data\Mozilla\Firefox\Profiles\is807615.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:fi:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 15:59:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-23 16:00:27
ComboFix-quarantined-files.txt 2008-08-23 13:00:07
Pre-Run: 54,723,235,840 bytes free
Post-Run: 54,708,273,152 bytes free
221 --- E O F --- 2008-08-19 12:40:56 - 123321
Mikko6773 kirjoitti:
ComboFix 08-08-21.02 - Mikko Kirjavainen 2008-08-23 15:55:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1432 [GMT 3:00]
Running from: C:\Documents and Settings\Mikko Kirjavainen\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-22 15:47 . 2008-08-22 15:47 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 15:47 . 2008-08-22 15:47 d-------- C:\Documents and Settings\Mikko Kirjavainen\Application Data\Malwarebytes
2008-08-22 15:47 . 2008-08-22 15:47 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 15:47 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-22 15:47 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-22 08:30 . 2008-08-23 15:54 3,162,278 --a------ C:\WINDOWS\{00000005-00000000-00000001-00001102-00000004-00511102}.BAK
2008-08-22 08:11 . 2008-08-22 08:11 d-------- C:\Program Files\CCleaner
2008-08-22 07:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-22 07:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-22 07:58 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-22 07:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-22 07:58 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-22 07:58 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-22 07:58 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-22 07:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-22 07:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-22 07:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-22 06:59 . 2008-08-22 07:21 3,826 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-21 16:31 . 2008-08-21 16:31 d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY
2008-08-21 16:31 . 2008-08-21 16:31 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY
2008-08-21 16:06 . 2008-08-21 16:06 d-------- C:\spywaredoctor
2008-08-21 07:33 . 2008-08-21 07:39 164 --a------ C:\install.dat
2008-08-21 07:22 . 2005-01-20 13:47 175,616 --a------ C:\WINDOWS\system32\strings.exe
2008-08-21 07:22 . 2005-01-13 21:41 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2008-08-21 07:22 . 2005-10-19 18:50 16,384 --a------ C:\WINDOWS\system32\restart.exe
2008-08-21 07:22 . 2005-01-13 21:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-08-20 17:40 . 2008-08-20 17:40 1,938 --a------ C:\backup.zip
2008-08-20 17:36 . 2008-08-20 17:36 d-------- C:\l2mfix
2008-08-20 17:34 . 2008-08-20 17:34 d-------- C:\Program Files\Trend Micro
2008-08-20 17:13 . 2008-08-20 17:13 d-------- C:\Documents and Settings\Mikko Kirjavainen\Application Data\DAEMON Tools
2008-08-20 17:13 . 2008-08-20 17:13 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-19 15:16 . 2008-05-09 13:53 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-08-19 15:16 . 2008-05-09 13:53 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll
2008-08-19 15:16 . 2008-05-09 13:53 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-08-19 15:16 . 2008-05-09 13:53 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-08-19 15:16 . 2008-05-08 14:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-08-19 15:16 . 2008-05-09 11:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe
2008-08-19 15:16 . 2008-05-09 13:53 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
2008-08-19 07:19 . 2008-08-19 07:20 d-------- C:\WINDOWS\ServicePackFiles
2008-08-19 07:16 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\[u]0[/u]03564_.tmp
2008-08-17 18:10 . 2008-08-17 18:11 d-------- C:\Temp\Microsoft Service Packs
2008-08-17 14:30 . 2008-08-16 12:59 23,766,320 --a------ C:\Temp\QuickTimeInstaller.exe
2008-08-16 12:59 . 2008-08-16 12:59 d-------- C:\Program Files\Apple Software Update
2008-08-16 12:59 . 2008-08-16 12:59 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-15 22:55 . 2008-08-16 13:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-15 22:55 . 2008-08-16 13:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-14 15:12 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-14 15:11 . 2008-08-14 15:11 d-------- C:\Program Files\Microsoft Works
2008-08-14 15:09 . 2008-08-14 15:09 d-------- C:\Program Files\Microsoft.NET
2008-08-14 15:06 . 2008-08-14 15:06 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-13 18:26 . 2008-08-13 18:26 d-------- C:\WINDOWS\system32\XPSViewer
2008-08-13 18:26 . 2008-08-13 18:26 d-------- C:\Program Files\Reference Assemblies
2008-08-13 18:26 . 2008-08-14 15:10 d-------- C:\Program Files\MSBuild
2008-08-13 18:26 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-13 15:44 . 2008-06-24 19:43 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-13 15:43 . 2008-07-07 23:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-08-13 15:41 . 2008-06-26 11:15 1,499,136 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-08-13 15:41 . 2008-06-26 11:15 619,520 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-13 15:27 . 2008-04-11 22:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-07-30 15:16 . 2008-07-30 15:18 d-------- C:\Program Files\BlueVoda Website Builder
2008-07-30 15:16 . 2008-07-30 15:16 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-07-28 19:25 . 2008-06-20 14:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-07-28 19:25 . 2008-06-20 20:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-07-28 19:25 . 2008-06-20 14:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-07-28 19:25 . 2008-06-20 20:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-07-28 19:25 . 2008-06-20 14:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 17:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-08-22 14:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-16 10:00 --------- d-----w C:\Program Files\QuickTime
2008-08-16 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-13 15:04 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-29 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-20 20:19 --------- d-----w C:\Program Files\Java
2008-07-18 15:57 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
2008-07-16 22:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 19:38 --------- d-----w C:\Documents and Settings\Mikko Kirjavainen\Application Data\TomTom
2008-07-16 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-07-16 19:37 --------- d-----w C:\Program Files\TomTom HOME 2
2008-07-16 19:37 --------- d-----w C:\Program Files\TomTom HOME
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-02 17:35 --------- d-----w C:\Documents and Settings\Mikko Kirjavainen\Application Data\Skype
2008-07-02 14:51 --------- d-----w C:\Documents and Settings\Mikko Kirjavainen\Application Data\skypePM
2008-06-27 10:59 --------- d-----w C:\Documents and Settings\Mikko Kirjavainen\Application Data\InstallShield
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-12-26 18:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-19 13:41 120,286 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2007-06-03 11:25 604 ---ha-w C:\Program Files\STLL Notifier
.
[code]
----a-w 1,422,675 2007-08-28 13:38:00 C:\Temp\Audio\PluginMegaPack\Lexicon PSP 42 v1.0 .exe
----a-w 5,104,459 2007-08-28 13:31:58 C:\Temp\Audio\PluginMegaPack\NI FM7 Synth Native instruments .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56 278528]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 11:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-05 02:44 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-13 02:18 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-02-02 22:41 495616]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"MAFWTaskbarApp"="C:\WINDOWS\system32\MAFWTray.exe" [2005-09-20 18:17 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39 461584]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 01:45 266497]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 10:59 570664]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-09-14 23:34 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi3"= evolusbn.dll
"msacm.ac3filter"= ac3filter.acm
"wave7"= rddv1052.dll
"midi4"= rddv1052.dll
"midi8"= evolusbn.dll
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"I:\\Program Files\\fulDC\\DCPlusPlus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15011:TCP"= 15011:TCP:BitComet 15011 TCP
"15011:UDP"= 15011:UDP:BitComet 15011 UDP
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 PCnetHL;AMD PCnet-Home Adapter Driver;C:\WINDOWS\system32\DRIVERS\pcntn5hl.sys [2001-08-17 12:11]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;C:\WINDOWS\system32\drivers\bfturboh.sys [2007-08-02 01:04]
S3 EVOLUSB;Swissonic CK490 USB Driver;C:\WINDOWS\system32\drivers\evolusb.sys [2004-03-15 19:14]
S3 RDID1052;BOSS GT-PRO;C:\WINDOWS\system32\Drivers\rdwm1052.sys [2005-01-11 18:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fab0072-a7d9-11dc-b596-000854d08bbd}]
\Shell\AutoRun\command - J:\LAUNCHU3.EXE -A
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f76669d-536b-11dd-b6a6-000854d08bbd}]
\Shell\AutoRun\command - J:\INSTALLTOMTOMHOME.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f76669e-536b-11dd-b6a6-000854d08bbd}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-23 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 08:05]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mikko Kirjavainen\Application Data\Mozilla\Firefox\Profiles\is807615.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:fi:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 15:59:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-23 16:00:27
ComboFix-quarantined-files.txt 2008-08-23 13:00:07
Pre-Run: 54,723,235,840 bytes free
Post-Run: 54,708,273,152 bytes free
221 --- E O F --- 2008-08-19 12:40:56hjt:n loki uusi
- Mikko6773
123321 kirjoitti:
hjt:n loki uusi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:07, on 23.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - I:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://I:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://I:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://I:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - I:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9607 bytes
- karabiini
käytin tota SmitfraudFix ni sain taustakuvan takas ja avastilla poistin 4 virusta nyt ei löydä viiruksia mut silti takkuilee paljon ja muut ohjelmat löytää jotain mut windous kaatuu heti kun on tarkistanu. sivustot takkuilee ja formatointi ei onnistu ja ohjelmia ei saa päivitettyä
- bodomiitti
en edes lukenut noita muita viestejä ja otin jo nämä ylös epäilyttävinä:
C:\WINDOWS\system32\lphcn0oj0egct.exe (täähän nyt on itsestään selvä jo nimestä näkee)
O4 - HKLM\..\Run: [lphcn0oj0egct] C:\WINDOWS\system32\lphcn0oj0egct.exe
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_s upport/ActiveX/IfolorUploader_fika.cab (mikävit?)
Ketjusta on poistettu 2 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
- 894220
Minä en ala kenenkään perässä juoksemaan
Voin jopa rakastaa sinua ja kääntää silti tunteeni pois. Tunteetkin hälvenevät aikanaan, poissa silmistä poissa mielestä1032373Onko jollakin navetassa kuolleita eläimiä
Onko totta mitä facebookissa kirjoitetaan että jonkun navetassa olisi kuolleita eläimiä? Mitä on tapahtunut?332337Miksi olet riittämätön kaivatullesi?
Mistä asioista tunnet riittämättömyyden tunnetta kaipaamaasi ihmistä kohtaan? Miksi koet, että et olisi tarpeeksi hänell972114Tiedän, että emme yritä mitään
Jos kohtaamme joskus ja tilaisuus on sopiva, voimme jutella jne. Mutta kumpikaan ei aio tehdä muuta konkreettista asian281907- 321885
Näin pitkästä aikaa unta sinusta
Oltiin yllättäen jossain julkisessa saunassa ja istuttiin vierekkäin, siellä oli muitakin. Pahoittelin jotain itsessäni91577- 291538
Aloitetaan puhtaalta pöydältä
Mukavaa iltaa mukaville. 😊 ❤️ ⚜️ Minusta ei kaikki täällä tykkää, eikä tarvitsekaan. Kun eivät ymmärrä, niin sitten ei1881370- 751234