Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Miikan tiedostot\Ohjelmat\Avast\aswUpdSv.exe
C:\Miikan tiedostot\Ohjelmat\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\vVX1000.exe
C:\MIIKAN~2\Ohjelmat\Avast\ashDisp.exe
C:\Miikan tiedostot\Ohjelmat\Avast\ashMaiSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Miikan tiedostot\Ohjelmat\Avast\ashWebSv.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avast!] C:\MIIKAN~2\Ohjelmat\Avast\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Ohjelmat\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LineOfSightVietnamSetup.exe] C:\DOCUME~1\ESIASE~1\TYPYT~1\LINEOF~1.EXE /r
O4 - HKCU\..\Run: [RiskIISetup.exe] C:\DOWNLO~1\RISKII~1.EXE /r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Ohjelmat\Daemon tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31F15B3F-463B-404E-B816-D903D730F06B}: NameServer = 85.255.113.202,85.255.112.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{56971424-9BD6-41F4-90DB-2C2391400C84}: NameServer = 85.255.113.202,85.255.112.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0E55244-73FF-4081-9827-53AF3EC78F44}: NameServer = 85.255.113.202,85.255.112.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9ABBC5C-4516-493B-8742-506B2106454E}: NameServer = 85.255.113.202,85.255.112.223
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.202 85.255.112.223
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.202 85.255.112.223
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.202 85.255.112.223
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Miikan tiedostot\Ohjelmat\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\tiedostot\Ohjelmat\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\ tiedostot\Ohjelmat\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Ohjelmat\Avast\ashWebSv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 8348 bytes
Jos joku viitsis vilkasta...
6
766
Vastaukset
- -Jimi-
Logista puuttuu koko yläosa joten laita uusi.
HijackThis v2.0.2 löytyy tuolta:
http://www.download.fi/tyopoytaohjelmat/haittaohjelmien_poisto/hijackthis.cfm - 123321
Lataa fixwareout.exe täältä > http://downloads.subratam.org/Fixwareout.exe
tai täältä >
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.
Lähetä uusi HjT-loki ja c:\fixwareout\report.txt sisältö- nämä
puuttui tosiaan alku ekasta...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:12, on 29.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Miikan tiedostot\Ohjelmat\Avast\aswUpdSv.exe
C:\Miikan tiedostot\Ohjelmat\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Miikan tiedostot\Ohjelmat\Avast\ashMaiSv.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Miikan tiedostot\Ohjelmat\Avast\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\vVX1000.exe
C:\MIIKAN~2\Ohjelmat\Avast\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avast!] C:\MIIKAN~2\Ohjelmat\Avast\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Ohjelmat\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LineOfSightVietnamSetup.exe] C:\DOCUME~1\ESIASE~1\TYPYT~1\LINEOF~1.EXE /r
O4 - HKCU\..\Run: [RiskIISetup.exe] C:\DOWNLO~1\RISKII~1.EXE /r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Ohjelmat\Daemon tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Miikan tiedostot\Ohjelmat\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\ tiedostot\Ohjelmat\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\ tiedostot\Ohjelmat\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\tiedostot\Ohjelmat\Avast\ashWebSv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 7388 bytes
Username "Esiasennettu" - 29.08.2008 18:42:13 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdebt.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.202 85.255.112.223" - 1123321
nämä kirjoitti:
puuttui tosiaan alku ekasta...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:12, on 29.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Miikan tiedostot\Ohjelmat\Avast\aswUpdSv.exe
C:\Miikan tiedostot\Ohjelmat\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Miikan tiedostot\Ohjelmat\Avast\ashMaiSv.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Miikan tiedostot\Ohjelmat\Avast\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\vVX1000.exe
C:\MIIKAN~2\Ohjelmat\Avast\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avast!] C:\MIIKAN~2\Ohjelmat\Avast\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Ohjelmat\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LineOfSightVietnamSetup.exe] C:\DOCUME~1\ESIASE~1\TYPYT~1\LINEOF~1.EXE /r
O4 - HKCU\..\Run: [RiskIISetup.exe] C:\DOWNLO~1\RISKII~1.EXE /r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Ohjelmat\Daemon tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Miikan tiedostot\Ohjelmat\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\ tiedostot\Ohjelmat\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\ tiedostot\Ohjelmat\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\tiedostot\Ohjelmat\Avast\ashWebSv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 7388 bytes
Username "Esiasennettu" - 29.08.2008 18:42:13 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdebt.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.202 85.255.112.223"Poista lisää poista sovelutuksesta
AdVantage
Poista kansio vikasiedossa
C:\Program Files\>>>> AdVantage - etanaetana
1123321 kirjoitti:
Poista lisää poista sovelutuksesta
AdVantage
Poista kansio vikasiedossa
C:\Program Files\>>>> AdVantageComboFix 08-08-29.02 - Esiasennettu 2008-08-30 12:55:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.223 [GMT 3:00]
Running from: C:\Documents and Settings\Esiasennettu\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Esiasennettu\Application Data\macromedia\Flash Player\#SharedObjects\U3U2VTSR\bin.clearspring.com
C:\Documents and Settings\Esiasennettu\Application Data\macromedia\Flash Player\#SharedObjects\U3U2VTSR\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Esiasennettu\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Esiasennettu\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-28 to 2008-08-30 )))))))))))))))))
.
2008-08-29 18:41 . 2008-08-29 18:57 d-------- C:\fixwareout
2008-08-28 16:46 . 2008-08-28 16:46 d-------- C:\Program Files\Trend Micro
2008-08-28 16:43 . 2008-08-28 16:45 d-------- C:\hjt
2008-08-25 21:54 . 2008-08-25 21:54 d-------- C:\Documents and Settings\Esiasennettu\Application Data\Uusi kansio
2008-08-23 20:16 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-23 20:16 . 2004-09-14 16:07 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-31 20:28 . 2008-07-31 20:28 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-21 10:29 . 2008-07-21 10:29 d-------- C:\Documents and Settings\Esiasennettu\Application Data\vlc
2008-07-21 09:02 . 2008-07-21 09:02 d-------- C:\Documents and Settings\Esiasennettu\Application Data\dvdcss
2008-07-20 06:38 . 2008-07-20 06:38 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-16 04:20 . 2008-07-16 04:20 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-16 04:17 . 2003-07-19 18:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-07-16 04:17 . 2005-01-03 09:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-07-16 02:54 . 2008-07-16 02:54 d-------- C:\Documents and Settings\Esiasennettu\Application Data\InstallShield
2008-07-13 14:14 . 2008-07-13 14:14 d-------- C:\Program Files\HighMAT CD Writing Wizard
2008-07-10 05:12 . 2008-07-10 08:05 23 --a------ C:\Documents and Settings\Esiasennettu\jagex_runescape_preferences.dat
2008-07-09 20:04 . 2008-08-29 17:22 d-------- C:\Documents and Settings\Esiasennettu\Application Data\BitTorrent
2008-07-09 20:03 . 2008-08-30 11:40 d-------- C:\Program Files\DNA
2008-07-09 20:03 . 2008-08-30 11:59 d-------- C:\Documents and Settings\Esiasennettu\Application Data\DNA
2008-07-08 12:24 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-06 02:23 . 2008-08-23 16:02 230,424 --a------ C:\img2-001.raw
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 12:39 --------- d-----w C:\Program Files\Steam
2008-08-29 12:17 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\mIRC
2008-08-29 11:07 --------- d-----w C:\Program Files\RevConnect
2008-08-23 15:45 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\Winamp
2008-07-31 17:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-21 07:29 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\vlc
2008-07-20 03:32 --------- d-----w C:\Program Files\ATI Technologies
2008-07-20 03:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 03:28 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\SystemRequirementsLab
2008-07-10 01:48 --------- d-----w C:\Program Files\Java
2008-07-05 04:43 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\teamspeak2
2008-07-02 08:39 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\Hamachi
2008-07-01 17:30 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2005-01-26 14:42 56 --sh--r C:\WINDOWS\system32\8042E426F7.sys
2006-12-23 15:28 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"RestoreIT!"="C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" [2003-07-18 10:05 237568]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 12:21 217088]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 02:42 707376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 02:54 269104]
"avast!"="C:\MIIKAN~2\Ohjelmat\Avast\ashDisp.exe" [2008-07-19 17:38 78008]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 21:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2004-11-08 11:39:12 561152]
[HKLM\~\startupfolder\C:^Documents and Settings^Esiasennettu^Käynnistä-valikko^Ohjelmat^Käynnistys^Last.fm Helper.lnk]
path=C:\Documents and Settings\Esiasennettu\Käynnistä-valikko\Ohjelmat\Käynnistys\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-30 02:57 1271032 c:\Program Files\Steam\steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Miikan tiedostot\\Ohjelmat\\mIRC\\mirc.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Steam\\steamapps\\yliaanikone\\counter-strike\\hl.exe"=
"C:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"=
"C:\\Miikan tiedostot\\Ohjelmat\\Avast\\ashAvast.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14401:TCP"= 14401:TCP:BitComet 14401 TCP
"14401:UDP"= 14401:UDP:BitComet 14401 UDP
"13045:TCP"= 13045:TCP:BitComet 13045 TCP
"13045:UDP"= 13045:UDP:BitComet 13045 UDP
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 13:31]
R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2003-03-04 11:30]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2005-12-19 01:58]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 02:54]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
S3 fad1q4b6;fad1q4b6;C:\DOCUME~1\ESIASE~1\LOCALS~1\Temp\325siE7 []
S3 gtermddo;gtermddo;C:\DOCUME~1\ESIASE~1\LOCALS~1\Temp\gtermddo.sys []
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 05:22]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 02:42]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-LineOfSightVietnamSetup.exe - C:\DOCUME~1\ESIASE~1\TYPYT~1\LINEOF~1.EXE
HKCU-Run-RiskIISetup.exe - C:\DOWNLO~1\RISKII~1.EXE
HKCU-Run-DAEMON Tools Lite - F:\Ohjelmat\Daemon tools\DAEMON Tools Lite\daemon.exe
HKLM-Run-WinampAgent - F:\Ohjelmat\Winamp\winampa.exe
HKLM-Run-farstone - (no file)
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
MSConfigStartUp-WinampAgent - C:\Miikan tiedostot\Ohjelmat\WinAmp\winampa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\5lk2pjba.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 13:01:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\DOCUME~1\ESIASE~1\LOCALS~1\Temp\RGI9.tmp
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="C:\\WINDOWS\\vVX1000.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fad1q4b6]
"ImagePath"="\??\C:\DOCUME~1\ESIASE~1\LOCALS~1\Temp\325siE7"
.
Completion time: 2008-08-30 13:04:01
ComboFix-quarantined-files.txt 2008-08-30 10:03:26
Pre-Run: 76,038,275,072 tavua vapaana
Post-Run: 79,685,312,512 tavua vapaana
150
Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1097
Windows 5.1.2600 Service Pack 2
13:59:49 30.8.2008
mbam-log-08-30-2008 (13-59-49).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 84273
Kulunut aika: 34 minute(s), 1 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 4
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty) - 123321
etanaetana kirjoitti:
ComboFix 08-08-29.02 - Esiasennettu 2008-08-30 12:55:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.223 [GMT 3:00]
Running from: C:\Documents and Settings\Esiasennettu\Työpöytä\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Esiasennettu\Application Data\macromedia\Flash Player\#SharedObjects\U3U2VTSR\bin.clearspring.com
C:\Documents and Settings\Esiasennettu\Application Data\macromedia\Flash Player\#SharedObjects\U3U2VTSR\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Esiasennettu\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Esiasennettu\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-28 to 2008-08-30 )))))))))))))))))
.
2008-08-29 18:41 . 2008-08-29 18:57 d-------- C:\fixwareout
2008-08-28 16:46 . 2008-08-28 16:46 d-------- C:\Program Files\Trend Micro
2008-08-28 16:43 . 2008-08-28 16:45 d-------- C:\hjt
2008-08-25 21:54 . 2008-08-25 21:54 d-------- C:\Documents and Settings\Esiasennettu\Application Data\Uusi kansio
2008-08-23 20:16 . 2004-09-14 16:07 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-23 20:16 . 2004-09-14 16:07 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-31 20:28 . 2008-07-31 20:28 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-21 10:29 . 2008-07-21 10:29 d-------- C:\Documents and Settings\Esiasennettu\Application Data\vlc
2008-07-21 09:02 . 2008-07-21 09:02 d-------- C:\Documents and Settings\Esiasennettu\Application Data\dvdcss
2008-07-20 06:38 . 2008-07-20 06:38 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-16 04:20 . 2008-07-16 04:20 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-16 04:17 . 2003-07-19 18:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-07-16 04:17 . 2005-01-03 09:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-07-16 02:54 . 2008-07-16 02:54 d-------- C:\Documents and Settings\Esiasennettu\Application Data\InstallShield
2008-07-13 14:14 . 2008-07-13 14:14 d-------- C:\Program Files\HighMAT CD Writing Wizard
2008-07-10 05:12 . 2008-07-10 08:05 23 --a------ C:\Documents and Settings\Esiasennettu\jagex_runescape_preferences.dat
2008-07-09 20:04 . 2008-08-29 17:22 d-------- C:\Documents and Settings\Esiasennettu\Application Data\BitTorrent
2008-07-09 20:03 . 2008-08-30 11:40 d-------- C:\Program Files\DNA
2008-07-09 20:03 . 2008-08-30 11:59 d-------- C:\Documents and Settings\Esiasennettu\Application Data\DNA
2008-07-08 12:24 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-06 02:23 . 2008-08-23 16:02 230,424 --a------ C:\img2-001.raw
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 12:39 --------- d-----w C:\Program Files\Steam
2008-08-29 12:17 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\mIRC
2008-08-29 11:07 --------- d-----w C:\Program Files\RevConnect
2008-08-23 15:45 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\Winamp
2008-07-31 17:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-21 07:29 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\vlc
2008-07-20 03:32 --------- d-----w C:\Program Files\ATI Technologies
2008-07-20 03:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 03:28 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\SystemRequirementsLab
2008-07-10 01:48 --------- d-----w C:\Program Files\Java
2008-07-05 04:43 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\teamspeak2
2008-07-02 08:39 --------- d-----w C:\Documents and Settings\Esiasennettu\Application Data\Hamachi
2008-07-01 17:30 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2005-01-26 14:42 56 --sh--r C:\WINDOWS\system32\8042E426F7.sys
2006-12-23 15:28 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"RestoreIT!"="C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" [2003-07-18 10:05 237568]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 12:21 217088]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 02:42 707376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 02:54 269104]
"avast!"="C:\MIIKAN~2\Ohjelmat\Avast\ashDisp.exe" [2008-07-19 17:38 78008]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 21:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2004-11-08 11:39:12 561152]
[HKLM\~\startupfolder\C:^Documents and Settings^Esiasennettu^Käynnistä-valikko^Ohjelmat^Käynnistys^Last.fm Helper.lnk]
path=C:\Documents and Settings\Esiasennettu\Käynnistä-valikko\Ohjelmat\Käynnistys\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-30 02:57 1271032 c:\Program Files\Steam\steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Miikan tiedostot\\Ohjelmat\\mIRC\\mirc.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Steam\\steamapps\\yliaanikone\\counter-strike\\hl.exe"=
"C:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"=
"C:\\Miikan tiedostot\\Ohjelmat\\Avast\\ashAvast.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14401:TCP"= 14401:TCP:BitComet 14401 TCP
"14401:UDP"= 14401:UDP:BitComet 14401 UDP
"13045:TCP"= 13045:TCP:BitComet 13045 TCP
"13045:UDP"= 13045:UDP:BitComet 13045 UDP
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 13:31]
R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2003-03-04 11:30]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2005-12-19 01:58]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 02:54]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
S3 fad1q4b6;fad1q4b6;C:\DOCUME~1\ESIASE~1\LOCALS~1\Temp\325siE7 []
S3 gtermddo;gtermddo;C:\DOCUME~1\ESIASE~1\LOCALS~1\Temp\gtermddo.sys []
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 05:22]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 02:42]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-LineOfSightVietnamSetup.exe - C:\DOCUME~1\ESIASE~1\TYPYT~1\LINEOF~1.EXE
HKCU-Run-RiskIISetup.exe - C:\DOWNLO~1\RISKII~1.EXE
HKCU-Run-DAEMON Tools Lite - F:\Ohjelmat\Daemon tools\DAEMON Tools Lite\daemon.exe
HKLM-Run-WinampAgent - F:\Ohjelmat\Winamp\winampa.exe
HKLM-Run-farstone - (no file)
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
MSConfigStartUp-WinampAgent - C:\Miikan tiedostot\Ohjelmat\WinAmp\winampa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\5lk2pjba.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 13:01:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\DOCUME~1\ESIASE~1\LOCALS~1\Temp\RGI9.tmp
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="C:\\WINDOWS\\vVX1000.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fad1q4b6]
"ImagePath"="\??\C:\DOCUME~1\ESIASE~1\LOCALS~1\Temp\325siE7"
.
Completion time: 2008-08-30 13:04:01
ComboFix-quarantined-files.txt 2008-08-30 10:03:26
Pre-Run: 76,038,275,072 tavua vapaana
Post-Run: 79,685,312,512 tavua vapaana
150
Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1097
Windows 5.1.2600 Service Pack 2
13:59:49 30.8.2008
mbam-log-08-30-2008 (13-59-49).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 84273
Kulunut aika: 34 minute(s), 1 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 4
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)rups
Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornosta
https://www.kymensanomat.fi/paikalliset/8081054 Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornon hallussapi1233124Vanhalle ukon rähjälle
Satutit mua niin paljon kun erottiin. Oletko todella niin itsekäs että kuvittelet että huolisin sut kaiken tapahtuneen372486Olen tosi outo....
Päättelen palstajuttujen perusteella mitä mieltä minun kaipauksen kohde minusta on. Joskus kuvittelen tänne selkeitä tap302435Maisa on SALAKUVATTU huumepoliisinsa kanssa!
https://www.seiska.fi/vain-seiskassa/ensimmainen-yhteiskuva-maisa-torpan-ja-poliisikullan-lahiorakkaus-roihuaa/15256631112149- 1141690
Hommaatko kinkkua jouluksi?
Itse tein pakastimeen n. 3Kg:n murekkeen sienillä ja juustokuorrutuksella. Voihan se olla, että jonkun pienen, valmiin k1711398Nurmossa kuoli 2 Lasta..
Autokolarissa. Näin kertovat iltapäivälehdet juuri nyt. 22.11. Ja aina ennen Joulua näitä tulee. . .241297Aatteleppa ite!
Jos ei oltaisikaan nyt NATOssa, olisimme puolueettomana sivustakatsojia ja elelisimme tyytyväisenä rauhassa maassamme.2901234Mikko Koivu yrittää pestä mustan valkoiseksi
Ilmeisesti huomannut, että Helenan tukijoukot kasvaa kasvamistaan. Riistakamera paljasti hiljattain kylmän totuuden Mi2761218- 621077