R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162323742234
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF70EF43-372E-4397-B83F-5FC4E6D25D71}: NameServer = 192.89.123.231 192.89.123.230
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Unknown owner - C:\Norman\Npm\bin\ELOGSVC.EXE (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Npm\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
onko tässä vikaa
9
986
Vastaukset
- 123321
lokit kokonaan
- teen?
vai tarviiko mitään toimenpiteitä..
- 123321
teen? kirjoitti:
vai tarviiko mitään toimenpiteitä..
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. - Loki tässä.
123321 kirjoitti:
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.2008-08-30 22:02 . 2008-08-30 22:02 d-------- C:\Program Files\Webteh
2008-08-30 16:44 . 2008-08-30 16:44 d-------- C:\Program Files\CCleaner
2008-08-30 16:41 . 2008-08-30 16:41 d-------- C:\Program Files\ToniArts
2008-08-29 23:50 . 2008-08-30 23:38 d-------- C:\Program Files\PAFPoker
2008-08-29 20:08 . 2007-08-24 19:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-08-29 20:08 . 2007-08-24 19:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-08-29 15:48 . 2008-08-30 19:59 d-------- C:\Program Files\Spyware Doctor
2008-08-29 15:48 . 2008-08-29 15:48 d-------- C:\Documents and Settings\OMA\Application Data\PC Tools
2008-08-29 15:48 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-29 15:48 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-29 15:48 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-29 15:48 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-27 14:14 . 2008-08-27 20:19 d-------- C:\WINDOWS\LastGood(2)
2008-08-24 23:17 . 2008-08-24 23:17 dr------- C:\Documents and Settings\KOTI\Omat tiedostot
2008-08-24 20:34 . 2008-08-27 20:19 d-------- C:\d00e3e935169130fb2
2008-08-20 13:46 . 2008-08-20 13:46 dr------- C:\Documents and Settings\KOTI\Suosikit
2008-08-17 16:05 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-16 22:38 . 2008-08-17 14:49 d-------- C:\Documents and Settings\OMA\dwhelper
2008-08-15 13:44 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 13:43 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Java
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\InterVideo
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Common Files\Java
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Avanquest update
2008-08-04 22:35 . 2008-08-04 22:36 d-------- C:\Program Files\Motorola Phone Tools
2008-08-04 22:35 . 2008-08-04 22:35 d-------- C:\Program Files\Lavasoft
2008-08-04 22:35 . 2008-08-04 22:35 d-------- C:\Program Files\Common Files\Nokia
2008-08-04 22:35 . 2008-08-17 14:57 d-------- C:\Documents and Settings\OMA\Application Data\Nokia Multimedia Player
2008-08-04 22:34 . 2008-08-04 22:35 d-------- C:\Program Files\Nokia
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Program Files\Apple Software Update
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\Vieras\Työpöytä
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Suosikit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Omat tiedostot
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Mallit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\Vieras\Application Data\PC Suite
2008-08-04 22:34 . 2008-08-27 20:21 d-------- C:\Documents and Settings\Vieras
2008-08-04 22:34 . 2008-08-04 22:35 d-------- C:\Documents and Settings\KOTI\Työpöytä
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\KOTI\Tulostinympäristö
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\KOTI\Mallit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\KOTI\Käynnistä-valikko
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\PC Suite
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\InterVideo
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\BSplayer
2008-08-04 22:34 . 2008-08-27 20:21 d-------- C:\Documents and Settings\KOTI
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-03 14:36 . 2008-08-04 22:57 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-03 12:36 . 2008-08-03 12:39 1,306 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-03 12:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-03 12:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-03 12:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-03 12:35 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-03 12:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-03 12:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-03 12:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-03 12:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-03 12:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-01 21:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-24 18:34 . 2008-08-19 20:08 d-------- C:\Program Files\Microsoft Silverlight
2008-07-22 11:20 . 2008-08-29 20:08 d-------- C:\Program Files\Mobile Partner
2008-07-22 08:26 . 2008-07-22 08:26 d-------- C:\WINDOWS\system32\fi
2008-07-22 08:26 . 2008-07-22 08:26 d-------- C:\WINDOWS\system32\bits
2008-07-22 08:26 . 2008-07-22 08:27 d-------- C:\WINDOWS\l2schemas
2008-07-22 08:01 . 2008-07-22 08:29 d-------- C:\WINDOWS\ServicePackFiles
2008-07-22 07:09 . 2008-07-22 07:09 d-------- C:\WINDOWS\EHome
2008-07-22 02:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-22 02:52 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-07-22 02:52 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-07-22 02:52 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-07-22 02:52 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-07-22 02:51 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-07-07 23:28 . 2008-07-07 23:28 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 17:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-04 19:35 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-04 19:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-04 19:34 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-04 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-08-04 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 18:34 --------- d-----w C:\Documents and Settings\OMA\Application Data\BSplayer
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 18:59 --------- d-----w C:\Documents and Settings\OMA\Application Data\Touchstone
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-29 20:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 17:17 0 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-06 16:06 0 ----a-w C:\Documents and Settings\OMA\Application Data\wklnhst.dat
2007-10-14 14:32 24,192 ----a-w C:\Documents and Settings\OMA\usbsermptxp.sys
2007-10-14 14:32 22,768 ----a-w C:\Documents and Settings\OMA\usbsermpt.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-07-28 11:53]
S2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS []
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys []
S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys []
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys []
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys []
S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe []
S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01e0ec62-745d-11dd-ae94-0014a55e7289}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54aac896-7b2a-11dc-ad55-0014a55e7289}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb45df98-75ec-11dd-ae98-0014a55e7289}]
\Shell\AutoRun\command - E:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
'Ajoitetut tehtävät'-kansion sisältö
2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\OMA\Application Data\Mozilla\Firefox\Profiles\ioioluvt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919195
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 02:57:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-31 2:58:41
ComboFix-quarantined-files.txt 2008-08-30 23:58:34
Pre-Run: 85,906,894,848 tavua vapaana
Post-Run: 85,892,358,144 tavua vapaana
179 --- E O F --- 2008-08-27 18:58:35 - 123321
Loki tässä. kirjoitti:
2008-08-30 22:02 . 2008-08-30 22:02 d-------- C:\Program Files\Webteh
2008-08-30 16:44 . 2008-08-30 16:44 d-------- C:\Program Files\CCleaner
2008-08-30 16:41 . 2008-08-30 16:41 d-------- C:\Program Files\ToniArts
2008-08-29 23:50 . 2008-08-30 23:38 d-------- C:\Program Files\PAFPoker
2008-08-29 20:08 . 2007-08-24 19:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-08-29 20:08 . 2007-08-24 19:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-08-29 15:48 . 2008-08-30 19:59 d-------- C:\Program Files\Spyware Doctor
2008-08-29 15:48 . 2008-08-29 15:48 d-------- C:\Documents and Settings\OMA\Application Data\PC Tools
2008-08-29 15:48 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-29 15:48 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-29 15:48 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-29 15:48 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-27 14:14 . 2008-08-27 20:19 d-------- C:\WINDOWS\LastGood(2)
2008-08-24 23:17 . 2008-08-24 23:17 dr------- C:\Documents and Settings\KOTI\Omat tiedostot
2008-08-24 20:34 . 2008-08-27 20:19 d-------- C:\d00e3e935169130fb2
2008-08-20 13:46 . 2008-08-20 13:46 dr------- C:\Documents and Settings\KOTI\Suosikit
2008-08-17 16:05 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-16 22:38 . 2008-08-17 14:49 d-------- C:\Documents and Settings\OMA\dwhelper
2008-08-15 13:44 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 13:43 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Java
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\InterVideo
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Common Files\Java
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Avanquest update
2008-08-04 22:35 . 2008-08-04 22:36 d-------- C:\Program Files\Motorola Phone Tools
2008-08-04 22:35 . 2008-08-04 22:35 d-------- C:\Program Files\Lavasoft
2008-08-04 22:35 . 2008-08-04 22:35 d-------- C:\Program Files\Common Files\Nokia
2008-08-04 22:35 . 2008-08-17 14:57 d-------- C:\Documents and Settings\OMA\Application Data\Nokia Multimedia Player
2008-08-04 22:34 . 2008-08-04 22:35 d-------- C:\Program Files\Nokia
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Program Files\Apple Software Update
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\Vieras\Työpöytä
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Suosikit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Omat tiedostot
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Mallit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\Vieras\Application Data\PC Suite
2008-08-04 22:34 . 2008-08-27 20:21 d-------- C:\Documents and Settings\Vieras
2008-08-04 22:34 . 2008-08-04 22:35 d-------- C:\Documents and Settings\KOTI\Työpöytä
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\KOTI\Tulostinympäristö
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\KOTI\Mallit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\KOTI\Käynnistä-valikko
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\PC Suite
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\InterVideo
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\BSplayer
2008-08-04 22:34 . 2008-08-27 20:21 d-------- C:\Documents and Settings\KOTI
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-03 14:36 . 2008-08-04 22:57 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-03 12:36 . 2008-08-03 12:39 1,306 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-03 12:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-03 12:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-03 12:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-03 12:35 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-03 12:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-03 12:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-03 12:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-03 12:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-03 12:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-01 21:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-24 18:34 . 2008-08-19 20:08 d-------- C:\Program Files\Microsoft Silverlight
2008-07-22 11:20 . 2008-08-29 20:08 d-------- C:\Program Files\Mobile Partner
2008-07-22 08:26 . 2008-07-22 08:26 d-------- C:\WINDOWS\system32\fi
2008-07-22 08:26 . 2008-07-22 08:26 d-------- C:\WINDOWS\system32\bits
2008-07-22 08:26 . 2008-07-22 08:27 d-------- C:\WINDOWS\l2schemas
2008-07-22 08:01 . 2008-07-22 08:29 d-------- C:\WINDOWS\ServicePackFiles
2008-07-22 07:09 . 2008-07-22 07:09 d-------- C:\WINDOWS\EHome
2008-07-22 02:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-22 02:52 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-07-22 02:52 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-07-22 02:52 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-07-22 02:52 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-07-22 02:51 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-07-07 23:28 . 2008-07-07 23:28 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 17:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-04 19:35 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-04 19:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-04 19:34 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-04 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-08-04 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 18:34 --------- d-----w C:\Documents and Settings\OMA\Application Data\BSplayer
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 18:59 --------- d-----w C:\Documents and Settings\OMA\Application Data\Touchstone
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-29 20:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 17:17 0 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-06 16:06 0 ----a-w C:\Documents and Settings\OMA\Application Data\wklnhst.dat
2007-10-14 14:32 24,192 ----a-w C:\Documents and Settings\OMA\usbsermptxp.sys
2007-10-14 14:32 22,768 ----a-w C:\Documents and Settings\OMA\usbsermpt.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-07-28 11:53]
S2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS []
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys []
S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys []
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys []
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys []
S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe []
S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01e0ec62-745d-11dd-ae94-0014a55e7289}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54aac896-7b2a-11dc-ad55-0014a55e7289}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb45df98-75ec-11dd-ae98-0014a55e7289}]
\Shell\AutoRun\command - E:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
'Ajoitetut tehtävät'-kansion sisältö
2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\OMA\Application Data\Mozilla\Firefox\Profiles\ioioluvt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919195
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 02:57:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-31 2:58:41
ComboFix-quarantined-files.txt 2008-08-30 23:58:34
Pre-Run: 85,906,894,848 tavua vapaana
Post-Run: 85,892,358,144 tavua vapaana
179 --- E O F --- 2008-08-27 18:58:35Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
- muuta kuin
vikaa. formatoi konees kaikki uusiksi.
- sillain
nyt on näppylät
- tosi!
onko tuo formatointi ihan aiheellista ja ainoa lääke? onko muita vaihtoehtoja..
antakaa selko ohjeita kiitos.. - dssdgsdgdfghdfsh
tosi! kirjoitti:
onko tuo formatointi ihan aiheellista ja ainoa lääke? onko muita vaihtoehtoja..
antakaa selko ohjeita kiitos..yksi paskimmista keskusteluista mitä on koskaan käyty!
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
- 2363098
Kompostointitarkastaja tuli tarkastukselle!
En ole ikinä kompostoinnut ja eilen kävi kompostointitarkastaja kylässä. Tosi hianoa byrokratiaa taas: "Laki edellyttää,1252224Varattais lähihotellista
🥰 huone viikoksi. Oltais vaan ja tilattais huonepalvelusta herkkuja! Viikonloppukin käy jos et viikoksi ehdi ❤ Hyvää2191753Nyt jäi velat perimättä
Mikä idea se talo oli polttaa ja velalliset sisällä nyt jäi rahat saamatta141735Martinan aussikulta, missä?
Mihin katosi Martina Aitolehden aussikulta kyselee Seiska!2921551Ellen Jokikunnas muistelee Reino-koiraa - Ralph-poika koskettavalla tavalla esiin: "Kiitos, että..."
RIP Reino. Lämmin osanotto suureen suruunne Ellen, Jari ja Ralph. Reino tuli tutuksi monelle suomalaiselle Unelmia Ita481289- 511253
- 1111071
- 94996
Meneekö eläinpuiston johto vaihtoon vaalien jälkeen?
Ähtärissä kuhistaan ja kuiskitaan, että perussuomalaiset esittävät vaalien jälkeen, että eläinpuiston hallitus uusitaan58984