R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162323742234
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF70EF43-372E-4397-B83F-5FC4E6D25D71}: NameServer = 192.89.123.231 192.89.123.230
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Unknown owner - C:\Norman\Npm\bin\ELOGSVC.EXE (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Npm\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
onko tässä vikaa
9
961
Vastaukset
- 123321
lokit kokonaan
- teen?
vai tarviiko mitään toimenpiteitä..
- 123321
teen? kirjoitti:
vai tarviiko mitään toimenpiteitä..
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. - Loki tässä.
123321 kirjoitti:
1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.2008-08-30 22:02 . 2008-08-30 22:02 d-------- C:\Program Files\Webteh
2008-08-30 16:44 . 2008-08-30 16:44 d-------- C:\Program Files\CCleaner
2008-08-30 16:41 . 2008-08-30 16:41 d-------- C:\Program Files\ToniArts
2008-08-29 23:50 . 2008-08-30 23:38 d-------- C:\Program Files\PAFPoker
2008-08-29 20:08 . 2007-08-24 19:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-08-29 20:08 . 2007-08-24 19:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-08-29 15:48 . 2008-08-30 19:59 d-------- C:\Program Files\Spyware Doctor
2008-08-29 15:48 . 2008-08-29 15:48 d-------- C:\Documents and Settings\OMA\Application Data\PC Tools
2008-08-29 15:48 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-29 15:48 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-29 15:48 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-29 15:48 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-27 14:14 . 2008-08-27 20:19 d-------- C:\WINDOWS\LastGood(2)
2008-08-24 23:17 . 2008-08-24 23:17 dr------- C:\Documents and Settings\KOTI\Omat tiedostot
2008-08-24 20:34 . 2008-08-27 20:19 d-------- C:\d00e3e935169130fb2
2008-08-20 13:46 . 2008-08-20 13:46 dr------- C:\Documents and Settings\KOTI\Suosikit
2008-08-17 16:05 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-16 22:38 . 2008-08-17 14:49 d-------- C:\Documents and Settings\OMA\dwhelper
2008-08-15 13:44 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 13:43 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Java
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\InterVideo
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Common Files\Java
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Avanquest update
2008-08-04 22:35 . 2008-08-04 22:36 d-------- C:\Program Files\Motorola Phone Tools
2008-08-04 22:35 . 2008-08-04 22:35 d-------- C:\Program Files\Lavasoft
2008-08-04 22:35 . 2008-08-04 22:35 d-------- C:\Program Files\Common Files\Nokia
2008-08-04 22:35 . 2008-08-17 14:57 d-------- C:\Documents and Settings\OMA\Application Data\Nokia Multimedia Player
2008-08-04 22:34 . 2008-08-04 22:35 d-------- C:\Program Files\Nokia
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Program Files\Apple Software Update
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\Vieras\Työpöytä
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Suosikit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Omat tiedostot
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Mallit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\Vieras\Application Data\PC Suite
2008-08-04 22:34 . 2008-08-27 20:21 d-------- C:\Documents and Settings\Vieras
2008-08-04 22:34 . 2008-08-04 22:35 d-------- C:\Documents and Settings\KOTI\Työpöytä
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\KOTI\Tulostinympäristö
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\KOTI\Mallit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\KOTI\Käynnistä-valikko
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\PC Suite
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\InterVideo
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\BSplayer
2008-08-04 22:34 . 2008-08-27 20:21 d-------- C:\Documents and Settings\KOTI
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-03 14:36 . 2008-08-04 22:57 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-03 12:36 . 2008-08-03 12:39 1,306 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-03 12:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-03 12:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-03 12:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-03 12:35 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-03 12:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-03 12:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-03 12:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-03 12:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-03 12:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-01 21:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-24 18:34 . 2008-08-19 20:08 d-------- C:\Program Files\Microsoft Silverlight
2008-07-22 11:20 . 2008-08-29 20:08 d-------- C:\Program Files\Mobile Partner
2008-07-22 08:26 . 2008-07-22 08:26 d-------- C:\WINDOWS\system32\fi
2008-07-22 08:26 . 2008-07-22 08:26 d-------- C:\WINDOWS\system32\bits
2008-07-22 08:26 . 2008-07-22 08:27 d-------- C:\WINDOWS\l2schemas
2008-07-22 08:01 . 2008-07-22 08:29 d-------- C:\WINDOWS\ServicePackFiles
2008-07-22 07:09 . 2008-07-22 07:09 d-------- C:\WINDOWS\EHome
2008-07-22 02:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-22 02:52 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-07-22 02:52 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-07-22 02:52 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-07-22 02:52 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-07-22 02:51 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-07-07 23:28 . 2008-07-07 23:28 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 17:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-04 19:35 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-04 19:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-04 19:34 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-04 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-08-04 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 18:34 --------- d-----w C:\Documents and Settings\OMA\Application Data\BSplayer
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 18:59 --------- d-----w C:\Documents and Settings\OMA\Application Data\Touchstone
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-29 20:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 17:17 0 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-06 16:06 0 ----a-w C:\Documents and Settings\OMA\Application Data\wklnhst.dat
2007-10-14 14:32 24,192 ----a-w C:\Documents and Settings\OMA\usbsermptxp.sys
2007-10-14 14:32 22,768 ----a-w C:\Documents and Settings\OMA\usbsermpt.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-07-28 11:53]
S2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS []
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys []
S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys []
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys []
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys []
S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe []
S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01e0ec62-745d-11dd-ae94-0014a55e7289}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54aac896-7b2a-11dc-ad55-0014a55e7289}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb45df98-75ec-11dd-ae98-0014a55e7289}]
\Shell\AutoRun\command - E:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
'Ajoitetut tehtävät'-kansion sisältö
2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\OMA\Application Data\Mozilla\Firefox\Profiles\ioioluvt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919195
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 02:57:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-31 2:58:41
ComboFix-quarantined-files.txt 2008-08-30 23:58:34
Pre-Run: 85,906,894,848 tavua vapaana
Post-Run: 85,892,358,144 tavua vapaana
179 --- E O F --- 2008-08-27 18:58:35 - 123321
Loki tässä. kirjoitti:
2008-08-30 22:02 . 2008-08-30 22:02 d-------- C:\Program Files\Webteh
2008-08-30 16:44 . 2008-08-30 16:44 d-------- C:\Program Files\CCleaner
2008-08-30 16:41 . 2008-08-30 16:41 d-------- C:\Program Files\ToniArts
2008-08-29 23:50 . 2008-08-30 23:38 d-------- C:\Program Files\PAFPoker
2008-08-29 20:08 . 2007-08-24 19:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-08-29 20:08 . 2007-08-24 19:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-08-29 15:48 . 2008-08-30 19:59 d-------- C:\Program Files\Spyware Doctor
2008-08-29 15:48 . 2008-08-29 15:48 d-------- C:\Documents and Settings\OMA\Application Data\PC Tools
2008-08-29 15:48 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-29 15:48 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-29 15:48 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-29 15:48 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-27 14:14 . 2008-08-27 20:19 d-------- C:\WINDOWS\LastGood(2)
2008-08-24 23:17 . 2008-08-24 23:17 dr------- C:\Documents and Settings\KOTI\Omat tiedostot
2008-08-24 20:34 . 2008-08-27 20:19 d-------- C:\d00e3e935169130fb2
2008-08-20 13:46 . 2008-08-20 13:46 dr------- C:\Documents and Settings\KOTI\Suosikit
2008-08-17 16:05 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-16 22:38 . 2008-08-17 14:49 d-------- C:\Documents and Settings\OMA\dwhelper
2008-08-15 13:44 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 13:43 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Java
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\InterVideo
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Common Files\Java
2008-08-04 22:36 . 2008-08-04 22:36 d-------- C:\Program Files\Avanquest update
2008-08-04 22:35 . 2008-08-04 22:36 d-------- C:\Program Files\Motorola Phone Tools
2008-08-04 22:35 . 2008-08-04 22:35 d-------- C:\Program Files\Lavasoft
2008-08-04 22:35 . 2008-08-04 22:35 d-------- C:\Program Files\Common Files\Nokia
2008-08-04 22:35 . 2008-08-17 14:57 d-------- C:\Documents and Settings\OMA\Application Data\Nokia Multimedia Player
2008-08-04 22:34 . 2008-08-04 22:35 d-------- C:\Program Files\Nokia
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Program Files\Apple Software Update
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\Vieras\Työpöytä
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Suosikit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Omat tiedostot
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\Vieras\Mallit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\Vieras\Application Data\PC Suite
2008-08-04 22:34 . 2008-08-27 20:21 d-------- C:\Documents and Settings\Vieras
2008-08-04 22:34 . 2008-08-04 22:35 d-------- C:\Documents and Settings\KOTI\Työpöytä
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\KOTI\Tulostinympäristö
2008-08-04 22:34 . 2008-08-04 22:34 d--h----- C:\Documents and Settings\KOTI\Mallit
2008-08-04 22:34 . 2008-08-04 22:34 dr------- C:\Documents and Settings\KOTI\Käynnistä-valikko
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\PC Suite
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\InterVideo
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\KOTI\Application Data\BSplayer
2008-08-04 22:34 . 2008-08-27 20:21 d-------- C:\Documents and Settings\KOTI
2008-08-04 22:34 . 2008-08-04 22:34 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-03 14:36 . 2008-08-04 22:57 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-03 12:36 . 2008-08-03 12:39 1,306 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-03 12:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-03 12:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-03 12:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-03 12:35 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-03 12:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-03 12:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-03 12:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-03 12:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-03 12:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-01 21:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-24 18:34 . 2008-08-19 20:08 d-------- C:\Program Files\Microsoft Silverlight
2008-07-22 11:20 . 2008-08-29 20:08 d-------- C:\Program Files\Mobile Partner
2008-07-22 08:26 . 2008-07-22 08:26 d-------- C:\WINDOWS\system32\fi
2008-07-22 08:26 . 2008-07-22 08:26 d-------- C:\WINDOWS\system32\bits
2008-07-22 08:26 . 2008-07-22 08:27 d-------- C:\WINDOWS\l2schemas
2008-07-22 08:01 . 2008-07-22 08:29 d-------- C:\WINDOWS\ServicePackFiles
2008-07-22 07:09 . 2008-07-22 07:09 d-------- C:\WINDOWS\EHome
2008-07-22 02:52 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-22 02:52 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-07-22 02:52 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-07-22 02:52 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-07-22 02:52 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-07-22 02:51 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-07-07 23:28 . 2008-07-07 23:28 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 17:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-04 19:35 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-04 19:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-04 19:34 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-04 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-08-04 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 18:34 --------- d-----w C:\Documents and Settings\OMA\Application Data\BSplayer
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 18:59 --------- d-----w C:\Documents and Settings\OMA\Application Data\Touchstone
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-29 20:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 17:17 0 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-06 16:06 0 ----a-w C:\Documents and Settings\OMA\Application Data\wklnhst.dat
2007-10-14 14:32 24,192 ----a-w C:\Documents and Settings\OMA\usbsermptxp.sys
2007-10-14 14:32 22,768 ----a-w C:\Documents and Settings\OMA\usbsermpt.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-07-28 11:53]
S2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS []
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys []
S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys []
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys []
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys []
S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe []
S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01e0ec62-745d-11dd-ae94-0014a55e7289}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54aac896-7b2a-11dc-ad55-0014a55e7289}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb45df98-75ec-11dd-ae98-0014a55e7289}]
\Shell\AutoRun\command - E:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
'Ajoitetut tehtävät'-kansion sisältö
2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\OMA\Application Data\Mozilla\Firefox\Profiles\ioioluvt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919195
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 02:57:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-31 2:58:41
ComboFix-quarantined-files.txt 2008-08-30 23:58:34
Pre-Run: 85,906,894,848 tavua vapaana
Post-Run: 85,892,358,144 tavua vapaana
179 --- E O F --- 2008-08-27 18:58:35Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
- muuta kuin
vikaa. formatoi konees kaikki uusiksi.
- sillain
nyt on näppylät
- tosi!
onko tuo formatointi ihan aiheellista ja ainoa lääke? onko muita vaihtoehtoja..
antakaa selko ohjeita kiitos.. - dssdgsdgdfghdfsh
tosi! kirjoitti:
onko tuo formatointi ihan aiheellista ja ainoa lääke? onko muita vaihtoehtoja..
antakaa selko ohjeita kiitos..yksi paskimmista keskusteluista mitä on koskaan käyty!
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornosta
https://www.kymensanomat.fi/paikalliset/8081054 Kotkalainen Demari Riku Pirinen vangittu Saksassa lapsipornon hallussapi1233124Vanhalle ukon rähjälle
Satutit mua niin paljon kun erottiin. Oletko todella niin itsekäs että kuvittelet että huolisin sut kaiken tapahtuneen372486Olen tosi outo....
Päättelen palstajuttujen perusteella mitä mieltä minun kaipauksen kohde minusta on. Joskus kuvittelen tänne selkeitä tap302435Maisa on SALAKUVATTU huumepoliisinsa kanssa!
https://www.seiska.fi/vain-seiskassa/ensimmainen-yhteiskuva-maisa-torpan-ja-poliisikullan-lahiorakkaus-roihuaa/15256631112149- 1141690
Hommaatko kinkkua jouluksi?
Itse tein pakastimeen n. 3Kg:n murekkeen sienillä ja juustokuorrutuksella. Voihan se olla, että jonkun pienen, valmiin k1711398Nurmossa kuoli 2 Lasta..
Autokolarissa. Näin kertovat iltapäivälehdet juuri nyt. 22.11. Ja aina ennen Joulua näitä tulee. . .241297Aatteleppa ite!
Jos ei oltaisikaan nyt NATOssa, olisimme puolueettomana sivustakatsojia ja elelisimme tyytyväisenä rauhassa maassamme.2901234Mikko Koivu yrittää pestä mustan valkoiseksi
Ilmeisesti huomannut, että Helenan tukijoukot kasvaa kasvamistaan. Riistakamera paljasti hiljattain kylmän totuuden Mi2761218- 621077