Kone jumissa/hidas, Generic host Process for Win32 Services

Kyllä vilistää. Sitten jää pari riviä näytön alareunaan, joita ei kerkee lukee. Ja sitten tule 'if you want cancel loading SPDT.sys press esc'. Ja sitten musta näyttö ja kursosri vilkkuu.

 

painas tuota esc kun näkyy if you want cancel loading SPDT.sys press esc

 

Ei auta. Sama tilanne. Kursori jää vilkkumaan. En tiedä kauanko mun pitäs odotella. 5 min ja mitään ei tapahdu.

 

joo jumissa on vikasietotila

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 09-01-10.03 - 2009-01-11 18:13:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1022.540 [GMT 1:00]
Sijainti: c:\documents and settings\Työpöytä\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Application Data\inst.exe
C:\Documents
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\hpvaut32.dll
c:\windows\system32\hpvcp70.dll
c:\windows\system32\hpvcr70.dll
c:\windows\system32\mfcans32.DLL
c:\windows\system32\mfcuia32.dll
E:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-11 to 2009-01-11 )))))))))))))))))
.

2009-01-11 18:12 . 2009-01-11 18:12 <KANSIO> drahs---- C:\cmdcons
2009-01-11 17:43 . 2009-01-11 18:14 <KANSIO> d-a------ C:\Qoobox
2009-01-11 17:43 . 2009-01-11 18:22 <KANSIO> d-------- C:\ComboFix
2009-01-10 09:50 . 2009-01-10 09:59 <KANSIO> d-------- C:\fixwareout
2009-01-10 09:50 . 2009-01-10 09:59 <KANSIO> d-------- C:\fixwareout
2009-01-09 20:54 . 2009-01-09 20:54 <KANSIO> d-------- c:\program files\Trend Micro
2009-01-09 19:18 . 2009-01-09 20:43 <KANSIO> d-------- c:\program files\Spybot - Search & Destroy
2009-01-09 19:18 . 2009-01-09 20:43 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-09 18:11 . 2009-01-09 18:11 <KANSIO> d-------- c:\program files\CCleaner
2009-01-09 15:41 . 2009-01-09 15:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-06 19:06 . 2009-01-06 19:06 <KANSIO> d-------- c:\documents and settings\Ulla Komulainen\Application Data\Malwarebytes
2009-01-06 19:05 . 2009-01-06 19:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 19:05 . 2009-01-06 19:05 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-06 19:05 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-06 19:05 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-02 16:26 . 2008-12-12 04:28 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-02 11:39 . 2009-01-02 11:39 <KANSIO> d-------- c:\program files\Symantec
2009-01-02 11:39 . 2009-01-02 11:39 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-02 11:39 . 2009-01-02 11:39 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-02 11:39 . 2009-01-02 11:39 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-02 11:39 . 2009-01-02 11:39 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 11:38 . 2009-01-02 19:00 <KANSIO> d-------- c:\windows\system32\drivers\NIS
2009-01-02 11:38 . 2009-01-02 11:38 <KANSIO> d-------- c:\program files\Windows Sidebar
2009-01-02 11:38 . 2009-01-02 11:38 <KANSIO> d-------- c:\program files\Norton Internet Security
2009-01-02 11:38 . 2009-01-02 11:38 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-02 11:35 . 2009-01-02 11:35 <KANSIO> d-------- c:\program files\NortonInstaller
2009-01-02 11:35 . 2009-01-02 11:36 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-31 12:54 . 2007-08-24 19:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys
2008-12-31 12:54 . 2007-08-24 19:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys
2008-12-31 12:53 . 2008-12-31 12:54 <KANSIO> d-------- c:\program files\Mobile Partner
2008-12-29 15:58 . 2008-12-29 15:58 <KANSIO> d-------- c:\program files\Lavasoft
2008-12-29 13:28 . 2004-03-13 12:43 135,249 --a------ c:\windows\system32\hpzlnt10.dll
2008-12-29 13:27 . 2004-04-12 12:10 581,632 -ra------ c:\windows\system32\hpotscl.dll
2008-12-29 13:27 . 2004-03-13 12:32 278,528 -ra------ c:\windows\system32\hpgwiamd.dll
2008-12-29 13:27 . 2004-04-12 12:10 90,112 -ra------ c:\windows\system32\hpovst08.dll
2008-12-29 13:27 . 2004-02-05 22:30 9,838 -ra------ c:\windows\system32\hpipxmui.hlp
2008-12-29 13:24 . 2008-12-29 13:26 636 --a------ c:\windows\hpntwksetup.ini
2008-12-29 13:13 . 2008-12-27 16:49 104,760 --------- c:\windows\hpoins04.dat.temp
2008-12-29 13:13 . 2004-06-21 13:03 17,176 --------- c:\windows\hpomdl04.dat.temp
2008-12-29 12:37 . 2008-12-29 12:37 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-29 12:37 . 2008-12-29 12:37 227 --a------ c:\windows\HP_CounterReport_Update_HPSU.ini
2008-12-29 12:37 . 2008-12-29 12:37 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini
2008-12-29 12:35 . 2008-12-29 12:35 234 --a------ c:\windows\PrnHlpLogConfig.ini
2008-12-29 12:35 . 2008-12-29 12:35 214 --a------ c:\windows\HP_InstantSHareJPG.ini
2008-12-29 12:32 . 2008-12-29 12:32 217 --a------ c:\windows\HP_IZClosingDiscErrorPatch.ini
2008-12-29 12:28 . 2008-12-29 12:28 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini
2008-12-28 14:30 . 2008-12-28 14:30 <KANSIO> d-------- c:\program files\Common Files\Sonic Shared
2008-12-28 14:28 . 2008-12-28 14:29 <KANSIO> d-------- c:\program files\Common Files\HP
2008-12-28 14:24 . 2005-05-05 08:51 37,376 --a------ c:\windows\system32\hpz3l3xu.dll
2008-12-28 14:23 . 2005-04-08 02:50 827,392 -ra------ c:\windows\system32\hpotiop2.dll
2008-12-28 14:23 . 2005-04-08 02:50 278,528 -ra------ c:\windows\system32\hpowiamd.dll
2008-12-28 14:23 . 2001-10-05 16:07 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2008-12-28 14:23 . 2001-10-05 16:07 6,784 --a------ c:\windows\system32\dllcache\serscan.sys
2008-12-28 14:23 . 2008-12-29 13:27 315 --a------ c:\windows\system32\AddPort.ini
2008-12-28 14:15 . 2008-12-28 14:38 88,603 --a------ c:\windows\hpoins06.dat
2008-12-28 14:15 . 2005-06-03 06:48 5,389 --------- c:\windows\hpomdl06.dat
2008-12-28 13:05 . 2008-12-28 13:01 88,179 --------- c:\windows\hpoins06.dat.temp
2008-12-28 13:05 . 2005-06-03 06:48 5,389 --------- c:\windows\hpomdl06.dat.temp
2008-12-27 16:53 . 2008-12-28 11:54 <KANSIO> d-------- c:\documents and settings\Ulla Komulainen\Application Data\PowerCinema
2008-12-27 16:41 . 2008-12-29 13:29 <KANSIO> d-------- C:\TEMP
2008-12-27 16:41 . 2008-12-29 13:29 <KANSIO> d-------- C:\TEMP
2008-12-27 16:38 . 2008-12-29 13:32 104,760 --a------ c:\windows\hpoins04.dat
2008-12-27 16:38 . 2004-06-21 13:03 17,176 --------- c:\windows\hpomdl04.dat
2008-12-16 14:14 . 2009-01-09 15:41 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 16:44 --------- d-----w c:\documents and settings\Ulla Komulainen\Application Data\Skype
2009-01-10 21:30 --------- d-----w c:\documents and settings\Ulla Komulainen\Application Data\uTorrent
2009-01-09 14:20 --------- d-----w c:\program files\Java
2009-01-02 11:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-02 10:41 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-28 12:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 12:55 --------- d-----w c:\program files\HPQ
2008-12-28 12:22 --------- d-----w c:\program files\HP
2008-12-28 11:33 --------- d-----w c:\documents and settings\Ulla Komulainen\Application Data\HP
2008-12-27 16:42 --------- d-----w c:\documents and settings\Ulla Komulainen\Application Data\CyberLink
2008-12-27 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-27 15:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-27 15:48 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 14:15 --------- d-----w c:\program files\Babylon
2008-12-10 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-27 16:47 --------- d-----w c:\program files\iTunes
2008-11-27 16:47 --------- d-----w c:\program files\iPod
2008-11-27 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-27 16:44 --------- d-----w c:\program files\QuickTime
2008-11-27 16:42 --------- d-----w c:\program files\Common Files\Apple
2008-11-22 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-13 15:26 --------- d-----w c:\program files\F-Secure Internet Security
2008-11-13 13:55 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2008-11-13 13:14 --------- d-----w c:\program files\ESET
2008-11-13 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:38 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:37 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-05-22 10:05 47,360 ----a-w c:\documents and settings\Ulla Komulainen\Application Data\pcouffin.sys
2008-03-03 12:31 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-11 14:07 55,692 ----a-w c:\program files\testi (600 x 401).jpg
2006-07-24 13:59 8,282,187 ----a-w c:\program files\vlc-0.8.5-win32.exe
2008-08-23 00:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008082320080824\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2005-08-16 577597]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2008-07-10 19478]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-02 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-02 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081220.001\IDSxpx86.sys [2009-01-02 274808]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2008-07-10 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2008-07-10 431236]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-02 99376]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-06 38496]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-02 115560]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2008-07-10 64093]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2007-01-05 123264]
S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\memstpci.sys [2008-07-17 26112]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [2005-02-24 162176]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-09-15 3584]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - PROCEXP113
*Deregistered* - PROCEXP113

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f0d58e5-d731-11dd-9c96-0014a5b7b1de}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-11 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = about:blank
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lähetä &Bluetooth-laitteeseen - c:\program files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
TCP: {32FEE1E2-4A78-42B5-8CA4-7045F9A9C08D} = 213.191.74.19 62.109.123.197
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
FF - ProfilePath - c:\documents and settings\Ulla Komulainen\Application Data\Mozilla\Firefox\Profiles\9c77uj98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 18:21:01
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\Ati2evxx.dll
.
Valmistumisajankohta: 2009-01-11 18:26:07
ComboFix-quarantined-files.txt 2009-01-11 17:24:46

Ennen ajoa: 3 202 555 904 tavua vapaana
Ajon jälkeen: 4,104,716,288 tavua vapaana

WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

281 --- E O F --- 2008-12-18 07:49:56

 

Nyt tuon alla olevan Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



combofix työstää tulee sininen taulu paina numeroa 1 ja enter

Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

Meniköhän nyt oikein :-o. Ohjelma ei kysynyt 1 tai enter, mutta painoin ne nyt kuitenkin.
Lopussa tuli herja 2 kertaa: REGRUNS00: ei voida tuoda. Järjestelmässä voi olla levyvirhe tai tiedostojärjestelmässvirhe.
Sitten oli SED00: temp 0A ja 00, mut en kerenny lukee mitä ne sano..

ComboFix 09-01-10.03 - 2009-01-11 19:14:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1022.487 [GMT 1:00]
Sijainti: c:\documents and settings\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\Työpöytä\CFScript.txt
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ESET
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\FND0.NFI
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\EpfwUser.dat
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\httpblk.dat
c:\documents and settings\All Users\Application Data\F-Secure
c:\documents and settings\All Users\Application Data\F-Secure\logs\custom\custinstall.log
c:\documents and settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log
c:\documents and settings\All Users\Application Data\F-Secure\logs\FSMA\fsma_old.log
c:\documents and settings\All Users\Application Data\F-Secure\logs\FSPC\FSPCINST.LOG
c:\documents and settings\All Users\Application Data\F-Secure\logs\fstnb\POSTINSTALL.log
c:\documents and settings\All Users\Application Data\F-Secure\logs\fstnb\register.log
c:\documents and settings\All Users\Application Data\F-Secure\logs\ilaunchr.log
C:\fixwareout
c:\fixwareout\dnsbak.reg
c:\fixwareout\FindT\clsid.bak
c:\fixwareout\FindT\dumphive.exe
c:\fixwareout\FindT\FixWareOut.reg
c:\fixwareout\FindT\nircmd.exe
c:\fixwareout\FindT\patterns.txt
c:\fixwareout\FindT\rbot.bat
c:\fixwareout\FindT\RestartIt.exe
c:\fixwareout\FindT\runback.txt
c:\fixwareout\FindT\runs.vbs
c:\fixwareout\FindT\swreg.exe
c:\fixwareout\FindT\vfind.exe
c:\fixwareout\FindT\XP-2K2.cmd
c:\fixwareout\FixIt.BAT
c:\fixwareout\report.txt
c:\program files\ESET
c:\program files\ESET\ESET NOD32 Antivirus\em006_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\unins000.dat
c:\program files\ESET\ESET NOD32 Antivirus\unins000.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-11 to 2009-01-11 )))))))))))))))))
.

2009-01-09 20:54 . 2009-01-09 20:54 <KANSIO> d-------- c:\program files\Trend Micro
2009-01-09 19:18 . 2009-01-09 20:43 <KANSIO> d-------- c:\program files\Spybot - Search & Destroy
2009-01-09 19:18 . 2009-01-09 20:43 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-09 18:11 . 2009-01-09 18:11 <KANSIO> d-------- c:\program files\CCleaner
2009-01-09 15:41 . 2009-01-09 15:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-06 19:06 . 2009-01-06 19:06 <KANSIO> d-------- c:\documents and settings\Ulla Komulainen\Application Data\Malwarebytes
2009-01-06 19:05 . 2009-01-06 19:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 19:05 . 2009-01-06 19:05 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-06 19:05 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-06 19:05 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-02 16:26 . 2008-12-12 04:28 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-02 11:39 . 2009-01-02 11:39 <KANSIO> d-------- c:\program files\Symantec
2009-01-02 11:39 . 2009-01-02 11:39 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-02 11:39 . 2009-01-02 11:39 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-02 11:39 . 2009-01-02 11:39 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-02 11:39 . 2009-01-02 11:39 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 11:38 . 2009-01-02 19:00 <KANSIO> d-------- c:\windows\system32\drivers\NIS
2009-01-02 11:38 . 2009-01-02 11:38 <KANSIO> d-------- c:\program files\Windows Sidebar
2009-01-02 11:38 . 2009-01-02 11:38 <KANSIO> d-------- c:\program files\Norton Internet Security
2009-01-02 11:38 . 2009-01-02 11:38 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-02 11:35 . 2009-01-02 11:35 <KANSIO> d-------- c:\program files\NortonInstaller
2009-01-02 11:35 . 2009-01-02 11:36 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-31 12:54 . 2007-08-24 19:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys
2008-12-31 12:54 . 2007-08-24 19:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys
2008-12-31 12:53 . 2008-12-31 12:54 <KANSIO> d-------- c:\program files\Mobile Partner
2008-12-29 15:58 . 2008-12-29 15:58 <KANSIO> d-------- c:\program files\Lavasoft
2008-12-29 13:28 . 2004-03-13 12:43 135,249 --a------ c:\windows\system32\hpzlnt10.dll
2008-12-29 13:27 . 2004-04-12 12:10 581,632 -ra------ c:\windows\system32\hpotscl.dll
2008-12-29 13:27 . 2004-03-13 12:32 278,528 -ra------ c:\windows\system32\hpgwiamd.dll
2008-12-29 13:27 . 2004-04-12 12:10 90,112 -ra------ c:\windows\system32\hpovst08.dll
2008-12-29 13:27 . 2004-02-05 22:30 9,838 -ra------ c:\windows\system32\hpipxmui.hlp
2008-12-29 13:24 . 2008-12-29 13:26 636 --a------ c:\windows\hpntwksetup.ini
2008-12-29 13:13 . 2008-12-27 16:49 104,760 --------- c:\windows\hpoins04.dat.temp
2008-12-29 13:13 . 2004-06-21 13:03 17,176 --------- c:\windows\hpomdl04.dat.temp
2008-12-29 12:37 . 2008-12-29 12:37 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-29 12:37 . 2008-12-29 12:37 227 --a------ c:\windows\HP_CounterReport_Update_HPSU.ini
2008-12-29 12:37 . 2008-12-29 12:37 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini
2008-12-29 12:35 . 2008-12-29 12:35 234 --a------ c:\windows\PrnHlpLogConfig.ini
2008-12-29 12:35 . 2008-12-29 12:35 214 --a------ c:\windows\HP_InstantSHareJPG.ini
2008-12-29 12:32 . 2008-12-29 12:32 217 --a------ c:\windows\HP_IZClosingDiscErrorPatch.ini
2008-12-29 12:28 . 2008-12-29 12:28 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini
2008-12-28 14:30 . 2008-12-28 14:30 <KANSIO> d-------- c:\program files\Common Files\Sonic Shared
2008-12-28 14:28 . 2008-12-28 14:29 <KANSIO> d-------- c:\program files\Common Files\HP
2008-12-28 14:24 . 2005-05-05 08:51 37,376 --a------ c:\windows\system32\hpz3l3xu.dll
2008-12-28 14:23 . 2005-04-08 02:50 827,392 -ra------ c:\windows\system32\hpotiop2.dll
2008-12-28 14:23 . 2005-04-08 02:50 278,528 -ra------ c:\windows\system32\hpowiamd.dll
2008-12-28 14:23 . 2001-10-05 16:07 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2008-12-28 14:23 . 2001-10-05 16:07 6,784 --a------ c:\windows\system32\dllcache\serscan.sys
2008-12-28 14:23 . 2008-12-29 13:27 315 --a------ c:\windows\system32\AddPort.ini
2008-12-28 14:15 . 2008-12-28 14:38 88,603 --a------ c:\windows\hpoins06.dat
2008-12-28 14:15 . 2005-06-03 06:48 5,389 --------- c:\windows\hpomdl06.dat
2008-12-28 13:05 . 2008-12-28 13:01 88,179 --------- c:\windows\hpoins06.dat.temp
2008-12-28 13:05 . 2005-06-03 06:48 5,389 --------- c:\windows\hpomdl06.dat.temp
2008-12-27 16:53 . 2008-12-28 11:54 <KANSIO> d-------- c:\documents and settings\Ulla Komulainen\Application Data\PowerCinema
2008-12-27 16:41 . 2008-12-29 13:29 <KANSIO> d-------- C:\TEMP
2008-12-27 16:38 . 2008-12-29 13:32 104,760 --a------ c:\windows\hpoins04.dat
2008-12-27 16:38 . 2004-06-21 13:03 17,176 --------- c:\windows\hpomdl04.dat
2008-12-16 14:14 . 2009-01-09 15:41 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 18:09 --------- d-----w c:\documents and settings\Ulla Komulainen\Application Data\Skype
2009-01-10 21:30 --------- d-----w c:\documents and settings\Ulla Komulainen\Application Data\uTorrent
2009-01-09 14:20 --------- d-----w c:\program files\Java
2009-01-02 11:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-02 10:41 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-28 12:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 12:55 --------- d-----w c:\program files\HPQ
2008-12-28 12:22 --------- d-----w c:\program files\HP
2008-12-28 11:33 --------- d-----w c:\documents and settings\Ulla Komulainen\Application Data\HP
2008-12-27 16:42 --------- d-----w c:\documents and settings\Ulla Komulainen\Application Data\CyberLink
2008-12-27 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-27 15:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-27 15:48 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 14:15 --------- d-----w c:\program files\Babylon
2008-12-10 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-27 16:47 --------- d-----w c:\program files\iTunes
2008-11-27 16:47 --------- d-----w c:\program files\iPod
2008-11-27 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-27 16:44 --------- d-----w c:\program files\QuickTime
2008-11-27 16:42 --------- d-----w c:\program files\Common Files\Apple
2008-11-22 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-13 15:26 --------- d-----w c:\program files\F-Secure Internet Security
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:38 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:37 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-05-22 10:05 47,360 ----a-w c:\documents and settings\Ulla Komulainen\Application Data\pcouffin.sys
2008-03-03 12:31 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-11 14:07 55,692 ----a-w c:\program files\testi (600 x 401).jpg
2006-07-24 13:59 8,282,187 ----a-w c:\program files\vlc-0.8.5-win32.exe
2008-08-23 00:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008082320080824\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2005-08-16 577597]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2008-07-10 19478]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-02 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-02 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081220.001\IDSxpx86.sys [2009-01-02 274808]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2008-07-10 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2008-07-10 431236]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-02 99376]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-06 38496]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-02 115560]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2008-07-10 64093]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2007-01-05 123264]
S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\memstpci.sys [2008-07-17 26112]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [2005-02-24 162176]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-09-15 3584]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - PROCEXP113
*Deregistered* - PROCEXP113

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f0d58e5-d731-11dd-9c96-0014a5b7b1de}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-11 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = about:blank
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lähetä &Bluetooth-laitteeseen - c:\program files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
TCP: {32FEE1E2-4A78-42B5-8CA4-7045F9A9C08D} = 213.191.74.19 62.109.123.197
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
FF - ProfilePath - c:\documents and settings\Ulla Komulainen\Application Data\Mozilla\Firefox\Profiles\9c77uj98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 19:23:15
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\Ati2evxx.dll
.
Valmistumisajankohta: 2009-01-11 19:31:06
ComboFix-quarantined-files.txt 2009-01-11 18:30:35
ComboFix2.txt 2009-01-11 17:26:09

Ennen ajoa: 4 060 008 448 tavua vapaana
Ajon jälkeen: 4,052,729,856 tavua vapaana

284 --- E O F --- 2008-12-18 07:49:56

 

Kirjoita suorita luukkuun

ComboFix /u

klikkaa ok

===========

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

 

ComboFix /u tehty sekä ATF Cleaner

 

koitas sinne vikasietotilaan pääsyä sdfix ajoo sitten

 

Ei onnsitunu vieläkään. Nyt oli tullut 1 lisä optio vikasietotilaan: F8 - vikasieto - ja tässä pystyy valitsemaan 1) MS Windows recovery console, 2) MS Windows XP Home Editoin. Menee default MSW XP Home Edition ja jätin sen. Sit enter ja heti alko viliseen ja tulee 'if you ...SPTD.sys press esc'. Yritin molemmat, mutta aina jää kursori vilkkumaan eikä etenee. Nyt tosin en odottany, ku 1min.

 

niin onkos sulla ollut tuo Daemon Tools koneella

 

On ollut, mutta olen yrittänyt tuhota sen pois.

 

juu tuota on yksi toinenkin yrittänyt tuhota pois
SPTD.sys mutta ei ole siinä onnistunut

Pistäs tuo etsi SPTD.sys kansiot kaikki tiedostot

 

SPTD löyty: c:\windows\systems32\drivers

 

Käys poistamassa se sieltä

 

Ok, poistettu.

 

yritäs nyt mennä sinne vikasietotilaan

 

Valitettavasti ei onnistu vieläkään. Nyt ei tosin kysy enää SPTD.sysiä. Mutta kursori jää vilkkumaan. Mutta uudelleen käynnistyksn yhteydessä kursori vilkku hetke (mitä ei normaalisti tapahdu) ja sitten tule 1s näyttöö se vikasietotilan valinta kohta 1)...recovery... tai 2) Xo home edition) mutta menee saman tien ohi ja käynnistyminen jatkuu normaalisti. Eikös se näy selvästi, jos vikasietotila on päällä?

 

juu kyllä se näkyy sitä ennen vielä pitää yhessä kohtaa klikata kyllä
ennen kuin on vikasietotilassa voi vielä olla tuo käyttäjän valinta.

=============

Voit poistaa palautuskonsolin seuraavasti:
1. Käynnistä tietokone uudelleen, napsauta Käynnistä-painiketta, valitse Oma tietokone ja kaksoisnapsauta kiintolevyä, johon asensit palautuskonsolin.
2. Valitse Työkalut-valikosta Kansion asetukset ja valitse sitten Näytä-välilehti.
3. Valitse Näytä piilotetut tiedostot ja kansiot, poista Piilota suojatut käyttöjärjestelmätiedostot -valintaruudun valinta ja valitse sitten OK.
4. Poista pääkansion Cmdcons-kansio ja Cmldr-tiedosto.
5. Napsauta pääkansiossa Boot.ini-tiedostoa hiiren kakkospainikkeella ja valitse Asetukset.
6. Poista Vain luku -valintaruudun valinta ja valitse OK.

Varoitus: Boot.ini-tiedoston virheellinen muokkaaminen saattaa estää tietokonetta käynnistymästä uudelleen. Varmista, että poistat vain palautuskonsolin (Recovery Console) merkinnän. Muuta myös Boot.ini-tiedosto takaisin vain luku -tilaan tämän vaiheen toimien tekemisen jälkeen. Avaa Boot.ini-tiedosto Microsoft Windowsin Muistiossa ja poista palautuskonsolin merkintä. Merkintä on seuraavankaltainen:

C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

7. Tallenna tiedosto ja sulje se