Kone temppuilee hijackloki

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

maanantai 7.7.2008 / 01:28

Haku:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kone temppuilee hijackloki

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Kone temppuilee hijackloki

Siirry:

Kirjoittaja

Viesti

Sivu:	1	2	>

pekoni

Junior Member

22. toukokuuta 2008 @ 13:43

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:54, on 22.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Elisa\Anti-Virus\fsgk32st.exe
D:\Elisa\Common\FSMA32.EXE
D:\Elisa\Anti-Virus\FSGK32.EXE
D:\Elisa\Common\FSM32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Elisa\FSGUI\ispnews.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
D:\Elisa\Common\FSMB32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
D:\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Elisa\Common\FCH32.EXE
C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Elisa\Anti-Virus\fsqh.exe
D:\Elisa\Common\FAMEH32.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
D:\Elisa\FSAUA\program\fsaua.exe
D:\Elisa\FWES\Program\fsdfwd.exe
D:\Elisa\Anti-Virus\fssm32.exe
D:\Elisa\FSGUI\fsguidll.exe
D:\Elisa\FSAUA\program\fsus.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Elisa\Anti-Virus\fsav32.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\RINKIJ~1\LOCALS~1\Temp\Rar$EX00.000\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Elisa\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Elisa\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "D:\Elisa\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [RemoteControl] D:\PDVDServ.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\HalfLife\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Tuki - {A3E0137A-2916-4120-8C77-63290A78DB14} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {AC0C846A-42DA-4F21-AD53-D37B212D5C78} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {F7FE1C58-BC27-4A05-BC8F-D671E80C7C0B} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDown...iaSmartScan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Elisa\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Elisa\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Elisa\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Elisa\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9716 bytes

[ + lainaa]

pekoni

Junior Member

22. toukokuuta 2008 @ 13:48

Linkki tähän viestiin

Tulikohan tää oikein. painoin scan ja save ja kopioin tänne.
Suurimmat kiitokset sille joka jaksaa jeesata

t:noob

[ + lainaa]

Hujo

AfterDawn Addict

22. toukokuuta 2008 @ 18:23

Linkki tähän viestiin

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=============

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

[ + lainaa]

Eihä kone voi edes toimia?

pekoni

Junior Member

22. toukokuuta 2008 @ 18:59

Linkki tähän viestiin

ComboFix 08-05-21.2 - rinki ja susinki 2008-05-22 18:49:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.637 [GMT 3:00]
Running from: C:\Documents and Settings\rinki ja susinki\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://sync.avustaja.sonera.fi
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-22 to 2008-05-22 )))))))))))))))))
.

2008-05-22 13:35 . 2008-05-22 13:35 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-22 12:37 . 2008-05-22 12:37 268 --ah----- C:\sqmdata13.sqm
2008-05-22 12:37 . 2008-05-22 12:37 244 --ah----- C:\sqmnoopt13.sqm
2008-05-22 12:10 . 2008-05-22 12:10 268 --ah----- C:\sqmdata12.sqm
2008-05-22 12:10 . 2008-05-22 12:10 244 --ah----- C:\sqmnoopt12.sqm
2008-05-22 03:32 . 2008-05-22 03:32 268 --ah----- C:\sqmdata11.sqm
2008-05-22 03:32 . 2008-05-22 03:32 244 --ah----- C:\sqmnoopt11.sqm
2008-05-22 01:51 . 2008-05-22 01:51 268 --ah----- C:\sqmdata10.sqm
2008-05-22 01:51 . 2008-05-22 01:51 244 --ah----- C:\sqmnoopt10.sqm
2008-05-21 22:33 . 2008-05-21 22:33 268 --ah----- C:\sqmdata09.sqm
2008-05-21 22:33 . 2008-05-21 22:33 244 --ah----- C:\sqmnoopt09.sqm
2008-05-21 04:07 . 2008-05-21 04:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-21 01:33 . 2008-05-21 01:33 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-05-21 01:33 . 2008-05-21 01:33 <KANSIO> d-------- C:\Program Files\CCleaner
2008-05-07 19:20 . 2008-05-07 19:20 268 --ah----- C:\sqmdata08.sqm
2008-05-07 19:20 . 2008-05-07 19:20 244 --ah----- C:\sqmnoopt08.sqm
2008-05-07 12:44 . 2008-05-07 12:44 268 --ah----- C:\sqmdata07.sqm
2008-05-07 12:44 . 2008-05-07 12:44 244 --ah----- C:\sqmnoopt07.sqm
2008-05-06 23:40 . 2008-05-06 23:40 268 --ah----- C:\sqmdata06.sqm
2008-05-06 23:40 . 2008-05-06 23:40 244 --ah----- C:\sqmnoopt06.sqm
2008-05-06 17:34 . 2008-05-06 17:34 268 --ah----- C:\sqmdata05.sqm
2008-05-06 17:34 . 2008-05-06 17:34 244 --ah----- C:\sqmnoopt05.sqm
2008-05-06 00:18 . 2008-05-06 00:18 268 --ah----- C:\sqmdata04.sqm
2008-05-06 00:18 . 2008-05-06 00:18 244 --ah----- C:\sqmnoopt04.sqm
2008-04-25 20:09 . 2008-04-25 20:09 <KANSIO> d-------- C:\Program Files\AVSMedia

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 01:10 --------- d-----w C:\Documents and Settings\rinki ja susinki\Application Data\uTorrent
2008-05-20 18:07 15,322 ----a-w C:\Documents and Settings\rinki ja susinki\Application Data\wklnhst.dat
2008-05-20 14:31 --------- d-----w C:\Program Files\Sonera
2008-04-26 16:54 --------- d-----w C:\Program Files\Windows Live
2008-04-14 14:09 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 04:49 2,402,320 ----a-w C:\WLinstaller.exe
2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-12 18:29 57,656 ----a-w C:\Documents and Settings\rinki ja susinki\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360]
"Steam"="D:\HalfLife\Steam.exe" [2008-03-28 10:06 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="D:\Elisa\Common\FSM32.exe" [2007-04-26 20:12 183208]
"F-Secure TNB"="D:\Elisa\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"News Service"="D:\Elisa\FSGUI\ispnews.exe" [2005-05-31 15:45 356352]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 13:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-14 05:00 99840]
"RemoteControl"="D:\PDVDServ.exe" [2003-10-31 19:42 32768]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 03:11 50688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="D:\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-09 06:37 185632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"CnxTrApp"="C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll" [ ]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Color Calibration.lnk - C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe [2007-07-13 19:06:19 36864]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-07-13 19:05:43 155715]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 20:09]
R1 F-Secure HIPS;F-Secure HIPS;D:\Elisa\HIPS\fshs.sys [2007-04-26 20:11]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;D:\Elisa\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 10:50]
S4 F-Secure Filter;F-Secure File System Filter;D:\Elisa\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;D:\Elisa\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-24 05:57:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 00:05:13 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- D:\Elisa\ANTI-V~1\fsav.exeE /HARD /POLICY /SCHED /NOBREAK /REPORT=D:\Elisa\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 18:53:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-22 18:54:43
ComboFix-quarantined-files.txt 2008-05-22 15:54:37

Pre-Run: 5,819,158,528 tavua vapaana
Post-Run: 6,636,777,472 tavua vapaana

130 --- E O F --- 2008-05-16 20:03:41

[ + lainaa]

pekoni

Junior Member

22. toukokuuta 2008 @ 19:29

Linkki tähän viestiin

SDFix: Version 1.184
Run by rinki ja susinki on to 22.05.2008 at 19:12

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\RINKIJ~1\TYPYT~1\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\VDM10.TMP - Deleted
C:\VDM12.TMP - Deleted
C:\VDM13.TMP - Deleted
C:\VDM1B.TMP - Deleted
C:\VDM1C.TMP - Deleted
C:\VDM1E.TMP - Deleted
C:\VDM1F.TMP - Deleted
C:\VDM21.TMP - Deleted
C:\VDM22.TMP - Deleted
C:\VDM22D.TMP - Deleted
C:\VDM22E.TMP - Deleted
C:\VDM230.TMP - Deleted
C:\VDM231.TMP - Deleted
C:\VDM233.TMP - Deleted
C:\VDM234.TMP - Deleted
C:\VDM236.TMP - Deleted
C:\VDM237.TMP - Deleted
C:\VDM239.TMP - Deleted
C:\VDM23A.TMP - Deleted
C:\VDM23C.TMP - Deleted
C:\VDM23D.TMP - Deleted
C:\VDM23F.TMP - Deleted
C:\VDM24.TMP - Deleted
C:\VDM240.TMP - Deleted
C:\VDM242.TMP - Deleted
C:\VDM243.TMP - Deleted
C:\VDM245.TMP - Deleted
C:\VDM246.TMP - Deleted
C:\VDM248.TMP - Deleted
C:\VDM249.TMP - Deleted
C:\VDM24B.TMP - Deleted
C:\VDM24C.TMP - Deleted
C:\VDM24E.TMP - Deleted
C:\VDM24F.TMP - Deleted
C:\VDM25.TMP - Deleted
C:\VDM251.TMP - Deleted
C:\VDM252.TMP - Deleted
C:\VDM254.TMP - Deleted
C:\VDM255.TMP - Deleted
C:\VDM257.TMP - Deleted
C:\VDM258.TMP - Deleted
C:\VDM25A.TMP - Deleted
C:\VDM25B.TMP - Deleted
C:\VDM25D.TMP - Deleted
C:\VDM25E.TMP - Deleted
C:\VDM260.TMP - Deleted
C:\VDM261.TMP - Deleted
C:\VDM263.TMP - Deleted
C:\VDM264.TMP - Deleted
C:\VDM266.TMP - Deleted
C:\VDM267.TMP - Deleted
C:\VDM269.TMP - Deleted
C:\VDM26A.TMP - Deleted
C:\VDM26C.TMP - Deleted
C:\VDM26D.TMP - Deleted
C:\VDM26F.TMP - Deleted
C:\VDM27.TMP - Deleted
C:\VDM270.TMP - Deleted
C:\VDM272.TMP - Deleted
C:\VDM273.TMP - Deleted
C:\VDM275.TMP - Deleted
C:\VDM276.TMP - Deleted
C:\VDM278.TMP - Deleted
C:\VDM279.TMP - Deleted
C:\VDM27B.TMP - Deleted
C:\VDM27C.TMP - Deleted
C:\VDM27E.TMP - Deleted
C:\VDM27F.TMP - Deleted
C:\VDM28.TMP - Deleted
C:\VDM281.TMP - Deleted
C:\VDM282.TMP - Deleted
C:\VDM284.TMP - Deleted
C:\VDM285.TMP - Deleted
C:\VDM287.TMP - Deleted
C:\VDM288.TMP - Deleted
C:\VDM28A.TMP - Deleted
C:\VDM28B.TMP - Deleted
C:\VDM28D.TMP - Deleted
C:\VDM28E.TMP - Deleted
C:\VDM290.TMP - Deleted
C:\VDM291.TMP - Deleted
C:\VDM293.TMP - Deleted
C:\VDM294.TMP - Deleted
C:\VDM296.TMP - Deleted
C:\VDM297.TMP - Deleted
C:\VDM299.TMP - Deleted
C:\VDM29A.TMP - Deleted
C:\VDM29C.TMP - Deleted
C:\VDM29D.TMP - Deleted
C:\VDM29F.TMP - Deleted
C:\VDM2A.TMP - Deleted
C:\VDM2A0.TMP - Deleted
C:\VDM2A2.TMP - Deleted
C:\VDM2A3.TMP - Deleted
C:\VDM2A5.TMP - Deleted
C:\VDM2A6.TMP - Deleted
C:\VDM2A8.TMP - Deleted
C:\VDM2A9.TMP - Deleted
C:\VDM2AB.TMP - Deleted
C:\VDM2AC.TMP - Deleted
C:\VDM2AE.TMP - Deleted
C:\VDM2AF.TMP - Deleted
C:\VDM2B.TMP - Deleted
C:\VDM2B1.TMP - Deleted
C:\VDM2B2.TMP - Deleted
C:\VDM2B4.TMP - Deleted
C:\VDM2B5.TMP - Deleted
C:\VDM2B7.TMP - Deleted
C:\VDM2B8.TMP - Deleted
C:\VDM2BA.TMP - Deleted
C:\VDM2BB.TMP - Deleted
C:\VDM2BD.TMP - Deleted
C:\VDM2BE.TMP - Deleted
C:\VDM2C0.TMP - Deleted
C:\VDM2C1.TMP - Deleted
C:\VDM2C3.TMP - Deleted
C:\VDM2C4.TMP - Deleted
C:\VDM2C6.TMP - Deleted
C:\VDM2C7.TMP - Deleted
C:\VDM2C9.TMP - Deleted
C:\VDM2CA.TMP - Deleted
C:\VDM2CC.TMP - Deleted
C:\VDM2CD.TMP - Deleted
C:\VDM2CF.TMP - Deleted
C:\VDM2D.TMP - Deleted
C:\VDM2D0.TMP - Deleted
C:\VDM2D2.TMP - Deleted
C:\VDM2D3.TMP - Deleted
C:\VDM2D5.TMP - Deleted
C:\VDM2D6.TMP - Deleted
C:\VDM2D8.TMP - Deleted
C:\VDM2D9.TMP - Deleted
C:\VDM2DB.TMP - Deleted
C:\VDM2DC.TMP - Deleted
C:\VDM2DE.TMP - Deleted
C:\VDM2DF.TMP - Deleted
C:\VDM2E.TMP - Deleted
C:\VDM2E1.TMP - Deleted
C:\VDM2E2.TMP - Deleted
C:\VDM2E4.TMP - Deleted
C:\VDM2E5.TMP - Deleted
C:\VDM2E7.TMP - Deleted
C:\VDM2E8.TMP - Deleted
C:\VDM2EA.TMP - Deleted
C:\VDM2EB.TMP - Deleted
C:\VDM2ED.TMP - Deleted
C:\VDM2EE.TMP - Deleted
C:\VDM2F0.TMP - Deleted
C:\VDM2F1.TMP - Deleted
C:\VDM2F3.TMP - Deleted
C:\VDM2F4.TMP - Deleted
C:\VDM2F7.TMP - Deleted
C:\VDM2F8.TMP - Deleted
C:\VDM2FA.TMP - Deleted
C:\VDM2FB.TMP - Deleted
C:\VDM2FD.TMP - Deleted
C:\VDM2FE.TMP - Deleted
C:\VDM300.TMP - Deleted
C:\VDM301.TMP - Deleted
C:\VDM303.TMP - Deleted
C:\VDM304.TMP - Deleted
C:\VDM306.TMP - Deleted
C:\VDM307.TMP - Deleted
C:\VDM309.TMP - Deleted
C:\VDM30A.TMP - Deleted
C:\VDM30C.TMP - Deleted
C:\VDM30D.TMP - Deleted
C:\VDM30F.TMP - Deleted
C:\VDM310.TMP - Deleted
C:\VDM312.TMP - Deleted
C:\VDM313.TMP - Deleted
C:\VDM315.TMP - Deleted
C:\VDM316.TMP - Deleted
C:\VDM318.TMP - Deleted
C:\VDM319.TMP - Deleted
C:\VDM31B.TMP - Deleted
C:\VDM31C.TMP - Deleted
C:\VDM31D.TMP - Deleted
C:\VDM31E.TMP - Deleted
C:\VDM31F.TMP - Deleted
C:\VDM320.TMP - Deleted
C:\VDM321.TMP - Deleted
C:\VDM322.TMP - Deleted
C:\VDM323.TMP - Deleted
C:\VDM324.TMP - Deleted
C:\VDM325.TMP - Deleted
C:\VDM326.TMP - Deleted
C:\VDM327.TMP - Deleted
C:\VDM328.TMP - Deleted
C:\VDM329.TMP - Deleted
C:\VDM32A.TMP - Deleted
C:\VDM32B.TMP - Deleted
C:\VDM32C.TMP - Deleted
C:\VDM32D.TMP - Deleted
C:\VDM32E.TMP - Deleted
C:\VDM32F.TMP - Deleted
C:\VDM330.TMP - Deleted
C:\VDM331.TMP - Deleted
C:\VDM332.TMP - Deleted
C:\VDM333.TMP - Deleted
C:\VDM334.TMP - Deleted
C:\VDM335.TMP - Deleted
C:\VDM336.TMP - Deleted
C:\VDM337.TMP - Deleted
C:\VDM338.TMP - Deleted
C:\VDM339.TMP - Deleted
C:\VDM33A.TMP - Deleted
C:\VDM33B.TMP - Deleted
C:\VDM33C.TMP - Deleted
C:\VDM33D.TMP - Deleted
C:\VDM33E.TMP - Deleted
C:\VDM33F.TMP - Deleted
C:\VDM340.TMP - Deleted
C:\VDM341.TMP - Deleted
C:\VDM342.TMP - Deleted
C:\VDM343.TMP - Deleted
C:\VDM344.TMP - Deleted
C:\VDM346.TMP - Deleted
C:\VDM347.TMP - Deleted
C:\VDM348.TMP - Deleted
C:\VDM349.TMP - Deleted
C:\VDM34A.TMP - Deleted
C:\VDM34B.TMP - Deleted
C:\VDM34C.TMP - Deleted
C:\VDM34D.TMP - Deleted
C:\VDM34E.TMP - Deleted
C:\VDM34F.TMP - Deleted
C:\VDM350.TMP - Deleted
C:\VDM351.TMP - Deleted
C:\VDM352.TMP - Deleted
C:\VDM353.TMP - Deleted
C:\VDM354.TMP - Deleted
C:\VDM355.TMP - Deleted
C:\VDM356.TMP - Deleted
C:\VDM357.TMP - Deleted
C:\VDM358.TMP - Deleted
C:\VDM359.TMP - Deleted
C:\VDM35A.TMP - Deleted
C:\VDM35B.TMP - Deleted
C:\VDM35C.TMP - Deleted
C:\VDM35D.TMP - Deleted
C:\VDM35E.TMP - Deleted
C:\VDM35F.TMP - Deleted
C:\VDM360.TMP - Deleted
C:\VDM361.TMP - Deleted
C:\VDM362.TMP - Deleted
C:\VDM363.TMP - Deleted
C:\VDM364.TMP - Deleted
C:\VDM365.TMP - Deleted
C:\VDM366.TMP - Deleted
C:\VDM367.TMP - Deleted
C:\VDM368.TMP - Deleted
C:\VDM369.TMP - Deleted
C:\VDM36A.TMP - Deleted
C:\VDM36B.TMP - Deleted
C:\VDM36C.TMP - Deleted
C:\VDM36D.TMP - Deleted
C:\VDM36E.TMP - Deleted
C:\VDM36F.TMP - Deleted
C:\VDM370.TMP - Deleted
C:\VDM371.TMP - Deleted
C:\VDM372.TMP - Deleted
C:\VDM373.TMP - Deleted
C:\VDM374.TMP - Deleted
C:\VDM375.TMP - Deleted
C:\VDM376.TMP - Deleted
C:\VDM377.TMP - Deleted
C:\VDM378.TMP - Deleted
C:\VDM379.TMP - Deleted
C:\VDM37A.TMP - Deleted
C:\VDM37B.TMP - Deleted
C:\VDM37C.TMP - Deleted
C:\VDM37D.TMP - Deleted
C:\VDM37E.TMP - Deleted
C:\VDM37F.TMP - Deleted
C:\VDM380.TMP - Deleted
C:\VDM381.TMP - Deleted
C:\VDM382.TMP - Deleted
C:\VDM383.TMP - Deleted
C:\VDM384.TMP - Deleted
C:\VDM385.TMP - Deleted
C:\VDM386.TMP - Deleted
C:\VDM387.TMP - Deleted
C:\VDM388.TMP - Deleted
C:\VDM389.TMP - Deleted
C:\VDM38A.TMP - Deleted
C:\VDM38B.TMP - Deleted
C:\VDM38C.TMP - Deleted
C:\VDM38D.TMP - Deleted
C:\VDM38F.TMP - Deleted
C:\VDM390.TMP - Deleted
C:\VDM391.TMP - Deleted
C:\VDM392.TMP - Deleted
C:\VDM393.TMP - Deleted
C:\VDM394.TMP - Deleted
C:\VDM396.TMP - Deleted
C:\VDM397.TMP - Deleted
C:\VDM398.TMP - Deleted
C:\VDM399.TMP - Deleted
C:\VDM39A.TMP - Deleted
C:\VDM39B.TMP - Deleted
C:\VDM39C.TMP - Deleted
C:\VDM39D.TMP - Deleted
C:\VDM39E.TMP - Deleted
C:\VDM39F.TMP - Deleted
C:\VDM3A0.TMP - Deleted
C:\VDM3A1.TMP - Deleted
C:\VDM3A2.TMP - Deleted
C:\VDM3A3.TMP - Deleted
C:\VDM3A4.TMP - Deleted
C:\VDM3A5.TMP - Deleted
C:\VDM3A6.TMP - Deleted
C:\VDM3A7.TMP - Deleted
C:\VDM3A8.TMP - Deleted
C:\VDM3A9.TMP - Deleted
C:\VDM3AA.TMP - Deleted
C:\VDM3AB.TMP - Deleted
C:\VDM3AC.TMP - Deleted
C:\VDM3AD.TMP - Deleted
C:\VDM3AE.TMP - Deleted
C:\VDM3AF.TMP - Deleted
C:\VDM3B0.TMP - Deleted
C:\VDM3B1.TMP - Deleted
C:\VDM3B2.TMP - Deleted
C:\VDM3B3.TMP - Deleted
C:\VDM3B4.TMP - Deleted
C:\VDM3B5.TMP - Deleted
C:\VDM3B6.TMP - Deleted
C:\VDM3B7.TMP - Deleted
C:\VDM3B8.TMP - Deleted
C:\VDM3B9.TMP - Deleted
C:\VDM3BA.TMP - Deleted
C:\VDM3BB.TMP - Deleted
C:\VDM3BC.TMP - Deleted
C:\VDM3BD.TMP - Deleted
C:\VDM3BE.TMP - Deleted
C:\VDM3BF.TMP - Deleted
C:\VDM3C0.TMP - Deleted
C:\VDM3C1.TMP - Deleted
C:\VDM3C2.TMP - Deleted
C:\VDM3C3.TMP - Deleted
C:\VDM3C4.TMP - Deleted
C:\VDM3C5.TMP - Deleted
C:\VDM3C6.TMP - Deleted
C:\VDM3C7.TMP - Deleted
C:\VDM3C8.TMP - Deleted
C:\VDM3C9.TMP - Deleted
C:\VDM3CA.TMP - Deleted
C:\VDM3CB.TMP - Deleted
C:\VDM3CC.TMP - Deleted
C:\VDM3CD.TMP - Deleted
C:\VDM3CE.TMP - Deleted
C:\VDM3CF.TMP - Deleted
C:\VDM3D0.TMP - Deleted
C:\VDM3D1.TMP - Deleted
C:\VDM3D2.TMP - Deleted
C:\VDM3D3.TMP - Deleted
C:\VDM3D4.TMP - Deleted
C:\VDM3D5.TMP - Deleted
C:\VDM3D6.TMP - Deleted
C:\VDM3D7.TMP - Deleted
C:\VDM3D8.TMP - Deleted
C:\VDM3D9.TMP - Deleted
C:\VDM3DA.TMP - Deleted
C:\VDM3DB.TMP - Deleted
C:\VDM3DC.TMP - Deleted
C:\VDM3DD.TMP - Deleted
C:\VDM3DE.TMP - Deleted
C:\VDM3DF.TMP - Deleted
C:\VDM3E0.TMP - Deleted
C:\VDM3E1.TMP - Deleted
C:\VDM3E2.TMP - Deleted
C:\VDM3E3.TMP - Deleted
C:\VDM3E4.TMP - Deleted
C:\VDM3E5.TMP - Deleted
C:\VDM3E6.TMP - Deleted
C:\VDM3E7.TMP - Deleted
C:\VDM3E8.TMP - Deleted
C:\VDM3E9.TMP - Deleted
C:\VDM3EA.TMP - Deleted
C:\VDM3EB.TMP - Deleted
C:\VDM3EC.TMP - Deleted
C:\VDM3ED.TMP - Deleted
C:\VDM3EE.TMP - Deleted
C:\VDM3EF.TMP - Deleted
C:\VDM3F0.TMP - Deleted
C:\VDM3F1.TMP - Deleted
C:\VDM3F2.TMP - Deleted
C:\VDM3F3.TMP - Deleted
C:\VDM3F4.TMP - Deleted
C:\VDM3F5.TMP - Deleted
C:\VDM3F6.TMP - Deleted
C:\VDM3F7.TMP - Deleted
C:\VDM3F8.TMP - Deleted
C:\VDM3F9.TMP - Deleted
C:\VDM3FA.TMP - Deleted
C:\VDM3FB.TMP - Deleted
C:\VDM3FC.TMP - Deleted
C:\VDM3FD.TMP - Deleted
C:\VDM3FE.TMP - Deleted
C:\VDM3FF.TMP - Deleted
C:\VDM400.TMP - Deleted
C:\VDM401.TMP - Deleted
C:\VDM402.TMP - Deleted
C:\VDM403.TMP - Deleted
C:\VDM404.TMP - Deleted
C:\VDM405.TMP - Deleted
C:\VDM406.TMP - Deleted
C:\VDM407.TMP - Deleted
C:\VDM408.TMP - Deleted
C:\VDM409.TMP - Deleted
C:\VDM40A.TMP - Deleted
C:\VDM40B.TMP - Deleted
C:\VDM40C.TMP - Deleted
C:\VDM40D.TMP - Deleted
C:\VDM40E.TMP - Deleted
C:\VDM40F.TMP - Deleted
C:\VDM410.TMP - Deleted
C:\VDM411.TMP - Deleted
C:\VDM412.TMP - Deleted
C:\VDM413.TMP - Deleted
C:\VDM414.TMP - Deleted
C:\VDM415.TMP - Deleted
C:\VDM416.TMP - Deleted
C:\VDM417.TMP - Deleted
C:\VDM418.TMP - Deleted
C:\VDM419.TMP - Deleted
C:\VDM41A.TMP - Deleted
C:\VDM41B.TMP - Deleted
C:\VDM41C.TMP - Deleted
C:\VDM41D.TMP - Deleted
C:\VDM41F.TMP - Deleted
C:\VDM420.TMP - Deleted
C:\VDM422.TMP - Deleted
C:\VDM423.TMP - Deleted
C:\VDM426.TMP - Deleted
C:\VDM427.TMP - Deleted
C:\VDM429.TMP - Deleted
C:\VDM42A.TMP - Deleted
C:\VDM42C.TMP - Deleted
C:\VDM42D.TMP - Deleted
C:\VDM42F.TMP - Deleted
C:\VDM430.TMP - Deleted
C:\VDM432.TMP - Deleted
C:\VDM433.TMP - Deleted
C:\VDM435.TMP - Deleted
C:\VDM436.TMP - Deleted
C:\VDM438.TMP - Deleted
C:\VDM439.TMP - Deleted
C:\VDM43B.TMP - Deleted
C:\VDM43C.TMP - Deleted
C:\VDM43E.TMP - Deleted
C:\VDM43F.TMP - Deleted
C:\VDM441.TMP - Deleted
C:\VDM442.TMP - Deleted
C:\VDM445.TMP - Deleted
C:\VDM446.TMP - Deleted
C:\VDM448.TMP - Deleted
C:\VDM449.TMP - Deleted
C:\VDM44B.TMP - Deleted
C:\VDM44C.TMP - Deleted
C:\VDM44E.TMP - Deleted
C:\VDM44F.TMP - Deleted
C:\VDM451.TMP - Deleted
C:\VDM452.TMP - Deleted
C:\VDM455.TMP - Deleted
C:\VDM456.TMP - Deleted
C:\VDM458.TMP - Deleted
C:\VDM459.TMP - Deleted
C:\VDM45B.TMP - Deleted
C:\VDM45C.TMP - Deleted
C:\VDM45E.TMP - Deleted
C:\VDM45F.TMP - Deleted
C:\VDM461.TMP - Deleted
C:\VDM462.TMP - Deleted
C:\VDM464.TMP - Deleted
C:\VDM465.TMP - Deleted
C:\VDM467.TMP - Deleted
C:\VDM468.TMP - Deleted
C:\VDM46A.TMP - Deleted
C:\VDM46B.TMP - Deleted
C:\VDM46D.TMP - Deleted
C:\VDM46E.TMP - Deleted
C:\VDM470.TMP - Deleted
C:\VDM471.TMP - Deleted
C:\VDM473.TMP - Deleted
C:\VDM474.TMP - Deleted
C:\VDM476.TMP - Deleted
C:\VDM477.TMP - Deleted
C:\VDM479.TMP - Deleted
C:\VDM47A.TMP - Deleted
C:\VDM47D.TMP - Deleted
C:\VDM47E.TMP - Deleted
C:\VDM480.TMP - Deleted
C:\VDM481.TMP - Deleted
C:\VDM483.TMP - Deleted
C:\VDM484.TMP - Deleted
C:\VDM486.TMP - Deleted
C:\VDM487.TMP - Deleted
C:\VDM489.TMP - Deleted
C:\VDM48A.TMP - Deleted
C:\VDM48C.TMP - Deleted
C:\VDM48D.TMP - Deleted
C:\VDM48F.TMP - Deleted
C:\VDM490.TMP - Deleted
C:\VDM492.TMP - Deleted
C:\VDM493.TMP - Deleted
C:\VDM495.TMP - Deleted
C:\VDM496.TMP - Deleted
C:\VDM498.TMP - Deleted
C:\VDM499.TMP - Deleted
C:\VDM49B.TMP - Deleted
C:\VDM49C.TMP - Deleted
C:\VDM49E.TMP - Deleted
C:\VDM49F.TMP - Deleted
C:\VDM4A1.TMP - Deleted
C:\VDM4A2.TMP - Deleted
C:\VDM4A4.TMP - Deleted
C:\VDM4A5.TMP - Deleted
C:\VDM4A7.TMP - Deleted
C:\VDM4A8.TMP - Deleted
C:\VDM4AA.TMP - Deleted
C:\VDM4AB.TMP - Deleted
C:\VDM4AD.TMP - Deleted
C:\VDM4AE.TMP - Deleted
C:\VDM4B0.TMP - Deleted
C:\VDM4B1.TMP - Deleted
C:\VDM4B3.TMP - Deleted
C:\VDM4B4.TMP - Deleted
C:\VDM4B7.TMP - Deleted
C:\VDM4B8.TMP - Deleted
C:\VDM4BA.TMP - Deleted
C:\VDM4BB.TMP - Deleted
C:\VDM4BD.TMP - Deleted
C:\VDM4BE.TMP - Deleted
C:\VDM4C0.TMP - Deleted
C:\VDM4C1.TMP - Deleted
C:\VDM4C3.TMP - Deleted
C:\VDM4C4.TMP - Deleted
C:\VDM4C6.TMP - Deleted
C:\VDM4C7.TMP - Deleted
C:\VDM4C9.TMP - Deleted
C:\VDM4CA.TMP - Deleted
C:\VDM4CC.TMP - Deleted
C:\VDM4CD.TMP - Deleted
C:\VDM4D0.TMP - Deleted
C:\VDM4D1.TMP - Deleted
C:\VDM4D3.TMP - Deleted
C:\VDM4D4.TMP - Deleted
C:\VDM4D6.TMP - Deleted
C:\VDM4D7.TMP - Deleted
C:\VDM4D9.TMP - Deleted
C:\VDM4DA.TMP - Deleted
C:\VDM4DC.TMP - Deleted
C:\VDM4DD.TMP - Deleted
C:\VDM4DF.TMP - Deleted
C:\VDM4E0.TMP - Deleted
C:\VDM4E2.TMP - Deleted
C:\VDM4E3.TMP - Deleted
C:\VDM4E5.TMP - Deleted
C:\VDM4E6.TMP - Deleted
C:\VDM4E8.TMP - Deleted
C:\VDM4E9.TMP - Deleted
C:\VDM4EB.TMP - Deleted
C:\VDM4EC.TMP - Deleted
C:\VDM4EE.TMP - Deleted
C:\VDM4EF.TMP - Deleted
C:\VDM4F1.TMP - Deleted
C:\VDM4F2.TMP - Deleted
C:\VDM4F4.TMP - Deleted
C:\VDM4F5.TMP - Deleted
C:\VDM4F7.TMP - Deleted
C:\VDM4F8.TMP - Deleted
C:\VDM4FA.TMP - Deleted
C:\VDM4FB.TMP - Deleted
C:\VDM4FD.TMP - Deleted
C:\VDM4FE.TMP - Deleted
C:\VDM500.TMP - Deleted
C:\VDM501.TMP - Deleted
C:\VDM504.TMP - Deleted
C:\VDM505.TMP - Deleted
C:\VDM507.TMP - Deleted
C:\VDM508.TMP - Deleted
C:\VDM50A.TMP - Deleted
C:\VDM50B.TMP - Deleted
C:\VDM50D.TMP - Deleted
C:\VDM50E.TMP - Deleted
C:\VDM510.TMP - Deleted
C:\VDM511.TMP - Deleted
C:\VDM513.TMP - Deleted
C:\VDM514.TMP - Deleted
C:\VDM516.TMP - Deleted
C:\VDM517.TMP - Deleted
C:\VDM519.TMP - Deleted
C:\VDM51A.TMP - Deleted
C:\VDM51C.TMP - Deleted
C:\VDM51D.TMP - Deleted
C:\VDM51F.TMP - Deleted
C:\VDM520.TMP - Deleted
C:\VDM522.TMP - Deleted
C:\VDM523.TMP - Deleted
C:\VDM525.TMP - Deleted
C:\VDM526.TMP - Deleted
C:\VDM528.TMP - Deleted
C:\VDM529.TMP - Deleted
C:\VDM52B.TMP - Deleted
C:\VDM52C.TMP - Deleted
C:\VDM52E.TMP - Deleted
C:\VDM52F.TMP - Deleted
C:\VDM531.TMP - Deleted
C:\VDM532.TMP - Deleted
C:\VDM534.TMP - Deleted
C:\VDM535.TMP - Deleted
C:\VDM537.TMP - Deleted
C:\VDM538.TMP - Deleted
C:\VDM53A.TMP - Deleted
C:\VDM53B.TMP - Deleted
C:\VDM53D.TMP - Deleted
C:\VDM53E.TMP - Deleted
C:\VDM540.TMP - Deleted
C:\VDM541.TMP - Deleted
C:\VDM543.TMP - Deleted
C:\VDM544.TMP - Deleted
C:\VDM546.TMP - Deleted
C:\VDM547.TMP - Deleted
C:\VDM549.TMP - Deleted
C:\VDM54A.TMP - Deleted
C:\VDM54C.TMP - Deleted
C:\VDM54D.TMP - Deleted
C:\VDM54F.TMP - Deleted
C:\VDM550.TMP - Deleted
C:\VDM552.TMP - Deleted
C:\VDM553.TMP - Deleted
C:\VDM555.TMP - Deleted
C:\VDM556.TMP - Deleted
C:\VDM558.TMP - Deleted
C:\VDM559.TMP - Deleted
C:\VDM55B.TMP - Deleted
C:\VDM55C.TMP - Deleted
C:\VDM55E.TMP - Deleted
C:\VDM55F.TMP - Deleted
C:\VDM561.TMP - Deleted
C:\VDM562.TMP - Deleted
C:\VDM564.TMP - Deleted
C:\VDM565.TMP - Deleted
C:\VDM568.TMP - Deleted
C:\VDM569.TMP - Deleted
C:\VDM56B.TMP - Deleted
C:\VDM56C.TMP - Deleted
C:\VDM56E.TMP - Deleted
C:\VDM56F.TMP - Deleted
C:\VDM572.TMP - Deleted
C:\VDM573.TMP - Deleted
C:\VDM575.TMP - Deleted
C:\VDM576.TMP - Deleted
C:\VDM578.TMP - Deleted
C:\VDM579.TMP - Deleted
C:\VDM57B.TMP - Deleted
C:\VDM57C.TMP - Deleted
C:\VDM57E.TMP - Deleted
C:\VDM57F.TMP - Deleted
C:\VDM581.TMP - Deleted
C:\VDM582.TMP - Deleted
C:\VDM584.TMP - Deleted
C:\VDM585.TMP - Deleted
C:\VDM588.TMP - Deleted
C:\VDM589.TMP - Deleted
C:\VDM58B.TMP - Deleted
C:\VDM58C.TMP - Deleted
C:\VDM58E.TMP - Deleted
C:\VDM58F.TMP - Deleted
C:\VDM591.TMP - Deleted
C:\VDM592.TMP - Deleted
C:\VDM594.TMP - Deleted
C:\VDM595.TMP - Deleted
C:\VDM597.TMP - Deleted
C:\VDM598.TMP - Deleted
C:\VDM59A.TMP - Deleted
C:\VDM59B.TMP - Deleted
C:\VDM59D.TMP - Deleted
C:\VDM59E.TMP - Deleted
C:\VDM5A0.TMP - Deleted
C:\VDM5A1.TMP - Deleted
C:\VDM5A3.TMP - Deleted
C:\VDM5A4.TMP - Deleted
C:\VDM5A6.TMP - Deleted
C:\VDM5A7.TMP - Deleted
C:\VDM5A9.TMP - Deleted
C:\VDM5AA.TMP - Deleted
C:\VDM5AC.TMP - Deleted
C:\VDM5AD.TMP - Deleted
C:\VDM5AF.TMP - Deleted
C:\VDM5B0.TMP - Deleted
C:\VDM5B2.TMP - Deleted
C:\VDM5B3.TMP - Deleted
C:\VDM5B5.TMP - Deleted
C:\VDM5B6.TMP - Deleted
C:\VDM5B8.TMP - Deleted
C:\VDM5B9.TMP - Deleted
C:\VDM5BB.TMP - Deleted
C:\VDM5BC.TMP - Deleted
C:\VDM5BE.TMP - Deleted
C:\VDM5BF.TMP - Deleted
C:\VDM5C1.TMP - Deleted
C:\VDM5C2.TMP - Deleted
C:\VDM5C4.TMP - Deleted
C:\VDM5C5.TMP - Deleted
C:\VDM5C7.TMP - Deleted
C:\VDM5C8.TMP - Deleted
C:\VDM5CA.TMP - Deleted
C:\VDM5CB.TMP - Deleted
C:\VDM5CD.TMP - Deleted
C:\VDM5CE.TMP - Deleted
C:\VDM5D0.TMP - Deleted
C:\VDM5D1.TMP - Deleted
C:\VDM5D3.TMP - Deleted
C:\VDM5D4.TMP - Deleted
C:\VDM5D6.TMP - Deleted
C:\VDM5D7.TMP - Deleted
C:\VDM5D9.TMP - Deleted
C:\VDM5DA.TMP - Deleted
C:\VDM5DC.TMP - Deleted
C:\VDM5DD.TMP - Deleted
C:\VDM5DF.TMP - Deleted
C:\VDM5E0.TMP - Deleted
C:\VDM5E2.TMP - Deleted
C:\VDM5E3.TMP - Deleted
C:\VDM5E5.TMP - Deleted
C:\VDM5E6.TMP - Deleted
C:\VDM5E8.TMP - Deleted
C:\VDM5E9.TMP - Deleted
C:\VDM5EB.TMP - Deleted
C:\VDM5EC.TMP - Deleted
C:\VDM5EE.TMP - Deleted
C:\VDM5EF.TMP - Deleted
C:\VDM5F1.TMP - Deleted
C:\VDM5F2.TMP - Deleted
C:\VDM5F4.TMP - Deleted
C:\VDM5F5.TMP - Deleted
C:\VDM5F7.TMP - Deleted
C:\VDM5F8.TMP - Deleted
C:\VDM5FA.TMP - Deleted
C:\VDM5FB.TMP - Deleted
C:\VDM5FD.TMP - Deleted
C:\VDM5FE.TMP - Deleted
C:\VDM6.TMP - Deleted
C:\VDM600.TMP - Deleted
C:\VDM601.TMP - Deleted
C:\VDM603.TMP - Deleted
C:\VDM604.TMP - Deleted
C:\VDM606.TMP - Deleted
C:\VDM607.TMP - Deleted
C:\VDM609.TMP - Deleted
C:\VDM60A.TMP - Deleted
C:\VDM7.TMP - Deleted
C:\VDM8A1.TMP - Deleted
C:\VDM8A2.TMP - Deleted
C:\VDM8A4.TMP - Deleted
C:\VDM8A5.TMP - Deleted
C:\VDM8A7.TMP - Deleted
C:\VDM8A8.TMP - Deleted
C:\VDM8AA.TMP - Deleted
C:\VDM8AB.TMP - Deleted
C:\VDM8AD.TMP - Deleted
C:\VDM8AE.TMP - Deleted
C:\VDM8B0.TMP - Deleted
C:\VDM8B1.TMP - Deleted
C:\VDM8B3.TMP - Deleted
C:\VDM8B4.TMP - Deleted
C:\VDM9.TMP - Deleted
C:\VDMA.TMP - Deleted
C:\VDMC.TMP - Deleted
C:\VDMD.TMP - Deleted
C:\VDMF.TMP - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 19:22:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000060
"TracesSuccessful"=dword:0000001a

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\RINKIJ~1\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 28 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\BIT23.tmp"
Thu 22 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\185ffc9c54c4e043c235f121ca634613\BIT4.tmp"

Finished!

[ + lainaa]

pekoni

Junior Member

22. toukokuuta 2008 @ 19:33

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:12, on 22.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Elisa\Anti-Virus\fsgk32st.exe
D:\Elisa\Anti-Virus\FSGK32.EXE
D:\Elisa\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Elisa\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
D:\Elisa\Common\FCH32.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
D:\Elisa\Common\FAMEH32.EXE
D:\Elisa\Anti-Virus\fsqh.exe
D:\Elisa\FSAUA\program\fsaua.exe
D:\Elisa\Anti-Virus\fssm32.exe
D:\Elisa\FWES\Program\fsdfwd.exe
D:\Elisa\FSAUA\program\fsus.exe
D:\Elisa\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\notepad.exe
D:\Elisa\Common\FSM32.EXE
D:\Elisa\FSGUI\ispnews.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Elisa\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Elisa\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Elisa\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "D:\Elisa\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [RemoteControl] D:\PDVDServ.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\HalfLife\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Tuki - {A3E0137A-2916-4120-8C77-63290A78DB14} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {AC0C846A-42DA-4F21-AD53-D37B212D5C78} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {F7FE1C58-BC27-4A05-BC8F-D671E80C7C0B} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDown...iaSmartScan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Elisa\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Elisa\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Elisa\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Elisa\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9427 bytes

[ + lainaa]

pekoni

Junior Member

22. toukokuuta 2008 @ 19:36

Linkki tähän viestiin

Mitäs hirvityksiä oikein oli ja mitähän kauheuksia on/voinut tapahtua.

Mitäs seuraavaksi pitäis tehdä?

Tuhannesti kiitos avusta!

[ + lainaa]

Hujo

AfterDawn Addict

22. toukokuuta 2008 @ 21:22

Linkki tähän viestiin

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt08.sqm
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

[ + lainaa]

Eihä kone voi edes toimia?

pekoni

Junior Member

22. toukokuuta 2008 @ 21:47

Linkki tähän viestiin

Öö sori, mut mikä on quotebox?

[ + lainaa]

pekoni

Junior Member

22. toukokuuta 2008 @ 21:53

Linkki tähän viestiin

Löysinkin että mikä se on :)

[ + lainaa]

Hujo

AfterDawn Addict

22. toukokuuta 2008 @ 21:54

Linkki tähän viestiin

tuo lainaus sisältö

[ + lainaa]

Eihä kone voi edes toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 22. toukokuuta 2008 @ 21:55

pekoni

Junior Member

22. toukokuuta 2008 @ 22:18

Linkki tähän viestiin

ComboFix 08-05-21.2 - rinki ja susinki 2008-05-22 22:12:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.613 [GMT 3:00]
Running from: C:\Documents and Settings\rinki ja susinki\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\rinki ja susinki\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-22 to 2008-05-22 )))))))))))))))))
.

2008-05-22 19:09 . 2008-05-22 19:09 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-05-22 19:02 . 2008-05-22 19:02 268 --ah----- C:\sqmdata14.sqm
2008-05-22 19:02 . 2008-05-22 19:02 244 --ah----- C:\sqmnoopt14.sqm
2008-05-22 13:35 . 2008-05-22 13:35 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-21 04:07 . 2008-05-21 04:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-21 01:33 . 2008-05-21 01:33 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-05-21 01:33 . 2008-05-21 01:33 <KANSIO> d-------- C:\Program Files\CCleaner
2008-04-25 20:09 . 2008-04-25 20:09 <KANSIO> d-------- C:\Program Files\AVSMedia

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 01:10 --------- d-----w C:\Documents and Settings\rinki ja susinki\Application Data\uTorrent
2008-05-20 18:07 15,322 ----a-w C:\Documents and Settings\rinki ja susinki\Application Data\wklnhst.dat
2008-05-20 14:31 --------- d-----w C:\Program Files\Sonera
2008-04-26 16:54 --------- d-----w C:\Program Files\Windows Live
2008-04-14 14:09 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 04:49 2,402,320 ----a-w C:\WLinstaller.exe
2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-12 18:29 57,656 ----a-w C:\Documents and Settings\rinki ja susinki\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-05-22_18.54.14.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 09:39:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 16:19:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 10:30:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-22 16:09:18 4,427,776 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-05-22 16:09:19 307,200 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-20 10:30:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-22 16:09:09 4,427,776 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-05-22 16:09:09 307,200 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360]
"Steam"="D:\HalfLife\Steam.exe" [2008-03-28 10:06 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="D:\Elisa\Common\FSM32.exe" [2007-04-26 20:12 183208]
"F-Secure TNB"="D:\Elisa\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"News Service"="D:\Elisa\FSGUI\ispnews.exe" [2005-05-31 15:45 356352]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 13:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-14 05:00 99840]
"RemoteControl"="D:\PDVDServ.exe" [2003-10-31 19:42 32768]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 03:11 50688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="D:\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-09 06:37 185632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"CnxTrApp"="C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll" [ ]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Color Calibration.lnk - C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe [2007-07-13 19:06:19 36864]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2007-07-13 19:05:43 155715]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 20:09]
R1 F-Secure HIPS;F-Secure HIPS;D:\Elisa\HIPS\fshs.sys [2007-04-26 20:11]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;D:\Elisa\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 10:50]
S4 F-Secure Filter;F-Secure File System Filter;D:\Elisa\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;D:\Elisa\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-24 05:57:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 00:05:13 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- D:\Elisa\ANTI-V~1\fsav.exeE /HARD /POLICY /SCHED /NOBREAK /REPORT=D:\Elisa\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 22:13:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-22 22:15:11
ComboFix-quarantined-files.txt 2008-05-22 19:14:58
ComboFix2.txt 2008-05-22 19:04:54
ComboFix3.txt 2008-05-22 15:54:45

Pre-Run: 6,537,302,016 tavua vapaana
Post-Run: 6,529,855,488 tavua vapaana

141 --- E O F --- 2008-05-16 20:03:41

[ + lainaa]

pekoni

Junior Member

22. toukokuuta 2008 @ 22:58

Linkki tähän viestiin

Mitäs sit? Toi f-secure ilmoitteli jotain virusta kun tein tota äskeistä hommaa en vaan uskaltanu painella sen toimintoja samaan aikaan kun toi ojelma teki töitä...

[ + lainaa]

Hujo

AfterDawn Addict

23. toukokuuta 2008 @ 00:25

Linkki tähän viestiin

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

================

sulla on tuo ccleaner koneella aja sillä puhdistaja ja virheet

[ + lainaa]

Eihä kone voi edes toimia?

pekoni

Junior Member

23. toukokuuta 2008 @ 01:52

Linkki tähän viestiin

ComboFix 08-05-21.2 - rinki ja susinki 2008-05-23 1:44:59.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.486 [GMT 3:00]
Running from: C:\Documents and Settings\rinki ja susinki\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\rinki ja susinki\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata14.sqm
C:\sqmnoopt14.sqm

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-22 to 2008-05-22 )))))))))))))))))
.

2008-05-22 19:09 . 2008-05-22 19:09 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-05-22 13:35 . 2008-05-22 13:35 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-21 04:07 . 2008-05-21 04:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-21 01:33 . 2008-05-21 01:33 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-05-21 01:33 . 2008-05-21 01:33 <KANSIO> d-------- C:\Program Files\CCleaner
2008-04-25 20:09 . 2008-04-25 20:09 <KANSIO> d-------- C:\Program Files\AVSMedia

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 01:10 --------- d-----w C:\Documents and Settings\rinki ja susinki\Application Data\uTorrent
2008-05-20 18:07 15,322 ----a-w C:\Documents and Settings\rinki ja susinki\Application Data\wklnhst.dat
2008-05-20 14:31 --------- d-----w C:\Program Files\Sonera
2008-04-26 16:54 --------- d-----w C:\Program Files\Windows Live
2008-04-14 14:09 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 04:49 2,402,320 ----a-w C:\WLinstaller.exe
2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-12 18:29 57,656 ----a-w C:\Documents and Settings\rinki ja susinki\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-05-22_18.54.14.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 09:39:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 16:19:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 10:30:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-22 16:09:18 4,427,776 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-05-22 16:09:19 307,200 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-20 10:30:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-22 16:09:09 4,427,776 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-05-22 16:09:09 307,200 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360]
"Steam"="D:\HalfLife\Steam.exe" [2008-03-28 10:06 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="D:\Elisa\Common\FSM32.exe" [2007-04-26 20:12 183208]
"F-Secure TNB"="D:\Elisa\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"News Service"="D:\Elisa\FSGUI\ispnews.exe" [2005-05-31 15:45 356352]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 13:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-14 05:00 99840]
"RemoteControl"="D:\PDVDServ.exe" [2003-10-31 19:42 32768]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 03:11 50688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 1556


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.