MESEVIRUS kone aivan tukossa TÄSSÄ HJT LOGI:

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

maanantai 13.10.2008 / 14:21

Haku:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > mesevirus kone aivan tukossa tässä hjt logi:

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

MESEVIRUS kone aivan tukossa TÄSSÄ HJT LOGI:

Siirry:

Kirjoittaja

Viesti

pyrtsa

Newbie

30. kesäkuuta 2008 @ 20:31

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:25, on 30.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Työpöytä\HiJackThis_v2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O2 - BHO: (no name) - {D066843B-9724-4DCB-86C6-99AF09F88A77} - C:\WINDOWS\system32\nnnnOGWM.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [303320b3] rundll32.exe "C:\WINDOWS\system32\fqfkbbys.dll",b
O4 - HKLM\..\Run: [BM3300132f] Rundll32.exe "C:\WINDOWS\system32\ggspvbua.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\nnnnOGWM.dll,c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\PYRY~1.AKI\LOCALS~1\Temp\aaenxxvb.dll",run
O4 - HKCU\..\Run: [303320b3] rundll32.exe "C:\DOCUME~1\PYRY~1.AKI\LOCALS~1\Temp\hptworlo.dll",b
O4 - HKCU\..\Run: [BM3300132f] Rundll32.exe "C:\DOCUME~1\PYRY~1.AKI\LOCALS~1\Temp\gbjlkbgt.dll",s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Prlo] "C:\DOCUME~1\Omistaja\OMATTI~1\DOBE~2\svchost.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnljijd - nnnljiJd.dll (file missing)
O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - (no file)
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7079 bytes

[ + lainaa]

pyrtsa

Newbie

30. kesäkuuta 2008 @ 20:39

Linkki tähän viestiin

koneessa varmaan myös jotain muuta koska aina kun kirjautuu sisään niin tulee jotain varoituksia:
"RUNDLL: virhe ladattaessa: c:WINDOWS/system32..."
sit tulee kokoajan jotain ponnahdusikkunoita ja työpöydän kuvakkeet katoo. :(

[ + lainaa]

kalminen

Senior Member

30. kesäkuuta 2008 @ 22:26

Linkki tähän viestiin

Tehdään ensin karkea harvennus !!!

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

--------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

---------------------------------------------

Lähetä:
(C:\ComboFix.txt)
uusi hjt-loki
Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
.

[ + lainaa]

pyrtsa

Newbie

1. heinäkuuta 2008 @ 20:55

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:34, on 1.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Työpöytä\HiJackThis_v2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnljijd - nnnljiJd.dll (file missing)
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7105 bytes

siinä olis HJT
---------------------------------------------------------------------------

tässä on Malwarebytes logi
Malwarebytes' Anti-Malware 1.19
Tietokantaversio: 910
Windows 5.1.2600 Service Pack 2

19:17:51 1.7.2008
mbam-log-7-1-2008 (19-17-49).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 246191
Kulunut aika: 2 hour(s), 50 minute(s), 17 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 15

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> No action taken.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows svchost (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MS Juan (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM3300132f (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM3300132f (Trojan.Agent) -> No action taken.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Documents and Settings\Iida\Local Settings\Temporary Internet Files\Content.IE5\HDWN1YSV\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Liisa\Local Settings\Temp\fccdebby.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Liisa\Local Settings\Temp\sjxacibb.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Liisa\Local Settings\Temporary Internet Files\Content.IE5\CPGFKLA1\CAA6XV8Z (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Liisa\Local Settings\Temporary Internet Files\Content.IE5\VJQ0LETT\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Työpöytä\settii\XMoto\sqlite3.dll (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Työpöytä\XMoto\sqlite3.dll (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Työpöytä\lollero\saaqun kamat\XMoto\sqlite3.dll (Rogue.Multiple) -> No action taken.
C:\lollero\saaqun kamat\XMoto\sqlite3.dll (Rogue.Multiple) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Local Settings\Temp\aaenxxvb.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Local Settings\Temp\gbjlkbgt.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ClickToFindandFixErrors_RON_Intl.ico (Malware.Trace) -> No action taken.
C:\Documents and Settings\Liisa\setup.exe (Trojan.Agent) -> No action taken.
-----------------------------------------------------------------------------------

ja täs combofix

ComboFix 08-06-30.2 - pyry 2008-07-01 20:28:15.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.202 [GMT 3:00]
Running from: C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM3300132f.xml
.
---- Previous Run -------
.
C:\WINDOWS\BM3300132f.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahaevftc.ini
C:\WINDOWS\system32\axjsoevu.ini
C:\WINDOWS\system32\drivers\pfn35.sys
C:\WINDOWS\system32\edtygpmn.dll
C:\WINDOWS\system32\iksvmkgj.ini
C:\WINDOWS\system32\kekvwadr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mtxevtsb.dll
C:\WINDOWS\system32\muwnigwa.ini
C:\WINDOWS\system32\rtmdfy.dll
C:\WINDOWS\system32\sybbkfqf.ini
C:\WINDOWS\system32\umvoblyb.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_pfn35
-------\Legacy_tcpsr
-------\Service_pfn35

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-01 to 2008-07-01 )))))))))))))))))
.

2008-07-01 19:49 . 2008-07-01 19:49 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-07-01 14:10 . 2008-07-01 14:10 244 --ah-c--- C:\sqmnoopt08.sqm
2008-07-01 14:10 . 2008-07-01 14:10 232 --ah-c--- C:\sqmdata08.sqm
2008-07-01 13:58 . 2008-07-01 13:58 <KANSIO> d--h----- C:\Documents and Settings\pyryn super tili\Mallit
2008-07-01 12:23 . 2008-07-01 12:23 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 12:23 . 2008-07-01 12:23 <KANSIO> d-------- C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\Malwarebytes
2008-07-01 12:23 . 2008-07-01 12:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 12:23 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 12:23 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 12:16 . 2008-07-01 12:16 <KANSIO> d---s---- C:\Documents and Settings\pyryn super tili\UserData
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\WINDOWS\Application Data
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d--h----- C:\Documents and Settings\pyryn super tili\Verkkoympäristö
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Työpöytä
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Suosikit
2008-07-01 12:14 . 2008-07-01 14:10 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Omat tiedostot
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Käynnistä-valikko
2008-07-01 12:13 . 2008-07-01 13:58 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-07-01 12:10 . 2008-07-01 15:54 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-06-30 21:18 . 2008-06-30 21:18 103,424 --a------ C:\WINDOWS\system32\ibdvaigu.dll
2008-06-30 21:12 . 2008-06-30 21:12 91,136 --a------ C:\WINDOWS\system32\agvkroop.dll
2008-06-30 17:45 . 2008-06-30 17:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-30 17:45 . 2008-06-30 17:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 17:46 . 2008-06-25 17:46 <KANSIO> d-------- C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\OLYMPUS
2008-06-23 16:59 . 2008-06-23 16:59 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\OngameNetwork
2008-06-20 12:40 . 2008-06-30 16:57 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\.xmoto
2008-06-13 01:18 . 2008-06-13 01:18 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-11 17:14 . 2008-06-11 17:14 <KANSIO> d-------- C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\AVGTOOLBAR
2008-06-11 17:12 . 2008-06-11 17:15 8,192 --a------ C:\Documents and Settings\Pyry
2008-06-11 17:12 . 2008-06-11 17:15 8,192 --a------ C:\Documents and Settings\chanttu
2008-06-10 21:32 . 2008-06-10 21:32 268 --ah-c--- C:\sqmdata07.sqm
2008-06-10 21:32 . 2008-06-10 21:32 244 --ah-c--- C:\sqmnoopt07.sqm
2008-06-10 17:02 . 2008-06-10 17:02 375,298 --a------ C:\WINDOWS\system32\perfh040.dat
2008-06-10 17:02 . 2008-06-10 17:02 74,450 --a------ C:\WINDOWS\system32\perfc040.dat
2008-06-10 16:58 . 2008-06-10 16:58 29 --a------ C:\WINDOWS\system32\raaipqqf.tmp
2008-06-10 16:57 . 2008-06-10 06:00 43,520 --a------ C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\patch.exe
2008-06-10 16:57 . 2008-04-17 11:11 43 --a------ C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\RUNME.bat
2008-06-10 16:24 . 2008-06-10 16:24 42 --a------ C:\WINDOWS\system32\RegistryGenius.lie
2008-06-08 17:50 . 2008-06-24 19:45 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Omat tiedostot
2008-06-07 17:52 . 2008-06-07 17:52 <KANSIO> d-------- C:\Program Files\Shield
2008-06-07 17:18 . 2008-06-07 17:18 <KANSIO> d--h----- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Verkkoympäristö
2008-06-07 16:59 . 2008-06-07 16:59 <KANSIO> d-------- C:\Program Files\ToniArts
2008-06-07 13:03 . 2008-06-07 13:03 <KANSIO> d-------- C:\Program Files\Recuva
2008-06-07 12:53 . 2008-07-01 14:19 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Työpöytä
2008-06-07 12:53 . 2008-06-10 16:58 <KANSIO> dr------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Suosikit
2008-06-07 12:53 . 2008-06-07 12:53 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Käynnistä-valikko
2008-06-07 12:53 . 2008-06-23 16:59 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q
2008-06-07 10:48 . 2008-06-07 10:48 244 --ah-c--- C:\sqmnoopt06.sqm
2008-06-07 10:48 . 2008-06-07 10:48 232 --ah-c--- C:\sqmdata06.sqm
2008-06-05 21:54 . 2008-06-05 21:54 <KANSIO> d-------- C:\WINDOWS\Mozilla
2008-06-05 20:11 . 2008-06-20 12:36 <KANSIO> d----c--- C:\lollero
2008-06-05 20:01 . 2008-06-05 20:01 244 --ah-c--- C:\sqmnoopt05.sqm
2008-06-05 20:01 . 2008-06-05 20:01 232 --ah-c--- C:\sqmdata05.sqm
2008-06-04 20:28 . 2008-06-07 13:45 113 --a------ C:\WINDOWS\BSPLAYER.LST
2008-06-04 18:13 . 2008-06-04 18:13 244 --ah-c--- C:\sqmnoopt04.sqm
2008-06-04 18:13 . 2008-06-04 18:13 232 --ah-c--- C:\sqmdata04.sqm
2008-06-04 14:05 . 2008-06-04 14:05 244 --ah-c--- C:\sqmnoopt03.sqm
2008-06-04 14:05 . 2008-06-04 14:05 232 --ah-c--- C:\sqmdata03.sqm
2008-06-04 14:04 . 2008-06-04 14:04 244 --ah-c--- C:\sqmnoopt02.sqm
2008-06-04 14:04 . 2008-06-04 14:04 232 --ah-c--- C:\sqmdata02.sqm
2008-06-04 14:01 . 2008-06-04 14:01 244 --ah-c--- C:\sqmnoopt01.sqm
2008-06-04 14:01 . 2008-06-04 14:01 232 --ah-c--- C:\sqmdata01.sqm
2008-06-04 13:27 . 2008-06-04 13:27 244 --ah-c--- C:\sqmnoopt00.sqm
2008-06-04 13:27 . 2008-06-04 13:27 232 --ah-c--- C:\sqmdata00.sqm
2008-06-02 17:21 . 2008-06-02 17:21 <KANSIO> d-------- C:\Program Files\Ubisoft

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 17:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-01 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-15 12:08 --------- d-----w C:\Program Files\Lexmark 3100 Series
2008-06-10 13:42 --------- d-----w C:\Documents and Settings\Liisa\Application Data\uTorrent
2008-06-10 13:42 --------- d-----w C:\Documents and Settings\Liisa\Application Data\LimeWire
2008-06-10 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 13:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 07:47 --------- d-----w C:\Program Files\MSN Messenger
2008-06-03 10:47 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-02 14:55 --------- d-----w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\uTorrent
2008-05-31 07:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 07:05 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 07:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 07:05 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 07:05 --------- d-----w C:\Program Files\Symantec
2008-05-31 07:05 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-30 11:48 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-16 11:55 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-05-15 18:07 --------- d-----w C:\Program Files\Google
2008-05-07 16:39 --------- d-----w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\Easy Thumbnails
2008-05-07 15:49 --------- d-----w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\ArcSoft
2008-03-05 18:46 3,718 ----a-w C:\Documents and Settings\Liisa\Application Data\wklnhst.dat
2008-02-12 17:59 862 ----a-w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\wklnhst.dat
2008-01-30 14:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-11 07:39 820,572,463 ----a-w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data.zip
2007-06-26 19:58 168 --sh--r C:\WINDOWS\system32\539AF39ABB.sys
2007-06-26 19:58 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-01_20.04.24.10 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11 771704]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 13:16 5058560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"Prlo"="C:\DOCUME~1\Omistaja\OMATTI~1\DOBE~2\svchost.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnljijd]
nnnljiJd.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= pvmjpg21.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bge04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pua26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Documents and Settings\\All Users\\Tiedostot\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-22 14:06]
R2 devdpl;devdpl;C:\WINDOWS\system32\DRIVERS\devdpl.sys [2002-10-13 22:26]
R2 litdpl;litdpl;C:\WINDOWS\system32\DRIVERS\litdpl.sys [2002-10-13 22:17]
S0 bge04;bge04;C:\WINDOWS\system32\Drivers\Bge04.sys []
S0 pua26;pua26;C:\WINDOWS\system32\Drivers\Pua26.sys []
S2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-22 14:06]
S3 pohci13F;pohci13F;C:\DOCUME~1\Saaqu\LOCALS~1\Temp\pohci13F.sys []

*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-07-18 17:11:43 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2008-06-30 17:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Suorita täyd. järj.tarkistus - chanttu.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
- - - - ORPHANS REMOVED - - - -

Notify-= - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 20:33:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-01 20:40:15
ComboFix-quarantined-files.txt 2008-07-01 17:40:12

Pre-Run: 27,178,565,632 tavua vapaana
Post-Run: 27,175,038,976 tavua vapaana

210 --- E O F --- 2008-05-17 06:59:20

[ + lainaa]

kalminen

Senior Member

2. heinäkuuta 2008 @ 00:03

Linkki tähän viestiin

Tuo Malwarebytes ei tehnyt pöpöille mitään.
Pitäis varmaan suomentaa tämä näköjään, kun ohjelmakin on suomeksi HI
Ajaisitko sen uudelleen tarkkaile seuraavia kohtia =>
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.

-------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O20 - Winlogon Notify: nnnljijd - nnnljiJd.dll (file missing)

---------------------------------------------------------------------------------------------

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
File::
C:\WINDOWS\system32\ibdvaigu.dll
C:\WINDOWS\system32\agvkroop.dll
C:\DOCUME~1\Saaqu\LOCALS~1\Temp\pohci13F.sys
C:\DOCUME~1\Omistaja\OMATTI~1\DOBE~2\svchost.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnljijd]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Prlo"=-

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Lähetä (C:\ComboFix.txt) ja HJT logi.
.

[ + lainaa]

pyrtsa

Newbie

5. heinäkuuta 2008 @ 20:58

Linkki tähän viestiin

malwarebyte ei läytänyt mitään vaikka tein kaiken ohjeiden mukaan :(

Malwarebytes' Anti-Malware 1.19
Tietokantaversio: 910
Windows 5.1.2600 Service Pack 2

20:57:03 5.7.2008
mbam-log-7-5-2008 (20-57-03).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 246755
Kulunut aika: 1 hour(s), 21 minute(s), 40 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

[ + lainaa]

kalminen

Senior Member

5. heinäkuuta 2008 @ 21:29

Linkki tähän viestiin

Jovain oli se hommansa hoitanut vaikka väitti
No action tacen

Laita se (C:\ComboFix.txt) logi raahauksesta =>
.

[ + lainaa]

pyrtsa

Newbie

5. heinäkuuta 2008 @ 22:58

Linkki tähän viestiin

ComboFix 08-06-30.2 - pyry 2008-07-05 22:21:18.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.210 [GMT 3:00]
Running from: C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\ibdvaigu.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-05 to 2008-07-05 )))))))))))))))))
.

2008-07-02 01:20 . 2008-07-02 01:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-01 19:54 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 14:10 . 2008-07-01 14:10 244 --ah-c--- C:\sqmnoopt08.sqm
2008-07-01 14:10 . 2008-07-01 14:10 232 --ah-c--- C:\sqmdata08.sqm
2008-07-01 13:58 . 2008-07-01 13:58 <KANSIO> d--h----- C:\Documents and Settings\pyryn super tili\Mallit
2008-07-01 12:23 . 2008-07-01 12:23 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 12:23 . 2008-07-01 12:23 <KANSIO> d-------- C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\Malwarebytes
2008-07-01 12:23 . 2008-07-01 12:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 12:23 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 12:23 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 12:16 . 2008-07-01 12:16 <KANSIO> d---s---- C:\Documents and Settings\pyryn super tili\UserData
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\WINDOWS\Application Data
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d--h----- C:\Documents and Settings\pyryn super tili\Verkkoympäristö
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Työpöytä
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Suosikit
2008-07-01 12:14 . 2008-07-01 14:10 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Omat tiedostot
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Käynnistä-valikko
2008-07-01 12:13 . 2008-07-01 13:58 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-07-01 12:10 . 2008-07-01 15:54 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-06-30 17:45 . 2008-06-30 17:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-30 17:45 . 2008-06-30 17:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 17:46 . 2008-06-25 17:46 <KANSIO> d-------- C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\OLYMPUS
2008-06-23 16:59 . 2008-06-23 16:59 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\OngameNetwork
2008-06-20 12:40 . 2008-06-30 16:57 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\.xmoto
2008-06-13 01:18 . 2008-06-13 01:18 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-11 17:14 . 2008-06-11 17:14 <KANSIO> d-------- C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\AVGTOOLBAR
2008-06-11 17:12 . 2008-06-11 17:15 8,192 --a------ C:\Documents and Settings\Pyry
2008-06-11 17:12 . 2008-06-11 17:15 8,192 --a------ C:\Documents and Settings\chanttu
2008-06-10 21:32 . 2008-06-10 21:32 268 --ah-c--- C:\sqmdata07.sqm
2008-06-10 21:32 . 2008-06-10 21:32 244 --ah-c--- C:\sqmnoopt07.sqm
2008-06-10 17:02 . 2008-06-10 17:02 375,298 --a------ C:\WINDOWS\system32\perfh040.dat
2008-06-10 17:02 . 2008-06-10 17:02 74,450 --a------ C:\WINDOWS\system32\perfc040.dat
2008-06-10 16:58 . 2008-06-10 16:58 29 --a------ C:\WINDOWS\system32\raaipqqf.tmp
2008-06-10 16:57 . 2008-04-17 11:11 43 --a------ C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\RUNME.bat
2008-06-10 16:24 . 2008-06-10 16:24 42 --a------ C:\WINDOWS\system32\RegistryGenius.lie
2008-06-08 17:50 . 2008-06-24 19:45 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Omat tiedostot
2008-06-07 17:52 . 2008-06-07 17:52 <KANSIO> d-------- C:\Program Files\Shield
2008-06-07 17:18 . 2008-06-07 17:18 <KANSIO> d--h----- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Verkkoympäristö
2008-06-07 16:59 . 2008-06-07 16:59 <KANSIO> d-------- C:\Program Files\ToniArts
2008-06-07 13:03 . 2008-06-07 13:03 <KANSIO> d-------- C:\Program Files\Recuva
2008-06-07 12:53 . 2008-07-01 14:19 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Työpöytä
2008-06-07 12:53 . 2008-06-10 16:58 <KANSIO> dr------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Suosikit
2008-06-07 12:53 . 2008-06-07 12:53 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Käynnistä-valikko
2008-06-07 12:53 . 2008-07-05 19:40 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q
2008-06-07 10:48 . 2008-06-07 10:48 244 --ah-c--- C:\sqmnoopt06.sqm
2008-06-07 10:48 . 2008-06-07 10:48 232 --ah-c--- C:\sqmdata06.sqm
2008-06-05 21:54 . 2008-06-05 21:54 <KANSIO> d-------- C:\WINDOWS\Mozilla
2008-06-05 20:11 . 2008-06-20 12:36 <KANSIO> d----c--- C:\lollero
2008-06-05 20:01 . 2008-06-05 20:01 244 --ah-c--- C:\sqmnoopt05.sqm
2008-06-05 20:01 . 2008-06-05 20:01 232 --ah-c--- C:\sqmdata05.sqm

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-03 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-15 12:08 --------- d-----w C:\Program Files\Lexmark 3100 Series
2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 13:42 --------- d-----w C:\Documents and Settings\Liisa\Application Data\uTorrent
2008-06-10 13:42 --------- d-----w C:\Documents and Settings\Liisa\Application Data\LimeWire
2008-06-10 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 13:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 07:47 --------- d-----w C:\Program Files\MSN Messenger
2008-06-03 10:47 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-02 14:55 --------- d-----w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\uTorrent
2008-06-02 14:21 --------- d-----w C:\Program Files\Ubisoft
2008-05-31 07:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 07:05 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 07:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 07:05 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 07:05 --------- d-----w C:\Program Files\Symantec
2008-05-31 07:05 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-30 11:48 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-16 11:55 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-05-15 18:07 --------- d-----w C:\Program Files\Google
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 16:39 --------- d-----w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\Easy Thumbnails
2008-05-07 15:49 --------- d-----w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\ArcSoft
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-05 18:46 3,718 ----a-w C:\Documents and Settings\Liisa\Application Data\wklnhst.dat
2008-02-12 17:59 862 ----a-w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\wklnhst.dat
2008-01-30 14:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-11 07:39 820,572,463 ----a-w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data.zip
2007-06-26 19:58 168 --sh--r C:\WINDOWS\system32\539AF39ABB.sys
2007-06-26 19:58 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11 771704]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 13:16 5058560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= pvmjpg21.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bge04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pua26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Documents and Settings\\All Users\\Tiedostot\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-22 14:06]
R2 devdpl;devdpl;C:\WINDOWS\system32\DRIVERS\devdpl.sys [2002-10-13 22:26]
R2 litdpl;litdpl;C:\WINDOWS\system32\DRIVERS\litdpl.sys [2002-10-13 22:17]
S0 bge04;bge04;C:\WINDOWS\system32\Drivers\Bge04.sys []
S0 pua26;pua26;C:\WINDOWS\system32\Drivers\Pua26.sys []
S2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-22 14:06]
S3 pohci13F;pohci13F;C:\DOCUME~1\Saaqu\LOCALS~1\Temp\pohci13F.sys []

*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-07-18 17:11:43 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2008-06-30 17:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Suorita täyd. järj.tarkistus - chanttu.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
- - - - ORPHANS REMOVED - - - -

Notify-= - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 22:25:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-05 22:32:30
ComboFix-quarantined-files.txt 2008-07-05 19:32:27
ComboFix2.txt 2008-07-01 17:40:16

Pre-Run: 27,011,952,640 tavua vapaana
Post-Run: 27,007,184,896 tavua vapaana

177 --- E O F --- 2008-07-01 22:22:46

siinä olisi combofix logi

[ + lainaa]

pyrtsa

Newbie

5. heinäkuuta 2008 @ 23:04

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:33, on 5.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Työpöytä\HiJackThis_v2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6777 bytes

täs HJT

[ + lainaa]

kalminen

Senior Member

6. heinäkuuta 2008 @ 13:17

Linkki tähän viestiin

Combon raahaus ei onnistunut (irrota älä klikkaa)

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:
File::
C:\WINDOWS\system32\ibdvaigu.dll
C:\WINDOWS\system32\agvkroop.dll
C:\DOCUME~1\Saaqu\LOCALS~1\Temp\pohci13F.sys
C:\DOCUME~1\Omistaja\OMATTI~1\DOBE~2\svchost.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnljijd]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Prlo"=-

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

[ + lainaa]

pyrtsa

Newbie

14. heinäkuuta 2008 @ 21:00

Linkki tähän viestiin

ComboFix 08-07-13.14 - pyry 2008-07-14 20:04:11.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.215 [GMT 3:00]
Running from: C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\Omistaja\OMATTI~1\DOBE~2\svchost.exe
C:\DOCUME~1\Saaqu\LOCALS~1\Temp\pohci13F.sys
C:\WINDOWS\system32\agvkroop.dll
C:\WINDOWS\system32\ibdvaigu.dll
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-14 to 2008-07-14 )))))))))))))))))
.

2008-07-14 19:56 . 2008-07-14 19:56 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2008-07-14 19:55 . 2008-07-14 19:55 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-07-14 19:44 . 2008-07-14 19:54 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-14 18:28 . 2008-07-14 18:56 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Application Data\LimeWire
2008-07-14 15:35 . 2008-07-14 15:35 <KANSIO> d-------- C:\Program Files\Windows Journal Viewer
2008-07-12 12:54 . 2008-07-12 12:54 <KANSIO> d-------- C:\Documents and Settings\Liisa\OngameNetwork
2008-07-11 14:18 . 2008-07-11 14:18 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\WINDOWS
2008-07-11 14:16 . 2008-07-11 14:16 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Incomplete
2008-07-11 14:16 . 2008-07-11 14:16 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Contacts
2008-07-10 22:20 . 2008-07-10 22:25 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\.xmoto
2008-07-10 10:40 . 2008-07-10 10:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-07 13:35 . 2008-07-07 13:35 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Application Data\vlc
2008-07-06 22:13 . 2008-07-06 22:13 <KANSIO> d----c--- C:\Microsoft
2008-07-01 19:54 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 19:42 . 2008-07-12 21:06 4,194,804 --a------ C:\WINDOWS\pfirewall.log.old
2008-07-01 14:10 . 2008-07-01 14:10 244 --ah-c--- C:\sqmnoopt08.sqm
2008-07-01 14:10 . 2008-07-01 14:10 232 --ah-c--- C:\sqmdata08.sqm
2008-07-01 13:58 . 2008-07-01 13:58 <KANSIO> d--h----- C:\Documents and Settings\pyryn super tili\Mallit
2008-07-01 12:23 . 2008-07-01 12:23 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 12:23 . 2008-07-01 12:23 <KANSIO> d-------- C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\Malwarebytes
2008-07-01 12:23 . 2008-07-01 12:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 12:23 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 12:23 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 12:16 . 2008-07-01 12:16 <KANSIO> d---s---- C:\Documents and Settings\pyryn super tili\UserData
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\WINDOWS\Application Data
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d--h----- C:\Documents and Settings\pyryn super tili\Verkkoympäristö
2008-07-01 12:14 . 2008-07-11 18:10 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Työpöytä
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Suosikit
2008-07-01 12:14 . 2008-07-10 22:17 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Omat tiedostot
2008-07-01 12:14 . 2008-07-01 12:14 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili\Käynnistä-valikko
2008-07-01 12:13 . 2008-07-10 22:20 <KANSIO> d-------- C:\Documents and Settings\pyryn super tili
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-07-01 12:10 . 2008-07-01 12:10 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-07-01 12:10 . 2008-07-01 15:54 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-06-30 17:45 . 2008-07-14 18:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-30 17:45 . 2008-06-30 17:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 17:46 . 2008-06-25 17:46 <KANSIO> d-------- C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\OLYMPUS
2008-06-23 20:01 . 2008-06-23 20:01 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Application Data\Thunderbird
2008-06-23 16:59 . 2008-07-12 20:12 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\OngameNetwork
2008-06-20 20:41 . 2008-06-20 20:41 246,784 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:44 . 2008-06-20 13:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 12:40 . 2008-07-14 16:54 <KANSIO> d-------- C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\.xmoto

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 16:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-14 16:43 --------- d-----w C:\Program Files\Windows Live
2008-07-14 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-14 16:42 --------- d-----w C:\Program Files\MSN Messenger
2008-07-14 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-12 14:02 --------- d-----w C:\Program Files\Lexmark 3100 Series
2008-07-12 10:12 --------- d-----w C:\Documents and Settings\Liisa\Application Data\LimeWire
2008-07-10 17:39 --------- d-----w C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Application Data\uTorrent
2008-07-07 10:35 --------- d-----w C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Application Data\vlc
2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-11 16:19 --------- d-----w C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Application Data\Grisoft
2008-06-11 15:12 --------- d-----w C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Application Data\AVGTOOLBAR
2008-06-11 14:14 --------- d-----w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\AVGTOOLBAR
2008-06-10 13:42 --------- d-----w C:\Documents and Settings\Liisa\Application Data\uTorrent
2008-06-07 14:52 --------- d-----w C:\Program Files\Shield
2008-06-07 13:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 13:59 --------- d-----w C:\Program Files\ToniArts
2008-06-07 09:58 --------- d-----w C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\Application Data\Lavasoft
2008-06-03 10:47 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-02 14:55 --------- d-----w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\uTorrent
2008-06-02 14:21 --------- d-----w C:\Program Files\Ubisoft
2008-05-31 07:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 07:05 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 07:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 07:05 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 07:05 --------- d-----w C:\Program Files\Symantec
2008-05-31 07:05 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-30 11:48 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-15 18:07 --------- d-----w C:\Program Files\Google
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 08:11 43 ----a-w C:\Documents and Settings\Saaqu.AKI-S54H8SEOL9Q\RUNME.bat
2008-03-05 18:46 3,718 ----a-w C:\Documents and Settings\Liisa\Application Data\wklnhst.dat
2008-02-12 17:59 862 ----a-w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data\wklnhst.dat
2008-01-30 14:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-11 07:39 820,572,463 ----a-w C:\Documents and Settings\pyry.AKI-S54H8SEOL9Q\Application Data.zip
2007-06-26 19:58 168 --sh--r C:\WINDOWS\system32\539AF39ABB.sys
2007-06-26 19:58 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-07-05_21.45.19.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:14:20 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:17 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:17 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:56 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:56 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:04 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:04 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:25 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:25 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-07-14 12:35:52 65,536 ----a-r C:\WINDOWS\Installer\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}\_C68C351F090F4EF39AFB6B7B54014C9E.exe
+ 2008-07-14 16:54:19 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
- 2008-02-20 05:38:03 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:09 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:38:03 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:09 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2004-08-03 21:56:44 207,360 ----a-w C:\WINDOWS\system32\inked.dll
- 2007-01-19 09:53:04 51,056 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
- 2007-11-30 11:19:02 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:27 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2004-08-03 21:56:58 293,376 ----a-w C:\WINDOWS\system32\wisptis.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11 771704]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 13:16 5058560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= pvmjpg21.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bge04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pua26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.