Hei taas arvoisat afterdawnin käyttäjät. Elikkä tuli yhden ohjelman mukana koneelle troijalainen. Ongelma on sellainen kun käynnistin ohjelman kone sammui ja käynnistyi uudelleen ja sitten olikin kaikki windows perinteinen näkymässä ei voi laittaa takaisin xp näkymään koska sellaista valikossa ei enää ole . Sitten norton ei käynnisty lainkaan eikä sitä saa päälle skannaamaan konetta olen skannannut koneen aware se ohjelmalla joka löysi viruksia ja poisti ne ,mutta eipä tuo mitään tuntunut auttavan. En pysty asentamaan mitään viruksen poisto ohjelmaa paitsi malwarebytesin sain asennettua ,mutta se ei käynnisty tulee vaan runtime error 373. Sitten vielä kaikki varoitus äänet kuuluu koneen sisältä piip ääninä niinku dossissa.Siis arvoisat afterdawnin käyttäjät onko muuta keinoa ,kun formatoida kone kiitän vastauksista etukäteen. Nyt huomasin kun skannasin ad-awarella useampaan kertaan niin löytyy aina samat saastuneet tiedostot sen nimi oli virtumonde ja adware luokitteli sen malwareen ad-aware poistaa mukamas tiedostot ,mutta kyllä ne aina löytyvät skannauksessa uudestaan.
Kokeile toimiiko vikasietotila ja aja tämä siell' seuraavan ohjeen mukaan Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi Auttaako jos nimeät malwarebytessin uudelleen, klikkaa oikea hiirinäppäin pikakuvakkeen päällä > nimeä uudelleen > kirjoita malwarebytessin tilalle vaikka "skanneri"
SDFix: Version 1.240 Run by HP_Administrator on 2009-02-22 at 17:35 Microsoft Windows XP [versio 5.1.2600] Running From: C:\Documents and Settings\HP_Administrator\Desktop\SDFix\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\cuze.dll - Deleted C:\WINDOWS\SYSTEM32\CUZE.DLL - Deleted Removing Temp Files ADS Check : C:\WINDOWS\system32\svchost.exe : ADS Found! svchost.exe: deleted 32768 bytes in 1 streams. Checking for remaining Streams C:\WINDOWS\system32\svchost.exe No streams found. Tuommonen raportti sieltä tuli. Ei auttanu tuossa malwarebytesissä se nimen vaihto.
1. Lataa ComboFix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 älä asenna palutus consolia 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ====================================================================== * Lataa tästä HJTInstall.exe * Tallenna HJTInstall.exe työpöydällesi. * Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi. * Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis. * Klikkaa Install. * Asennusohjelma luo HijackThis-kuvakkeen työpöydälle. * Kun asennus on valmis, se käynnistää HijackThisin. * Klikkaa Do a system scan and save a logfile-painiketta. * Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon. * Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön. * Liitä lokin sisältö seuraavaan vastaukseesi. * ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä. * ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia. * Postaa tuore loki combofix lokin kera
ComboFix 09-02-21.01 - HP_Administrator 2009-02-23 19:27:57.2 - NTFSx86 Sijainti: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lsass.exe . . . on saastunut!! c:\windows\system32\winlogon.exe . . . on saastunut!! c:\windows\system32\services.exe . . . on saastunut!! c:\windows\system32\svchost.exe . . . on saastunut!! c:\windows\system32\spoolsv.exe . . . on saastunut!! c:\windows\explorer.exe . . . on saastunut!! . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-23 to 2009-02-23 ))))))))))))))))) . 2009-02-22 17:34 . 2009-02-22 17:34 578,560 --a------ c:\windows\system32\dllcache\user32.dll 2009-02-22 17:32 . 2009-02-22 17:32 <DIR> d-------- c:\windows\ERUNT 2009-02-21 19:00 . 2009-02-21 19:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-21 19:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-21 19:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-21 17:48 . 2009-02-21 17:48 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-21 17:11 . 2009-02-21 17:11 <DIR> d-------- C:\Downloads 2009-02-21 17:11 . 2009-02-21 17:11 <DIR> d-------- C:\Bases 2009-02-21 17:10 . 2009-02-21 17:16 <DIR> d-------- C:\Kaspersky 2009-02-21 16:53 . 2009-02-21 16:53 <DIR> d-------- c:\program files\Trend Micro 2009-02-21 15:42 . 2009-02-23 19:37 100,590 --a------ c:\windows\system32\drivers\80da3eb8.sys 2009-02-21 15:42 . 2009-02-21 15:42 245 --a------ c:\windows\tmp4171296.bat 2009-02-21 15:41 . 2009-02-21 15:41 46,592 --a------ c:\windows\system32\urqnlMda.dll.vir 2009-02-19 19:36 . 2009-02-21 19:15 <DIR> d-------- c:\program files\DC++ 2009-01-27 15:04 . 2009-02-11 21:12 2,250,024 --a------ c:\windows\system32\pbsvc.exe 2009-01-23 07:26 . 2009-01-23 07:26 268 --ah----- C:\sqmdata02.sqm 2009-01-23 07:26 . 2009-01-23 07:26 244 --ah----- C:\sqmnoopt02.sqm . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-21 13:41 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-19 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-16 11:17 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-16 11:17 --------- d-----w c:\program files\Rockstar Games 2009-02-11 19:12 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-11 19:12 22,328 ----a-w c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys 2009-02-01 16:26 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Canon 2009-01-31 06:18 --------- d-----w c:\program files\BitComet 2009-01-17 11:28 --------- d-----w c:\program files\Java 2009-01-05 23:43 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-05 23:43 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-05 23:43 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-05 23:43 --------- d-----w c:\program files\Symantec 2009-01-05 21:53 --------- d-----w c:\program files\Bonjour 2009-01-05 21:51 --------- d-----w c:\program files\iTunes 2009-01-05 21:51 --------- d-----w c:\program files\iPod 2009-01-05 21:51 --------- d-----w c:\program files\Common Files\Apple 2009-01-05 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-05 21:48 --------- d-----w c:\program files\QuickTime 2009-01-05 21:29 --------- d-----w c:\program files\Safari 2009-01-04 11:32 --------- d-----w c:\program files\EA GAMES 2009-01-04 11:19 --------- d-----w c:\program files\Common Files\DirectX 2007-04-03 17:30 251 ----a-w c:\program files\wt3d.ini 2008-09-03 16:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090320080904\index.dat . ------- Sigcheck ------- 2004-08-10 06:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 02:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\ServicePackFiles\i386\svchost.exe 2009-02-21 15:42 17408 32c2328a50d4b44d22ba1e93bef1fc6c c:\windows\system32\svchost.exe 2005-03-02 20:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll 2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\$NtServicePackUninstall$\user32.dll 2004-08-10 06:00 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll 2005-03-02 20:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll 2008-04-14 02:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\ServicePackFiles\i386\user32.dll 2008-04-14 02:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\user32.dll 2009-02-22 17:34 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\dllcache\user32.dll 2004-08-10 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\$NtServicePackUninstall$\ws2_32.dll 2008-04-14 02:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\ServicePackFiles\i386\ws2_32.dll 2008-04-14 02:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\system32\ws2_32.dll 2005-10-21 12:38 661504 af785c4947676a7fc1673fdc5c8d0b5b c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll 2007-08-20 12:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll 2007-10-11 01:47 825344 0e5d918f87efa7d2424d66b499c7eb04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll 2007-12-07 04:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll 2008-03-01 15:03 827392 6316c2f0c61271c8abdff7429174879e c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll 2008-04-23 05:35 827392 41546b396a526918da7995a02ea04e51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll 2008-06-23 18:01 827904 c66402a06b83b036c195242c0c8cf83c c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll 2008-08-26 11:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll 2008-10-16 22:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll 2008-12-21 01:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll 2004-08-10 06:00 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\$NtUninstallKB905915$\wininet.dll 2005-10-21 12:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 c:\windows\$NtUninstallKB912945$\wininet.dll 2006-01-10 03:02 662016 dde9597a3311748c1519444e2bc147bd c:\windows\$NtUninstallKB925454$\wininet.dll 2006-10-23 17:34 664576 231ef4179acabe486376b5ca893f1076 c:\windows\$NtUninstallKB928090$\wininet.dll 2007-01-04 16:05 665088 3ffa1573fc274e5aa7467d03941c45ee c:\windows\$NtUninstallKB931768$\wininet.dll 2007-02-20 11:52 665600 b258c922d22deec880b60720531d7627 c:\windows\$NtUninstallKB933566$\wininet.dll 2007-04-18 14:46 665600 4261ba03afd659de04f0a17dfbdd454d c:\windows\$NtUninstallKB937143$\wininet.dll 2007-06-26 16:35 665600 e1a3dd68b5380b360a7310a64d9bb188 c:\windows\$NtUninstallKB939653$\wininet.dll 2007-08-22 14:55 665600 a1bc17eb3758d73c3938b2318820f5b4 c:\windows\ie7\wininet.dll 2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB939653-IE7\wininet.dll 2007-08-20 12:04 824832 774435e499d8e9643ec961a6103c361f c:\windows\ie7updates\KB942615-IE7\wininet.dll 2007-10-11 01:56 824832 30c1e0f34ad2972c72a01db5c74ab065 c:\windows\ie7updates\KB944533-IE7\wininet.dll 2007-12-07 04:21 824832 806d274c9a6c3aaea5eae8e4af841e04 c:\windows\ie7updates\KB947864-IE7\wininet.dll 2008-03-01 15:06 826368 ad21461aef8244edec2ef18e55e1dcf3 c:\windows\ie7updates\KB950759-IE7\wininet.dll 2008-04-23 06:16 826368 f6589be784647cfdbc22ea51ccb1a57a c:\windows\ie7updates\KB953838-IE7\wininet.dll 2008-06-23 18:57 826368 8c13d4a7479fa0a026eda8abce82c0ed c:\windows\ie7updates\KB956390-IE7\wininet.dll 2008-08-26 09:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll 2008-10-16 22:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\ie7updates\KB961260-IE7\wininet.dll 2008-04-14 02:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\ServicePackFiles\i386\wininet.dll 2007-08-20 12:04 824832 774435e499d8e9643ec961a6103c361f c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\wininet.dll 2007-08-20 12:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\wininet.dll 2008-12-21 01:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll 2008-12-21 01:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll 2008-12-21 01:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\system32\wininet.dll 2008-12-21 01:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\system32\dllcache\wininet.dll 2005-03-14 10:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-10 06:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys 2005-03-14 09:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 c:\windows\$NtUninstallKB917953$\tcpip.sys 2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys 2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys 2004-08-10 06:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\$NtServicePackUninstall$\winlogon.exe 2008-04-14 02:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\ServicePackFiles\i386\winlogon.exe 2008-04-14 02:12 512000 b74ab94c612fc413893072de23dba462 c:\windows\system32\winlogon.exe 2004-08-10 06:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys 2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys 2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2004-08-10 06:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys 2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys 2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys 2005-03-02 02:36 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2006-12-19 18:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe 2007-02-28 11:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2008-08-14 14:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe 2007-02-28 10:38 2015744 a58ac1c6199ef34228abee7fc057ae09 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe 2004-08-10 13:00 2015232 fb142b7007ca2eea76966c6c5cc12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe 2005-03-02 02:34 2015232 3cd941e472ddf3534e53038535719771 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe 2006-12-19 14:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe 2008-04-13 20:31 2023936 7f653a89f6e89e3ae0d49830eece35d4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe 2008-08-14 11:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\Driver Cache\i386\ntkrnlpa.exe 2008-04-13 20:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe 2008-08-14 11:33 2023936 8206b5f94a6a9450e934029420c1693f c:\windows\system32\ntkrnlpa.exe 2008-08-14 11:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\system32\dllcache\ntkrnlpa.exe 2005-03-02 03:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2006-12-19 18:51 2182016 cef243f6defd20be4adde26c7ecacb54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe 2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2008-08-14 15:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe 2007-02-28 11:08 2136064 1220faf071dea8653ee21de7dcda8bfd c:\windows\$NtServicePackUninstall$\ntoskrnl.exe 2004-08-10 13:00 2148352 626309040459c3915997ef98ec1c8d40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-02 02:57 2135552 48b3e89af7074cee0314a3e0c7faffdb c:\windows\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 16:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe 2008-04-13 21:24 2145280 40f8880122a030a7e9e1fedea833b33d c:\windows\$NtUninstallKB956841$\ntoskrnl.exe 2008-08-14 12:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\Driver Cache\i386\ntoskrnl.exe 2008-04-13 21:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe 2008-08-14 12:09 2145280 f6f8245b3a2e9ca834dd318e7ae0c6d0 c:\windows\system32\ntoskrnl.exe 2008-08-14 12:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\system32\dllcache\ntoskrnl.exe 2008-04-14 02:12 1036288 b1ea775e0211f91236fcad385f0842eb c:\windows\explorer.exe 2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 12:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-10 06:00 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-14 02:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\ServicePackFiles\i386\explorer.exe 2004-08-10 06:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\$NtServicePackUninstall$\services.exe 2008-04-14 02:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\ServicePackFiles\i386\services.exe 2008-04-14 02:12 111104 cb96f29129740a1a08ea2fa7963dd50b c:\windows\system32\services.exe 2004-08-10 06:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\$NtServicePackUninstall$\lsass.exe 2008-04-14 02:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\ServicePackFiles\i386\lsass.exe 2008-04-14 02:12 14848 f84777a245ffb4b1ebbc1cd79a75bda8 c:\windows\system32\lsass.exe 2004-08-10 06:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 02:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\ServicePackFiles\i386\ctfmon.exe 2008-04-14 02:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\system32\ctfmon.exe 2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe 2004-08-10 06:00 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 02:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\ServicePackFiles\i386\spoolsv.exe 2008-04-14 02:12 58880 8d97485a68c66883c28bf927b946fa88 c:\windows\system32\spoolsv.exe 2004-08-10 06:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 02:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe 2008-04-14 02:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe 2005-03-10 16:49 295424 c29a5286e64d97385178452d5f307b98 c:\windows\$NtServicePackUninstall$\termsrv.dll 2008-04-14 02:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\ServicePackFiles\i386\termsrv.dll 2008-04-14 02:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\termsrv.dll 2006-07-05 12:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll 2007-04-16 18:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll 2007-04-16 17:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\$NtServicePackUninstall$\kernel32.dll 2004-08-10 06:00 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll 2006-07-05 12:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll 2008-04-14 02:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\ServicePackFiles\i386\kernel32.dll 2008-04-14 02:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\system32\kernel32.dll 2004-08-10 06:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\$NtServicePackUninstall$\powrprof.dll 2008-04-14 02:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\ServicePackFiles\i386\powrprof.dll 2008-04-14 02:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\system32\powrprof.dll 2004-08-10 06:00 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\$NtServicePackUninstall$\imm32.dll 2008-04-14 02:11 110080 0da85218e92526972a821587e6a8bf8f c:\windows\ServicePackFiles\i386\imm32.dll 2008-04-14 02:11 110080 0da85218e92526972a821587e6a8bf8f c:\windows\system32\imm32.dll . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856] "PeerGuardian"="c:\hyöty\PeerGuardian2\pg2.exe" [2005-09-18 1421824] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-04 165784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitComet"="c:\program files\BitComet\BitComet.exe" [2007-11-07 1881400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-15 122880] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2005-11-09 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2005-11-09 c:\windows\system32\CTXFIHLP.EXE] "PCDrProfiler"="" [BU] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Steam\\SteamApps\\jmp92\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16358:TCP"= 16358:TCP:BitComet 16358 TCP "16358:UDP"= 16358:UDP:BitComet 16358 UDP "7666:TCP"= 7666:TCP:BitComet 7666 TCP "7666:UDP"= 7666:UDP:BitComet 7666 UDP "7654:TCP"= 7654:TCP:BitComet 7654 TCP "7654:UDP"= 7654:UDP:BitComet 7654 UDP R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] R3 getPlus(R) Helper;getPlus(R) Helper; [x] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\DRIVERS\wn5301.sys [2005-10-05 468768] S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-02-15 2825088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376] --- Muut muistissa olevat ajurit/palvelut --- *NewlyCreated* - COMHOST *Deregistered* - AFD *Deregistered* - Apple Mobile Device *Deregistered* - Arp1394 *Deregistered* - ARPolicy *Deregistered* - ARSVC *Deregistered* - atksgt *Deregistered* - audstub *Deregistered* - bb-run *Deregistered* - Beep *Deregistered* - Bonjour Service *Deregistered* - Cdfs *Deregistered* - CLTNetCnService *Deregistered* - comHost *Deregistered* - Creative Service for CDROM Access *Deregistered* - ctac32k *Deregistered* - ctprxy2k *Deregistered* - ctsfm2k *Deregistered* - dmio *Deregistered* - dmload *Deregistered* - eeCtrl *Deregistered* - emupia *Deregistered* - EraserUtilRebootDrv *Deregistered* - Fastfat *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - ftsata2 *Deregistered* - Gpc *Deregistered* - ha20x2k *Deregistered* - HTTP *Deregistered* - iaStor *Deregistered* - IntelIde *Deregistered* - IpFilterDriver *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - KSecDD *Deregistered* - LightScribeService *Deregistered* - lirsgt *Deregistered* - LiveUpdate Notice Ex *Deregistered* - LiveUpdate Notice Service *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - NVSvc *Deregistered* - ossrv *Deregistered* - PartMgr *Deregistered* - pgfilter *Deregistered* - Pml Driver HPZ12 *Deregistered* - PnkBstrA *Deregistered* - PnkBstrB *Deregistered* - PptpMiniport *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - rdpdr *Deregistered* - sfdrv01 *Deregistered* - sfhlp02 *Deregistered* - sfrem01 *Deregistered* - sfsync02 *Deregistered* - sfvfs02 *Deregistered* - sptd *Deregistered* - sr *Deregistered* - SRTSPX *Deregistered* - swenum *Deregistered* - SYMDNS *Deregistered* - SymEvent *Deregistered* - SYMFW *Deregistered* - SYMIDS *Deregistered* - SYMIDSCO *Deregistered* - SYMNDIS *Deregistered* - SYMREDRV *Deregistered* - SYMTDI *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - Update *Deregistered* - Wanarp *Deregistered* - VgaSave *Deregistered* - ViaIde *Deregistered* - VolSnap [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{339003c8-9772-11dd-8715-0016179f8e87}] \Shell\AutoRun\command - K:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{339003cb-9772-11dd-8715-0016179f8e87}] \Shell\AutoRun\command - K:\AutoRun.exe . 'Ajoitetut tehtävät'-kansion sisältö 2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Täydentävä tarkistus ------- . uStart Page = hxxp://finnish.toggle.com/index.php?rvs=hompag uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PAVILION&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PAVILION&pf=desktop uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &d&ownload &with bitcomet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &d&ownload all video with bitcomet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &d&ownload all with bitcomet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm TCP: {0A0DDB86-16BE-4A47-A9F5-FCD2D768B348} = 192.168.0.254,192.168.0.252 FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tjvtxzqh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - DivX Finland -tekstityshaku FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:fifficial FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-23 19:36:50 Windows 5.1.2600 Service Pack 3 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... c:\windows\system32\svchost.exe:ext.exe 32768 bytes executable tarkistus on valmis piilotetut tiedostot: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\80da3eb8] "ImagePath"="\SystemRoot\System32\drivers\80da3eb8.sys" . --------------------- LUKITUT REKISTERIAVAIMET --------------------- [HKEY_USERS\s-1-5-21-551326484-3441172137-3611615989-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:76,c7,37,91,90,cc,40,d8,58,e3,40,c6,3f,7e,87,d5,f1,45,19,52,6d,87,9a, a3,81,0d,2b,84,3e,07,00,f3,2f,be,ff,a4,43,7a,b8,35,79,d9,6d,24,fa,62,bc,69,\ "??"=hex:d9,ac,be,96,d4,f6,6e,1f,b1,39,5b,75,97,0a,96,f5 [HKEY_USERS\s-1-5-21-551326484-3441172137-3611615989-1007\Software\SecuROM\License information*] "datasecu"=hex:e1,92,eb,e8,3c,ed,dc,a8,30,0f,84,db,ec,92,ac,af,1f,3b,91,2c,bc, 7a,93,d9,4d,13,02,3e,d5,34,e4,f4,04,0d,11,af,85,76,71,b2,81,af,21,2b,5f,a0,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . ------------------------ Muut prosessit ------------------------ . c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\arservice.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe c:\program files\HP\Digital Imaging\bin\hpqtra08.exe . ************************************************************************** . Valmistumisajankohta: 2009-02-23 19:41:25 - kone käynnistettiin uudelleen [HP_Administrator] ComboFix-quarantined-files.txt 2009-02-23 17:41:23 ComboFix2.txt 2009-02-22 14:42:20 Ennen ajoa: 96,436,105,216 bytes free Ajon jälkeen: 96,419,246,080 tavua vapaana 467 --- E O F --- 2009-02-11 19:52:06 Tollanen tuli combofixillä. Joudun laittamaan kaksi eri viestiä viruksen takia kun ohjelmat eivät näy tehtävä palkissa.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:55:47, on 23.2.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\HP\KBD\KBD.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\hyöty\PeerGuardian2\pg2.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\explorer.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PAVILION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=63&bd=PAVILION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: BitComet ClickCapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PeerGuardian] C:\hyöty\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - S-1-5-18 Startup: Registration Driver Parallel Lines.LNK = C:\Program Files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe (User '?') O4 - .DEFAULT Startup: Registration Driver Parallel Lines.LNK = C:\Program Files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Registration Driver Parallel Lines.LNK = C:\Program Files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &d&ownload &with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &d&ownload all video with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &d&ownload all with bitcomet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0A0DDB86-16BE-4A47-A9F5-FCD2D768B348}: NameServer = 192.168.0.254,192.168.0.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{0A0DDB86-16BE-4A47-A9F5-FCD2D768B348}: NameServer = 192.168.0.254,192.168.0.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{0A0DDB86-16BE-4A47-A9F5-FCD2D768B348}: NameServer = 192.168.0.254,192.168.0.252 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 13404 bytes Hjackthisillä tuli sitten tämmöinen.
edit kokeilaan saada vielä toimimaan se malwarebytes käynnistä vikasietotilaan, en oo varma toimiiko se siellä mutta kokeile jossei toimi niin lataa se uudelleen vaikka http://www.malwarebytes.org ja ennen tallennusta vaihda sen asennustiedoston nimi näyttää pahasti saastuneen niin jossei ala toipua niin kerron jatkotoimenpiteistä lataa superantispyware http://www.download.fi/tyopoytaohjelmat/haittaohjelmien_poisto/superantispyware.cfm päivitä ja skannaa ja kerros minkä ohjelman mukana tuli tää sotku ja mistä latasit
Elikkä norton ei käynnisty lainkaan. Malwarea en saanut toimimaan vaikka vaihdoin nimet yms ja latasin uudelleen. Tulee vaan tämmönen ilmoitus: Runtime error ´372´: Failed to load control ´VbaGrid´ from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be out datet. Make sure you are using the version of the control that was provided with your application. Ja sitten muuta mukavaa Superantispywaren asennus ei onnistunut herjas tämmöstä: Windows installer palvelun käyttäminen ei onnistu Windowsin vikasietotila tai windows installerin viallinen asennus saataa estää käyttämisen. Ota yhteys tukihenkilöön. Ja mistä tämä saise sai alkunsa. Latasin yhteen peliin unlock koodia (warea ei tueta ainakaan tämän jälkeen enään). Latasin koodin zippi muodossa tai siis latasin zipin missä piti olla koodi purin sen ja aukaisin sen jutun missä koodin piti olla niin kone sammui ja kännistyi heti uudelleen tässä vaiheessa löin virrat poikki ja käynnistin koneen itse uudelleen. Ja sitten kone oli tässä jamassa missä se nyt on. Pitää kohta alkaa harkitsemaan tuota formatointia jos muu ei auta. Ja kokeilin nuita malwarea ja ad-awarea yms vikasietotilassakin mutta ei toiminut. Siis uudemman ad-awaren asennus ei onnistu mutta pitää kokeilla skannata tuolla vanhemmalla ad-awarella vikasietotilassa ,jos se sitten onnistuisi poistamaan nuo saiset.
No niin elikkä formatoin tietokoneen ja tuntuu toimivan suhteellisen normaalisti lukuun ottamatta sitä ,että kun aukaiset esimerkiksi omatietokoneeen ja heilutat kuvaketta niin se heiluu todella tahmeasti. Pahin ongelma tällä hetkellä on tuo netin asennus en pääse sinne sivulle muokkaamaan modeemin asetuksia kun kirjoitan komentoriville sen 192.168.0.254 explorer ilmoittaa ,että internet explorer ei voi avata etsintä sivua. Mozilla sitten ilmoittaa ,että yhteyden muodostus epäonnistui.
tuohon ongelmaan en oikein osaa auttaa mutta ens kerran kun lataat jotain niin kannattaa tarkistaa vaikka virusturvalla ensin se tiedosto näin välttää ne ongelmat ja hyväksi olisi jos lataat nyt tuon malwarebytessin, säilytät sen koneella ja skannailet vaikka kerran 2 viikossa ========================================================================= paljos on koneessa keskusmuistia
Joo nyt toimii oikein kiikutin koneen tuon formatoinnin jälkeen huoltoon ja ajureja olivat päivittäneet. Nyt toimii oikein.
