1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

ratkaisua vaille oleva ongelma.

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi joniz123 30.09.2008.

  1. Hujo

    Hujo Guest

    Itellä oli F-secure aikasemmin ja sen heitin pois ja otin avast virustorjunnan. Päivitykset tulee kuin manulle illalinen.
    kun avast on rekisteröity ja pitääkin rekisteröidä että toimii 14kk
    ja taas uusi rekisteröinti.

     
  2.  
  3. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26
    eli ehdotat mulle, että norton 360 kannattaa jättää kaupan hyllylle ja ladata avast virustorjunnan vai? entäpä palomuuri?
     
  4. Hujo

    Hujo Guest

    tuolta löytyy

    ite oon rohkee suomalainen xp palomuuri käytössä :D

    Monihan on kehunut tuota vistan palomuuria mutta jos se ei mielytä niin linkistä löytyy muureja.

    Outpost Firewall
    Comodo Personal Firewall

    On vähän maku asia tuo juttu niinkuin virustorjuntakin
     
  5. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26
    itse kiinnostuin tuosta vistan omasta palomuurista... pärjääkö palomuuri norttonin 360 palomuurille? päärjääkö avast+windowssin oma palomuuri päivittäisessä käytössä (sisältäen maalaisjärjen)?ei kauheasti huvittaisi maksaa 60e turhasta, jos saa ilmaiseksi ei nyt saman tasoista, mutta ainakin suhtkoht hyvää tavaraa.täytyy varmaankin tuo f-secure 2008 poistaa ja ottaa tilalle joku kevyempi/toimivampi ohjelma tilalle, kun tuota tilausta ei nyt ole kuin 1kk jäljellä... pakkohan tuo f-secure oli ottaa, kun ilmaiseksi sain mikrobitin kautta... sitä ennen oli nortton 360 (ei 2.0) , joka toimi lähes täydellisesti kunnes tuli mokailtua ja joutui vaihtamaan tuohon f-secureen.
     
  6. Hujo

    Hujo Guest

    väitäsin näin että avastin asennuksen jälkeen kun pistät avastin scannaan.

    Myös pakatut tiedostot niin avasti tulee huutamaan pahasti

    niin vois sitä vistan palomuuria käyttää ja sitä maalaisjärkee.

    Joo mitä sitä noista makselee kun ilmasiakin on.

    vistan palomuurista

    vistan noputtamista
     
  7. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26
    taas kävi niin, että kun käynnistin uudelleen koneen kone jumitti siihen kohtaan missä menee se palikka eteenpäin ja joutui käynnistämään kone uudestaan.rasittava "ominaisuus" sanon minä. poistan nyt ensin f-securen ja asennan avastin ja pistän windowssin oman palomuurin "kuntoon".katson vaikuttaako asiaan mitenkään...
     
  8. Hujo

    Hujo Guest

    Joo toi f-secure on niin kade reviiristään.
     
  9. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26
    no nyt tuli asennettuu sit avast.mut kannattaako tota VRDB tietokantaa käyttää avastissa meinaan?ei toi f-secure poistaminen vaikuttanut mitenkään siihen, että aina jossain välissä tietokone tilttaa käynnistyessä?en keksi mitään ratkaisua, mitä pitäs tehä???
    ei toi sinänsä haittaa, kun sitten buuttaa siitä kohtaa koneen mihinkä tilttasi ja sit toimii...rastittava "ominaisuus" kumminkin.nyt kumminkin ram muistin kuormitus on enää 40& normaali tilassa, mut kyllä joku sitä rammia aika paljon haukkaa kun vaapaata tilaa on silti vaan se 1200mb normaali tilassa.
     
  10. Hujo

    Hujo Guest

    Tarkista koneesi F-Securen online skannerilla

    Huom, skanneri toimii vain Internet Explorer selaimella

    * Lue sivun ohjeet huolella läpi
    * Klikkaa Start scanning
    * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
    * Klikkaa Accept
    * Klikkaa Custom Scan
    * Säädä asetukset seuraavasti

    o "Virus Scan Option" kohdasta valitse Scan whole system
    o "Other Scan Option" kohdasta valitse Scan All Files
    o Valitse Scan whole system for rootkits
    o Valitse Scan whole system for spyware
    o Laita ruksi kohtaan Scan inside archives
    o Varmista että Use advanced heuristics on valittuna

    * Klikkaa Start
    * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
    * Odota kärsivällisesti
    * Kun sakannaus on suoritettu, klikkaa Automatic cleaning
    * Klikkaa Show Report
    * Raportti aukeaa selaimessa, kopioi teksti kokonaan
    * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
    * Voit sulkea skannerin
    * Lähetä raportti viestiketjuusi

    Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen
     
  11. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26
    ongelmia:
    1) f-secure online scanner ei toimi.jumittaa kohtaan:
    Currently scanning: Preparing to scan...
    ei mene eteenpäin vaikka äskön odotin 1h.ennen tohon scannaus vaiheeseen menemistä windows pyysi lupaa asentaa joku ohjelma ja mä asensin sen.sen jälkeen ei tapahtunut mitään...
    2) kun scannasin ekaa kertaa koneen läpi avastilla se löysi 2 haittaohjelmaa ja yhden viruksen.yritin poistaa ne, mutta jostain syystä avsti ei näyttänyt poistaneen niitä.sen jälkeen kokeilin uudelleen perusteellista tarkistusta.avast löysi yhden haittaohjelman ja siirsin sen karanteeniin ja tällä kertaa poisto onnistui karanteenin kautta.yritin vielä kolmannen kerran perusteellista tarkistusta, mutta ei avast tietenkään sitä 1 virusta ja 1 haittaohjelmaa löytänyt.eli mitä mun täytys tehä/olla huolissaan vai tarttisko tehdä asialle mitään? ajoin malwarebytesin, mutta se ei löytänyt mitään? onko koneellani haittaohjelmia/viruksia???
     
  12. Hujo

    Hujo Guest

    scannaa hjt:n loki ja combofix loki
     
  13. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26
    vaikka en klikkaillut mitään, jostain ihme syystä combofix jumittautui kohtaan: valmistelee raporttia jne.
    sen jälkeen windows ilmoitti , että: windows keskeytti ohjelman toiminnan jne. mistä tämä nyt johtuu???menee pian hermot... no, kyllä ohjelma silti lokin tuotti:

    combofix loki:

    ComboFix 08-12-12.03 - Arto 2008-12-13 11:47:23.4 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.2038.1111 [GMT 2:00]
    Sijainti: d:\joni\sovellukset (asennuspaketit)\virustorjunta\ComboFix.exe
    * Uusi palautuspiste luotu
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-13 to 2008-12-13 )))))))))))))))))
    .

    2008-12-12 20:38 . 2008-12-12 20:38 <KANSIO> d-------- c:\program files\viDrop
    2008-12-11 17:07 . 2008-12-11 17:07 <KANSIO> d-------- c:\program files\VistaFirewallControl
    2008-12-11 16:27 . 2008-12-11 16:27 <KANSIO> d-------- c:\program files\Alwil Software
    2008-12-11 16:27 . 2008-11-26 19:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
    2008-12-10 19:10 . 2008-12-10 19:14 <KANSIO> d--h----- c:\users\joni\AppData
    2008-12-10 19:10 . 2008-12-10 19:14 <KANSIO> d-------- c:\users\joni
    2008-12-10 18:05 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
    2008-12-10 13:38 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe
    2008-12-10 13:38 . 2008-10-16 04:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
    2008-12-10 13:38 . 2008-10-16 06:47 827,392 --a------ c:\windows\System32\wininet.dll
    2008-12-10 13:37 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll
    2008-12-10 13:37 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
    2008-12-10 13:37 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe
    2008-12-10 13:35 . 2008-11-01 03:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
    2008-12-10 13:35 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll
    2008-12-10 13:35 . 2008-11-01 05:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
    2008-12-07 10:50 . 2008-12-07 10:50 <KANSIO> d-------- c:\users\Arto\AppData\Roaming\Malwarebytes
    2008-12-07 10:50 . 2008-12-07 10:50 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-07 10:50 . 2008-12-07 10:50 <KANSIO> d-------- c:\progra~2\Malwarebytes
    2008-12-07 10:50 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2008-12-07 10:50 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2008-11-30 14:06 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
    2008-11-30 14:06 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
    2008-11-30 14:06 . 2006-12-08 12:02 251,672 --a------ c:\windows\System32\xactengine2_5.dll
    2008-11-30 14:06 . 2006-09-28 16:05 237,848 --a------ c:\windows\System32\xactengine2_4.dll
    2008-11-30 14:06 . 2006-07-28 09:30 236,824 --a------ c:\windows\System32\xactengine2_3.dll
    2008-11-30 14:06 . 2006-07-28 09:30 62,744 --a------ c:\windows\System32\xinput1_2.dll
    2008-11-30 14:05 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
    2008-11-28 22:23 . 2008-11-28 22:22 410,976 --a------ c:\windows\System32\deploytk.dll
    2008-11-27 16:01 . 2008-10-21 07:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-27 16:01 . 2008-08-28 05:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-27 16:01 . 2008-08-28 05:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-27 16:01 . 2008-08-28 05:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-27 16:01 . 2008-10-22 05:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-20 17:57 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-20 17:57 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-20 17:57 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-20 17:57 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-20 17:56 . 2008-10-16 23:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-20 17:56 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-20 17:56 . 2008-10-16 22:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-20 17:56 . 2008-10-16 23:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-20 17:56 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-13 09:22 --------- d-----w c:\program files\FrostWire
    2008-12-13 08:59 --------- d-----w c:\users\Arto\AppData\Roaming\FrostWire
    2008-12-12 17:09 --------- d-----w c:\users\Arto\AppData\Roaming\OpenOffice.org2
    2008-12-12 16:47 --------- d-----w c:\progra~2\Google Updater
    2008-12-10 17:14 27,240 ----a-w c:\users\Arto\AppData\Roaming\nvModes.dat
    2008-12-10 17:12 --------- d-----w c:\progra~2\NVIDIA
    2008-12-10 16:27 --------- d-----w c:\program files\Windows Mail
    2008-12-08 17:43 --------- d-----w c:\users\Arto\AppData\Roaming\uTorrent
    2008-12-03 18:16 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-03 18:16 --------- d-----w c:\program files\Microsoft Games
    2008-11-29 12:44 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-28 20:21 --------- d-----w c:\program files\Java
    2008-11-28 18:08 --------- d-----w c:\users\Arto\AppData\Roaming\Winamp
    2008-11-11 15:06 --------- d-----w c:\users\Arto\AppData\Roaming\F-Secure
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-10-21 13:21 --------- d-----w c:\program files\Opera
    2008-10-21 13:01 --------- d-----w c:\program files\Microsoft Silverlight
    2008-09-30 14:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
    2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-05-22 17:36 174 --sha-w c:\program files\desktop.ini
    2008-04-11 03:58 47,360 ----a-w c:\users\Arto\AppData\Roaming\pcouffin.sys
    2008-03-27 18:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-27 18:04 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-27 18:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-12-12_21.52.11,93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-12 13:27:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-12-13 09:24:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-12-12 13:27:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-12-13 09:24:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-12-12 13:37:22 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-13 09:26:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-13 09:26:17 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-12-12 13:39:11 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-13 09:26:22 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-13 09:26:22 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-12-12 18:57:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-12-13 09:41:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-12-12 18:57:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-13 09:41:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-12-12 18:57:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-12-13 09:41:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-12-12 19:47:12 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-12-13 09:47:14 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-12-13 09:47:14 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-12-12 13:40:22 11,522 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1895522416-3635372803-3693341332-1002_UserData.bin
    + 2008-12-13 09:27:13 11,586 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1895522416-3635372803-3693341332-1002_UserData.bin
    - 2008-12-12 13:40:21 120,096 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-12-13 09:27:13 120,364 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-12-11 18:34:32 64,698 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-12-13 09:27:12 65,082 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-20 861744]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
    "MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
    "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "VistaFirewallControl"="c:\program files\VistaFirewallControl\VistaFirewallControl.exe" [2008-09-15 720896]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{6ABFA45D-6C4E-44EA-901C-333D45C29B0D}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
    "{2809C673-FCBA-4808-9C17-1933F8B62197}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7DB1404E-90CD-41DB-B19F-8032D23F8E8E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{24658239-EA55-4534-9801-481D6F0894A5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{6B7C7253-78E9-4D39-8A87-F257A4C9B437}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
    "{CAA0461C-61E0-4F31-9E7A-7667FEE7331E}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
    "{20197F5C-CCEC-4CBF-87E5-EC88D19A8046}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{B752E303-B4CF-4E6E-A9EA-55FF1B72AD6E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{DDF2E11D-2536-4D73-8D06-28CB0D594D24}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-11 111184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-11 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-11 51792]
    R2 VistaFirewallService;VistaFirewallService;"c:\program files\VistaFirewallControl\VistaFirewallService.exe" [2008-12-11 290816]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141184e5-086c-11dd-8907-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141184f4-086c-11dd-8907-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3419bdbc-f9be-11dc-9375-806e6f6e6963}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3419bec7-f9be-11dc-9375-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb599-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb5ac-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb5ae-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb5c3-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ff5b812-086b-11dd-867a-806e6f6e6963}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702ec56a-b4c0-11dd-9e4a-8e653d9b5570}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702ec56b-b4c0-11dd-9e4a-8e653d9b5570}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6c9f4c7-07d3-11dd-a3ca-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6c9f4da-07d3-11dd-a3ca-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d496069c-086e-11dd-87d2-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49606bd-086e-11dd-87d2-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e43bb346-faf5-11dc-9b15-001b24a31418}]
    \shell\AutoRun\command - G:\Install.exe

    *Newly Created Service* - CATCHME
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2008-12-12 c:\windows\Tasks\GoogleUpdateTaskUser.job
    - c:\users\Arto\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-14 20:53]

    2008-06-20 c:\windows\Tasks\HDReg.job
    - c:\program files\HDReg\HDRegRem.exe [2003-07-15 09:14]

    2008-12-13 c:\windows\Tasks\Laajennettu takuu.job
    - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 18:38]

    2008-12-12 c:\windows\Tasks\User_Feed_Synchronization-{33DDDB10-B896-4D76-AB20-C013B89A83C8}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 09:33]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-13 11:48:57
    Windows 6.0.6001 Service Pack 1 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    Valmistumisajankohta: 2008-12-13 11:54:09
    ComboFix-quarantined-files.txt 2008-12-13 09:54:06

    Ennen ajoa: 109 161 029 632 tavua vapaana
    Ajon jälkeen: 108,810,399,744 tavua vapaana

    228 --- E O F --- 2008-12-12 05:54:13

    hjt loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:01:57, on 13.12.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16694CC7-A2C4-42BF-94B9-8469A40268D1}: NameServer = 217.78.192.22 217.78.192.78
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16694CC7-A2C4-42BF-94B9-8469A40268D1}: NameServer = 217.78.192.22 217.78.192.78
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe

    --
    End of file - 7214 bytes


    kiitos kumminkin tähän astisesta auttamisesta paljon! :)
     
  14. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26
    vaikka en klikkailut mitään, jostain syystä combo fix jumitti kohtaan: valmistelee raporttia jne. sen jälkeen windows ilmoitti, että: combofix lakkasi toimimasta jne. mistä tämä nyt sitten taas johtuu??? pian menee hermot... onneksi combofix tuotti sentään lokin:

    combofix loki:

    ComboFix 08-12-12.03 - Arto 2008-12-13 11:47:23.4 - NTFSx86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6001.1.1252.1.1035.18.2038.1111 [GMT 2:00]
    Sijainti: d:\joni\sovellukset (asennuspaketit)\virustorjunta\ComboFix.exe
    * Uusi palautuspiste luotu
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-13 to 2008-12-13 )))))))))))))))))
    .

    2008-12-12 20:38 . 2008-12-12 20:38 <KANSIO> d-------- c:\program files\viDrop
    2008-12-11 17:07 . 2008-12-11 17:07 <KANSIO> d-------- c:\program files\VistaFirewallControl
    2008-12-11 16:27 . 2008-12-11 16:27 <KANSIO> d-------- c:\program files\Alwil Software
    2008-12-11 16:27 . 2008-11-26 19:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
    2008-12-10 19:10 . 2008-12-10 19:14 <KANSIO> d--h----- c:\users\joni\AppData
    2008-12-10 19:10 . 2008-12-10 19:14 <KANSIO> d-------- c:\users\joni
    2008-12-10 18:05 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
    2008-12-10 13:38 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe
    2008-12-10 13:38 . 2008-10-16 04:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
    2008-12-10 13:38 . 2008-10-16 06:47 827,392 --a------ c:\windows\System32\wininet.dll
    2008-12-10 13:37 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll
    2008-12-10 13:37 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
    2008-12-10 13:37 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe
    2008-12-10 13:35 . 2008-11-01 03:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
    2008-12-10 13:35 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll
    2008-12-10 13:35 . 2008-11-01 05:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
    2008-12-07 10:50 . 2008-12-07 10:50 <KANSIO> d-------- c:\users\Arto\AppData\Roaming\Malwarebytes
    2008-12-07 10:50 . 2008-12-07 10:50 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-07 10:50 . 2008-12-07 10:50 <KANSIO> d-------- c:\progra~2\Malwarebytes
    2008-12-07 10:50 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2008-12-07 10:50 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2008-11-30 14:06 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
    2008-11-30 14:06 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
    2008-11-30 14:06 . 2006-12-08 12:02 251,672 --a------ c:\windows\System32\xactengine2_5.dll
    2008-11-30 14:06 . 2006-09-28 16:05 237,848 --a------ c:\windows\System32\xactengine2_4.dll
    2008-11-30 14:06 . 2006-07-28 09:30 236,824 --a------ c:\windows\System32\xactengine2_3.dll
    2008-11-30 14:06 . 2006-07-28 09:30 62,744 --a------ c:\windows\System32\xinput1_2.dll
    2008-11-30 14:05 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
    2008-11-28 22:23 . 2008-11-28 22:22 410,976 --a------ c:\windows\System32\deploytk.dll
    2008-11-27 16:01 . 2008-10-21 07:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-27 16:01 . 2008-08-28 05:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-27 16:01 . 2008-08-28 05:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-27 16:01 . 2008-08-28 05:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-27 16:01 . 2008-10-22 05:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-20 17:57 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-20 17:57 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-20 17:57 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-20 17:57 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-20 17:56 . 2008-10-16 23:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-20 17:56 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-20 17:56 . 2008-10-16 22:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-20 17:56 . 2008-10-16 23:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-20 17:56 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-13 09:22 --------- d-----w c:\program files\FrostWire
    2008-12-13 08:59 --------- d-----w c:\users\Arto\AppData\Roaming\FrostWire
    2008-12-12 17:09 --------- d-----w c:\users\Arto\AppData\Roaming\OpenOffice.org2
    2008-12-12 16:47 --------- d-----w c:\progra~2\Google Updater
    2008-12-10 17:14 27,240 ----a-w c:\users\Arto\AppData\Roaming\nvModes.dat
    2008-12-10 17:12 --------- d-----w c:\progra~2\NVIDIA
    2008-12-10 16:27 --------- d-----w c:\program files\Windows Mail
    2008-12-08 17:43 --------- d-----w c:\users\Arto\AppData\Roaming\uTorrent
    2008-12-03 18:16 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-03 18:16 --------- d-----w c:\program files\Microsoft Games
    2008-11-29 12:44 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-28 20:21 --------- d-----w c:\program files\Java
    2008-11-28 18:08 --------- d-----w c:\users\Arto\AppData\Roaming\Winamp
    2008-11-11 15:06 --------- d-----w c:\users\Arto\AppData\Roaming\F-Secure
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-10-21 13:21 --------- d-----w c:\program files\Opera
    2008-10-21 13:01 --------- d-----w c:\program files\Microsoft Silverlight
    2008-09-30 14:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
    2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-05-22 17:36 174 --sha-w c:\program files\desktop.ini
    2008-04-11 03:58 47,360 ----a-w c:\users\Arto\AppData\Roaming\pcouffin.sys
    2008-03-27 18:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-27 18:04 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-27 18:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-12-12_21.52.11,93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-12 13:27:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-12-13 09:24:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-12-12 13:27:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-12-13 09:24:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-12-12 13:37:22 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-13 09:26:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-13 09:26:17 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-12-12 13:39:11 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-13 09:26:22 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-13 09:26:22 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-12-12 18:57:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-12-13 09:41:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-12-12 18:57:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-13 09:41:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-12-12 18:57:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-12-13 09:41:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-12-12 19:47:12 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-12-13 09:47:14 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-12-13 09:47:14 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-12-12 13:40:22 11,522 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1895522416-3635372803-3693341332-1002_UserData.bin
    + 2008-12-13 09:27:13 11,586 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1895522416-3635372803-3693341332-1002_UserData.bin
    - 2008-12-12 13:40:21 120,096 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-12-13 09:27:13 120,364 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-12-11 18:34:32 64,698 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-12-13 09:27:12 65,082 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-20 861744]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
    "MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
    "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "VistaFirewallControl"="c:\program files\VistaFirewallControl\VistaFirewallControl.exe" [2008-09-15 720896]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{6ABFA45D-6C4E-44EA-901C-333D45C29B0D}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
    "{2809C673-FCBA-4808-9C17-1933F8B62197}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7DB1404E-90CD-41DB-B19F-8032D23F8E8E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{24658239-EA55-4534-9801-481D6F0894A5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{6B7C7253-78E9-4D39-8A87-F257A4C9B437}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
    "{CAA0461C-61E0-4F31-9E7A-7667FEE7331E}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
    "{20197F5C-CCEC-4CBF-87E5-EC88D19A8046}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{B752E303-B4CF-4E6E-A9EA-55FF1B72AD6E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{DDF2E11D-2536-4D73-8D06-28CB0D594D24}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-11 111184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-11 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-11 51792]
    R2 VistaFirewallService;VistaFirewallService;"c:\program files\VistaFirewallControl\VistaFirewallService.exe" [2008-12-11 290816]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141184e5-086c-11dd-8907-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141184f4-086c-11dd-8907-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3419bdbc-f9be-11dc-9375-806e6f6e6963}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3419bec7-f9be-11dc-9375-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb599-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb5ac-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb5ae-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb5c3-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ff5b812-086b-11dd-867a-806e6f6e6963}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702ec56a-b4c0-11dd-9e4a-8e653d9b5570}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702ec56b-b4c0-11dd-9e4a-8e653d9b5570}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6c9f4c7-07d3-11dd-a3ca-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6c9f4da-07d3-11dd-a3ca-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d496069c-086e-11dd-87d2-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49606bd-086e-11dd-87d2-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e43bb346-faf5-11dc-9b15-001b24a31418}]
    \shell\AutoRun\command - G:\Install.exe

    *Newly Created Service* - CATCHME
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2008-12-12 c:\windows\Tasks\GoogleUpdateTaskUser.job
    - c:\users\Arto\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-14 20:53]

    2008-06-20 c:\windows\Tasks\HDReg.job
    - c:\program files\HDReg\HDRegRem.exe [2003-07-15 09:14]

    2008-12-13 c:\windows\Tasks\Laajennettu takuu.job
    - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 18:38]

    2008-12-12 c:\windows\Tasks\User_Feed_Synchronization-{33DDDB10-B896-4D76-AB20-C013B89A83C8}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 09:33]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-13 11:48:57
    Windows 6.0.6001 Service Pack 1 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    Valmistumisajankohta: 2008-12-13 11:54:09
    ComboFix-quarantined-files.txt 2008-12-13 09:54:06

    Ennen ajoa: 109 161 029 632 tavua vapaana
    Ajon jälkeen: 108,810,399,744 tavua vapaana

    228 --- E O F --- 2008-12-12 05:54:13

    hjt loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:01:57, on 13.12.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16694CC7-A2C4-42BF-94B9-8469A40268D1}: NameServer = 217.78.192.22 217.78.192.78
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16694CC7-A2C4-42BF-94B9-8469A40268D1}: NameServer = 217.78.192.22 217.78.192.78
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe

    --
    End of file - 7214 bytes

    kiitos kumminkin paljon tämän astisesta auttamisesta! :)
     
  15. Hujo

    Hujo Guest

    Avaa Muistio ja kopioi/liitä Lainauksen sisältö sinne:

    Tallenna se nimellä CFScript.txt

    Sitten raahaa CFScript ComboFix.exeen kuten alla.
    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

    =================

    aja vielä Norton-poistotyökalu
     
  16. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26

    ei toimi.windows ilmoittaa silti jokatapauskessa, että: combofix lakkasi toimimasta jne.lähetänkö silti combofix luoman lokin tänne?
     
  17. Hujo

    Hujo Guest

    laita combofix loki ja uusi hjt:n loki
     
    Moderaattorin viimeksi muokkaama: 13.12.2008
  18. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26
    combofix loki:

    ComboFix 08-12-12.03 - Arto 2008-12-13 20:43:23.5 - NTFSx86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6001.1.1252.1.1035.18.2038.1185 [GMT 2:00]
    Sijainti: d:\joni\sovellukset (asennuspaketit)\virustorjunta\ComboFix.exe
    Käytetyt komentorivivalitsimet :: d:\joni\sovellukset (asennuspaketit)\virustorjunta\CFScript.txt
    * Uusi palautuspiste luotu
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-13 to 2008-12-13 )))))))))))))))))
    .

    2008-12-13 19:53 . 2008-12-13 19:53 <KANSIO> d-------- c:\program files\HandBrake
    2008-12-12 20:38 . 2008-12-12 20:38 <KANSIO> d-------- c:\program files\viDrop
    2008-12-11 17:07 . 2008-12-11 17:07 <KANSIO> d-------- c:\program files\VistaFirewallControl
    2008-12-11 16:27 . 2008-12-11 16:27 <KANSIO> d-------- c:\program files\Alwil Software
    2008-12-11 16:27 . 2008-11-26 19:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
    2008-12-10 19:10 . 2008-12-10 19:14 <KANSIO> d--h----- c:\users\joni\AppData
    2008-12-10 19:10 . 2008-12-10 19:14 <KANSIO> d-------- c:\users\joni
    2008-12-10 18:05 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
    2008-12-10 13:38 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe
    2008-12-10 13:38 . 2008-10-16 04:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
    2008-12-10 13:38 . 2008-10-16 06:47 827,392 --a------ c:\windows\System32\wininet.dll
    2008-12-10 13:37 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll
    2008-12-10 13:37 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
    2008-12-10 13:37 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe
    2008-12-10 13:35 . 2008-11-01 03:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
    2008-12-10 13:35 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll
    2008-12-10 13:35 . 2008-11-01 05:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
    2008-12-07 10:50 . 2008-12-07 10:50 <KANSIO> d-------- c:\users\Arto\AppData\Roaming\Malwarebytes
    2008-12-07 10:50 . 2008-12-07 10:50 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-07 10:50 . 2008-12-07 10:50 <KANSIO> d-------- c:\progra~2\Malwarebytes
    2008-12-07 10:50 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2008-12-07 10:50 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2008-11-30 14:06 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
    2008-11-30 14:06 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
    2008-11-30 14:06 . 2006-12-08 12:02 251,672 --a------ c:\windows\System32\xactengine2_5.dll
    2008-11-30 14:06 . 2006-09-28 16:05 237,848 --a------ c:\windows\System32\xactengine2_4.dll
    2008-11-30 14:06 . 2006-07-28 09:30 236,824 --a------ c:\windows\System32\xactengine2_3.dll
    2008-11-30 14:06 . 2006-07-28 09:30 62,744 --a------ c:\windows\System32\xinput1_2.dll
    2008-11-30 14:05 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
    2008-11-28 22:23 . 2008-11-28 22:22 410,976 --a------ c:\windows\System32\deploytk.dll
    2008-11-27 16:01 . 2008-10-21 07:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-27 16:01 . 2008-08-28 05:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-27 16:01 . 2008-08-28 05:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-27 16:01 . 2008-08-28 05:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-27 16:01 . 2008-10-22 05:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-20 17:57 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-20 17:57 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-20 17:57 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-20 17:57 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-20 17:56 . 2008-10-16 23:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-20 17:56 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-20 17:56 . 2008-10-16 22:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-20 17:56 . 2008-10-16 23:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-20 17:56 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-13 18:41 --------- d-----w c:\users\Arto\AppData\Roaming\FrostWire
    2008-12-13 18:18 --------- d-----w c:\users\Arto\AppData\Roaming\OpenOffice.org2
    2008-12-13 17:52 --------- d-----w c:\progra~2\Google Updater
    2008-12-13 09:22 --------- d-----w c:\program files\FrostWire
    2008-12-10 17:14 27,240 ----a-w c:\users\Arto\AppData\Roaming\nvModes.dat
    2008-12-10 17:12 --------- d-----w c:\progra~2\NVIDIA
    2008-12-10 16:27 --------- d-----w c:\program files\Windows Mail
    2008-12-08 17:43 --------- d-----w c:\users\Arto\AppData\Roaming\uTorrent
    2008-12-03 18:16 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-03 18:16 --------- d-----w c:\program files\Microsoft Games
    2008-11-29 12:44 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-28 20:21 --------- d-----w c:\program files\Java
    2008-11-28 18:08 --------- d-----w c:\users\Arto\AppData\Roaming\Winamp
    2008-11-11 15:06 --------- d-----w c:\users\Arto\AppData\Roaming\F-Secure
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-10-21 13:21 --------- d-----w c:\program files\Opera
    2008-10-21 13:01 --------- d-----w c:\program files\Microsoft Silverlight
    2008-09-30 14:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
    2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-05-22 17:36 174 --sha-w c:\program files\desktop.ini
    2008-04-11 03:58 47,360 ----a-w c:\users\Arto\AppData\Roaming\pcouffin.sys
    2008-03-27 18:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-27 18:04 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-27 18:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-12-12_21.52.11,93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-12 13:27:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-12-13 10:23:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-12-12 13:27:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-12-13 10:23:39 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-12-12 13:37:22 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-13 10:24:28 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-12-13 10:24:28 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-12-12 13:39:11 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-13 10:24:33 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-12-13 10:24:33 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-12-12 18:57:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-12-13 18:31:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-12-12 18:57:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-13 18:31:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-12-12 18:57:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-12-13 18:31:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-12-12 19:47:12 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-12-13 18:43:12 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-12-13 18:43:12 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-12-12 13:40:22 11,522 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1895522416-3635372803-3693341332-1002_UserData.bin
    + 2008-12-13 10:25:51 11,634 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1895522416-3635372803-3693341332-1002_UserData.bin
    - 2008-12-12 13:40:21 120,096 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-12-13 10:25:51 120,536 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-12-11 18:34:32 64,698 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-12-13 10:25:49 65,450 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-12-08 15:01:55 374,946 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-12-13 14:39:19 384,400 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-20 861744]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
    "MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
    "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "VistaFirewallControl"="c:\program files\VistaFirewallControl\VistaFirewallControl.exe" [2008-09-15 720896]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{6ABFA45D-6C4E-44EA-901C-333D45C29B0D}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
    "{2809C673-FCBA-4808-9C17-1933F8B62197}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7DB1404E-90CD-41DB-B19F-8032D23F8E8E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{24658239-EA55-4534-9801-481D6F0894A5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{6B7C7253-78E9-4D39-8A87-F257A4C9B437}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
    "{CAA0461C-61E0-4F31-9E7A-7667FEE7331E}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
    "{20197F5C-CCEC-4CBF-87E5-EC88D19A8046}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{B752E303-B4CF-4E6E-A9EA-55FF1B72AD6E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{DDF2E11D-2536-4D73-8D06-28CB0D594D24}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-11 111184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-11 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-11 51792]
    R2 VistaFirewallService;VistaFirewallService;"c:\program files\VistaFirewallControl\VistaFirewallService.exe" [2008-12-11 290816]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141184e5-086c-11dd-8907-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141184f4-086c-11dd-8907-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3419bdbc-f9be-11dc-9375-806e6f6e6963}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3419bec7-f9be-11dc-9375-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb599-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb5ac-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb5ae-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bcb5c3-e859-11dc-83db-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ff5b812-086b-11dd-867a-806e6f6e6963}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702ec56a-b4c0-11dd-9e4a-8e653d9b5570}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702ec56b-b4c0-11dd-9e4a-8e653d9b5570}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6c9f4c7-07d3-11dd-a3ca-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6c9f4da-07d3-11dd-a3ca-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d496069c-086e-11dd-87d2-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49606bd-086e-11dd-87d2-001b24a31418}]
    \shell\AutoRun\command - F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e43bb346-faf5-11dc-9b15-001b24a31418}]
    \shell\AutoRun\command - G:\Install.exe
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2008-12-12 c:\windows\Tasks\GoogleUpdateTaskUser.job
    - c:\users\Arto\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-14 20:53]

    2008-06-20 c:\windows\Tasks\HDReg.job
    - c:\program files\HDReg\HDRegRem.exe [2003-07-15 09:14]

    2008-12-13 c:\windows\Tasks\Laajennettu takuu.job
    - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 18:38]

    2008-12-13 c:\windows\Tasks\User_Feed_Synchronization-{33DDDB10-B896-4D76-AB20-C013B89A83C8}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 09:33]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-13 20:45:20
    Windows 6.0.6001 Service Pack 1 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    Valmistumisajankohta: 2008-12-13 20:51:37
    ComboFix-quarantined-files.txt 2008-12-13 18:51:33

    Ennen ajoa: 108 822 650 880 tavua vapaana
    Ajon jälkeen: 109,353,238,528 tavua vapaana

    227 --- E O F --- 2008-12-12 05:54:13

    hjt loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:44:33, on 13.12.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Mobile Partner\Mobile Partner.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16694CC7-A2C4-42BF-94B9-8469A40268D1}: NameServer = 217.78.192.22 217.78.192.78
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16694CC7-A2C4-42BF-94B9-8469A40268D1}: NameServer = 217.78.192.22 217.78.192.78
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe

    --
    End of file - 7233 bytes
     
  19. Hujo

    Hujo Guest

    Kirjoita suorita lukkuun

    Combofix /u

    paina enter tai ok

    ================

    Malwarebytes' Anti-Malwaren päivitä ja aja uusi täysi scannaus

    ===============

    Luo poistolista:
    • Avaa HiJackThis
    • Klikkaa "Configure" valintaa oikealla alhaalla
    • Klikkaa "Misc Tools"
    • Klikkaa boxia joka sanoo "Uninstall Manager"
    • Klikkaa valintaa "Save list"
    • Kopioi ja liitä kyseinen lista muistiosta ketjuusi
     
  20. joniz123

    joniz123 Regular member

    Liittynyt:
    03.10.2006
    Viestejä:
    435
    Kiitokset:
    0
    Pisteet:
    26

    tässä se hjt unistal list:

    7-Zip 4.57
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 8
    Adobe Reader 8.1.3 - Suomi
    Adobe Shockwave Player
    Adobe Shockwave Player 11
    avast! Antivirus
    Brother HL-2030
    Browser Address Error Redirector
    CCleaner (remove only)
    CDDRV_Installer
    Conexant HD Audio
    Creator 9
    DivXLand Media Subtitler
    DivxToDVD 1.99.23
    FastStone Capture 6.1
    Firefox
    Flash Player 9 Internet Explorer
    FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623
    FrostWire 4.17.2
    Google BAE
    Google Desktop
    Google Desktop
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Updater
    GoogleToolbar
    HandBrake 0.9.3
    HDRegFI
    HijackThis 2.0.2
    Infocentre Rev. 2.0
    Intel(R) Matrix Storage Manager
    Java(TM) 6 Update 10
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    KhalInstallWrapper
    K-Lite Codec Pack 3.9.0 Full
    LIVE gaming on Windows Runtime Version 1.0.6027
    Logitech SetPoint
    Magic Sports
    MagicSports 3.5
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB929729)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Mobile Partner
    Mozilla Firefox (2.0.0.17)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    Norton 360 2007
    NVIDIA Drivers
    OpenOffice.org 2.3
    Opera 9.61
    Packard Bell ImageWriter
    Packard Bell LCD Test
    Packard Bell Updator
    PBREG
    Picasa 2
    Picasa2
    Recuva (remove only)
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    ROUTE 66 Sync
    Roxio Creator 9 LE
    SetUp My PC
    Skype 3.2.2.163
    Spelling Dictionaries Support For Adobe Reader 8
    Symantec Technical Support Advanced Chat Controls
    Synaptics Pointing Device Driver
    VideoLAN VLC media player 0.8.6c
    viDrop
    Winamp
    Windows Live installer
    Windows Live Messenger
    Windows Liven kirjautumisavustaja
    Windows Media Player Firefox Plugin
    VistaFirewallControl 2.1.2.347
    YouTube Downloader 3000 ver. 1.0.2.0


    malwarebyte ei löytänyt yhtään tartuntaa.en ole ajanut tuota norttonin poistotyökalua, kun huomautin, että combofix ei toimi... pitäisikö minun vielä ajaa norttonin poistotyökalu koneellani???
     
  21. Hujo

    Hujo Guest

    poista lisää poista sovelutuksesta

    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Norton 360 2007

    =============

    Juu aja vain se poistotyökalu
     

Jaa tämä sivu