Apua, javapelit tökkii, mozilla jymähtää...

Lutti · 10.03.2008

Huomenta =)
Tässä olisi tämä raportti:

SDFix: Version 1.155

Run by paula kym„l„inen on ma 10.03.2008 at 09:13

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\PAULAK~1\TYPYT~1\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 09:19:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xf9\x2022\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 416

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\PAULAK~1\TYPYT~1\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 13 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT14.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6669d04be19822840dc12f3a3a5047fc\BIT1.tmp"

Finished!

Ja sitte loki :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:06, on 10.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Imgtask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Norman\NPF\npfmsg.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\npfmsg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{540D6165-4345-44C5-ABFA-C7129368DBBA}: NameServer = 212.50.131.153 213.139.190.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{95CCA049-E423-400F-A309-3E93B64278A1}: NameServer = 194.157.175.2,194.157.175.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{540D6165-4345-44C5-ABFA-C7129368DBBA}: NameServer = 212.50.131.153 213.139.190.3
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8536 bytes

no, niin, entäs nyt ?
=)

AfterDawn

Hujo · 10.03.2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Lutti · 10.03.2008

Tässä loki ole hyvä :

ComboFix 08-03-10.1 - paula kymäläinen 2008-03-10 18:29:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.455 [GMT 2:00]
Running from: C:\Documents and Settings\paula kymäläinen\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-10 to 2008-03-10 )))))))))))))))))
.

2008-03-10 09:09 . 2008-03-10 09:10 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-03-09 14:59 . 2008-03-09 14:59 0 --a------ C:\23990098.$$$
2008-03-09 12:58 . 2008-03-09 13:30 <KANSIO> d-------- C:\Kaspersky
2008-03-09 00:05 . 2008-03-09 00:05 <KANSIO> d-------- C:\Documents and Settings\paula kymäläinen\Application Data\Grisoft
2008-03-09 00:05 . 2008-03-09 00:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 00:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Verkkoympäristö
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Verkkoympäristö
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Työpöytä
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Työpöytä
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Tulostinympäristö
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Tulostinympäristö
2008-03-08 19:27 . 2006-06-09 02:14 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Suosikit
2008-03-08 19:27 . 2006-06-09 02:14 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Suosikit
2008-03-08 19:27 . 2006-06-09 02:14 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Omat tiedostot
2008-03-08 19:27 . 2006-06-09 02:14 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Omat tiedostot
2008-03-08 19:27 . 2006-06-09 02:09 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Mallit
2008-03-08 19:27 . 2006-06-09 02:09 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Mallit
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Käynnistä-valikko
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Käynnistä-valikko
2008-03-08 19:27 . 2006-10-14 08:11 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Application Data\ATI
2008-03-08 17:53 . 2008-03-08 17:53 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-03-08 17:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-07 16:24 . 2008-03-07 16:24 268 --ah----- C:\sqmdata11.sqm
2008-03-07 16:24 . 2008-03-07 16:24 244 --ah----- C:\sqmnoopt11.sqm
2008-02-22 08:39 . 2008-02-22 08:39 244 --ah----- C:\sqmnoopt10.sqm
2008-02-22 08:39 . 2008-02-22 08:39 232 --ah----- C:\sqmdata10.sqm

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 16:25 5 ----a-w C:\NPF_USER.DAT
2008-03-09 19:56 5,064 ----a-w C:\Documents and Settings\paula kymäläinen\Application Data\wklnhst.dat
2008-03-09 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NPF
2008-03-08 15:27 --------- d-----w C:\Program Files\Java
2008-03-07 14:23 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-02-11 12:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-01-27 14:04 --------- d-----w C:\Program Files\Windows Live
2008-01-27 14:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-27 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-27 13:40 --------- d-----w C:\Program Files\MSN Messenger
2008-01-10 15:20 --------- d-----w C:\Program Files\Absolutist.com
2008-01-10 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Absolutist
2008-01-09 10:45 357 -c-ha-w C:\Documents and Settings\paula kymäläinen\hpothb07.dat
2008-01-09 10:45 357 -c-ha-w C:\Documents and Settings\paula kymäläinen\hpothb07.dat
2007-03-18 16:24 556 -c--a-w C:\Documents and Settings\NETTI SURFAAJAT\Application Data\wklnhst.dat
2007-02-19 06:31 189 -c-ha-w C:\Documents and Settings\paula kymäläinen\Application Data\hpothb07.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio -ominaisuussivun pikakuvake"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23 90112]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"tvjbmonitor"="C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-11-02 16:58 53248]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 15:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
"ImgTask"="C:\WINDOWS\Imgtask.exe" [2006-12-13 05:26 20480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
NPF Messenger.lnk - C:\Program Files\Norman\NPF\npfmsg.exe [2006-09-15 12:45:50 290865]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 09:18]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 21:01]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 05:50]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 dtvBDADEV;Digital TV stick USB 2.0 BDA;C:\WINDOWS\system32\Drivers\dtvbdadrv.sys [2005-07-21 19:50]
S3 dtvLOAD;Digital TV stick Firmware Loader;C:\WINDOWS\system32\DRIVERS\dtvloadp.sys [2005-07-21 19:20]
S3 kwwalpgr;kwwalpgr;C:\DOCUME~1\PAULAK~1\LOCALS~1\Temp\kwwalpgr.sys []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-10 16:26:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:30:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-10 18:31:22
ComboFix-quarantined-files.txt 2008-03-10 16:31:13
.
2008-02-14 09:11:18 --- E O F ---

Entäs nyt sitten?

=)

Hujo · 10.03.2008

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

Lutti · 10.03.2008

tässä hijack-loki:
ComboFix 08-03-10.1 - paula kymäläinen 2008-03-10 19:30:19.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.431 [GMT 2:00]
Running from: C:\Documents and Settings\paula kymäläinen\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-10 to 2008-03-10 )))))))))))))))))
.

2008-03-10 19:27 . 2008-03-10 19:29 212 --a------ C:\delete.bat
2008-03-10 09:09 . 2008-03-10 09:10 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-03-09 14:59 . 2008-03-09 14:59 0 --a------ C:\23990098.$$$
2008-03-09 12:58 . 2008-03-09 13:30 <KANSIO> d-------- C:\Kaspersky
2008-03-09 00:05 . 2008-03-09 00:05 <KANSIO> d-------- C:\Documents and Settings\paula kymäläinen\Application Data\Grisoft
2008-03-09 00:05 . 2008-03-09 00:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 00:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Verkkoympäristö
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Verkkoympäristö
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Työpöytä
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Työpöytä
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Tulostinympäristö
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Tulostinympäristö
2008-03-08 19:27 . 2006-06-09 02:14 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Suosikit
2008-03-08 19:27 . 2006-06-09 02:14 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Suosikit
2008-03-08 19:27 . 2006-06-09 02:14 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Omat tiedostot
2008-03-08 19:27 . 2006-06-09 02:14 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Omat tiedostot
2008-03-08 19:27 . 2006-06-09 02:09 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Mallit
2008-03-08 19:27 . 2006-06-09 02:09 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Mallit
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Käynnistä-valikko
2008-03-08 19:27 . 2006-06-09 05:05 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Käynnistä-valikko
2008-03-08 19:27 . 2006-10-14 08:11 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.PAULA\Application Data\ATI
2008-03-08 17:53 . 2008-03-08 17:53 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-03-08 17:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-07 16:24 . 2008-03-07 16:24 268 --ah----- C:\sqmdata11.sqm
2008-03-07 16:24 . 2008-03-07 16:24 244 --ah----- C:\sqmnoopt11.sqm
2008-02-22 08:39 . 2008-02-22 08:39 244 --ah----- C:\sqmnoopt10.sqm
2008-02-22 08:39 . 2008-02-22 08:39 232 --ah----- C:\sqmdata10.sqm

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 16:25 5 ----a-w C:\NPF_USER.DAT
2008-03-09 19:56 5,064 ----a-w C:\Documents and Settings\paula kymäläinen\Application Data\wklnhst.dat
2008-03-09 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NPF
2008-03-08 15:27 --------- d-----w C:\Program Files\Java
2008-03-07 14:23 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-02-11 12:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-01-27 14:04 --------- d-----w C:\Program Files\Windows Live
2008-01-27 14:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-27 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-27 13:40 --------- d-----w C:\Program Files\MSN Messenger
2008-01-10 15:20 --------- d-----w C:\Program Files\Absolutist.com
2008-01-10 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Absolutist
2008-01-09 10:45 357 -c-ha-w C:\Documents and Settings\paula kymäläinen\hpothb07.dat
2008-01-09 10:45 357 -c-ha-w C:\Documents and Settings\paula kymäläinen\hpothb07.dat
2007-03-18 16:24 556 -c--a-w C:\Documents and Settings\NETTI SURFAAJAT\Application Data\wklnhst.dat
2007-02-19 06:31 189 -c-ha-w C:\Documents and Settings\paula kymäläinen\Application Data\hpothb07.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio -ominaisuussivun pikakuvake"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23 90112]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"tvjbmonitor"="C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-11-02 16:58 53248]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 15:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
"ImgTask"="C:\WINDOWS\Imgtask.exe" [2006-12-13 05:26 20480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
NPF Messenger.lnk - C:\Program Files\Norman\NPF\npfmsg.exe [2006-09-15 12:45:50 290865]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 09:18]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 21:01]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 05:50]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 dtvBDADEV;Digital TV stick USB 2.0 BDA;C:\WINDOWS\system32\Drivers\dtvbdadrv.sys [2005-07-21 19:50]
S3 dtvLOAD;Digital TV stick Firmware Loader;C:\WINDOWS\system32\DRIVERS\dtvloadp.sys [2005-07-21 19:20]
S3 kwwalpgr;kwwalpgr;C:\DOCUME~1\PAULAK~1\LOCALS~1\Temp\kwwalpgr.sys []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-10 17:26:01 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 19:31:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-10 19:32:32
ComboFix-quarantined-files.txt 2008-03-10 17:32:23
ComboFix2.txt 2008-03-10 16:31:23
.
2008-02-14 09:11:18 --- E O F ---

NOLOP ei antanut mitään raporttia, vaikka uudelleen tuplalikkasinkin

Entäs nyt =)

Lutti · 10.03.2008

No, niin nytpä en sitten pääse ollenkaan aapelin peleihin, jumahtaa siihen Javaa lataukseen

=)

Kirjaudu tai liity jäseneksi

Apua, javapelit tökkii, mozilla jymähtää...

Lutti Member

Hujo Guest

Lutti Member

Hujo Guest

Lutti Member

Lutti Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Apua, javapelit tökkii, mozilla jymähtää...

Lutti Member

Hujo Guest

Lutti Member

Hujo Guest

Lutti Member

Lutti Member

Jaa tämä sivu

Hyödyllisiä hakuja