1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

kone ihan jumisssa

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi j.pv 12.01.2008.

  1. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Taisi mennä käsihommiksi HI
    Lataa Deckard's System Scanner Työpöydällesi.

    Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

    Sulje kaikki avoimet ikkunat ja ohjelmat. (ei virustorj
    [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
    [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
    [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
    [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

    kopioi ja liitä Extra.txt & Main.txt sisältö
     
  2.  
  3. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    ok

    main

    Deckard's System Scanner v20071014.68
    Run by Jani Vartia on 2008-01-17 17:28:07
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    24: 2008-01-17 15:28:12 UTC - RP24 - Deckard's System Scanner Restore Point
    23: 2008-01-17 11:11:09 UTC - RP23 - ComboFix created restore point
    22: 2008-01-17 09:02:29 UTC - RP22 - ComboFix created restore point
    21: 2008-01-17 06:52:23 UTC - RP21 - ComboFix created restore point
    20: 2008-01-17 05:24:03 UTC - RP20 - Software Distribution Service 3.0


    -- First Restore Point --
    1: 2008-01-16 10:47:35 UTC - RP1 - Järjestelmän tarkistuspiste


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Jani Vartia.exe) -----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:28, on 2008-01-17
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
    C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
    C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Jani Vartia\Työpöytä\dss.exe
    C:\PROGRA~1\TRENDM~1\HOOJII~1\Jani Vartia.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157102305475
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 5267 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HOOJII~1\backups\) -----------

    backup-20080103-193344-577 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    backup-20080112-131254-820 O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
    backup-20080112-131255-194 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    backup-20080112-131255-974 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    backup-20080112-131256-748 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
    R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>

    S3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >
    S3 catchme - c:\docume~1\janiva~1\locals~1\temp\catchme.sys (file missing)
    S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
    S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
    S4 si3112r - c:\windows\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc; Medley>
    S4 viasraid - c:\windows\system32\drivers\viasraid.sys <Not Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
    S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-01-17 02:05:38 550 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job


    -- Files created between 2007-12-17 and 2008-01-17 -----------------------------

    2008-01-14 22:15:12 0 d-------- C:\VundoFix Backups
    2008-01-14 15:28:26 0 d-------- C:\WINDOWS\ERUNT
    2008-01-13 14:53:10 0 dr-h----- C:\Documents and Settings\Jani Vartia\Recent
    2008-01-12 14:53:43 0 d-------- C:\Documents and Settings\Jani Vartia\Application Data\F-Secure
    2008-01-12 13:29:45 30016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
    2008-01-12 13:29:45 51040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
    2008-01-12 13:25:00 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-01-12 13:24:06 0 d-------- C:\Program Files\Sonera Tietoturva
    2008-01-12 11:42:48 0 d-------- C:\WINDOWS\Prefetch
    2008-01-09 18:43:42 0 d-------- C:\Program Files\Windows Live
    2008-01-07 17:42:50 8464384 --a------ C:\WINDOWS\system32\drivers\vmxnet.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® -käyttöjärjestelmä>
    2008-01-07 17:35:36 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
    2008-01-02 23:20:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-30 12:29:46 0 d-------- C:\BackUpMSNCleaner
    2007-12-29 22:05:47 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-29 22:05:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-29 18:42:31 0 d-------- C:\WINDOWS\pss
    2007-12-29 16:36:54 0 d-------- C:\Program Files\Trend Micro
    2007-12-29 16:01:05 0 d-------- C:\WINDOWS\SxsCaPendDel
    2007-12-27 14:17:10 0 d-------- C:\Program Files\Winamp Toolbar
    2007-12-27 14:17:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    2007-12-27 14:17:00 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
    2007-12-27 14:16:54 0 d-------- C:\Program Files\Winamp Remote


    -- Find3M Report ---------------------------------------------------------------

    2008-01-12 13:30:27 393404 --a------ C:\WINDOWS\system32\perfh00B.dat
    2008-01-12 13:30:27 83808 --a------ C:\WINDOWS\system32\perfc00B.dat
    2008-01-12 13:17:04 0 d-------- C:\Documents and Settings\Jani Vartia\Application Data\Identities
    2008-01-12 11:47:43 0 d-------- C:\Program Files\Messenger
    2008-01-12 11:32:45 23460 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-01-10 20:27:03 0 d-------- C:\Program Files\UnibetpokerMPP
    2008-01-10 18:56:03 0 d-------- C:\Documents and Settings\Jani Vartia\Application Data\Microgaming
    2008-01-06 12:32:32 0 d-------- C:\Program Files\DC++
    2008-01-04 23:21:14 0 d-------- C:\Program Files\Winamp
    2008-01-03 00:56:30 0 d-------- C:\Program Files\Java
    2007-12-30 16:31:42 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-12-29 22:05:47 0 d-------- C:\Program Files\Common Files
    2007-12-29 18:38:32 0 d-------- C:\Program Files\Steam
    2007-12-29 16:26:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-12-29 14:04:39 0 d-------- C:\Program Files\Macrogaming
    2007-12-22 15:32:28 0 d-------- C:\Program Files\eMule


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTrayp"="VTtrayp.exe" [2004-06-21 20:57 C:\WINDOWS\system32\VTTrayp.exe]
    "VTTimer"="VTTimer.exe" [2004-10-01 10:31 C:\WINDOWS\system32\VTTimer.exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" []

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 13:15:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
    "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
    "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "c:\program files\steam\steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
    VTtrayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "C:\Program Files\Winamp\winampa.exe"




    -- End of Deckard's System Scanner: finished at 2008-01-17 17:29:27 ------------

    extra


    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

    CPU 0: AMD Sempron(tm) Processor 3000+
    Percentage of Memory in Use: 30%
    Physical Memory (total/avail): 959.48 MiB / 663.66 MiB
    Pagefile Memory (total/avail): 2313.97 MiB / 2028 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1908.5 MiB

    C: is Fixed (NTFS) - 149.05 GiB total, 96.07 GiB free.
    D: is CDROM (No Media)
    E: is Removable (No Media)
    F: is Removable (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD1600BB-00GUC0 - 149.05 GiB - 1 partition
    \PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 149.05 GiB - C:

    \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

    \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

    \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

    \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.

    FW: Sonera Tietoturva 7.00 v7.00 (F-Secure Corporation)
    AV: Sonera Tietoturva 7.00 v7.00 (F-Secure Corporation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Jani Vartia\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=JANI
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Jani Vartia
    LOGONSERVER=\\JANI
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=2c02
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\JANIVA~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\JANIVA~1\LOCALS~1\Temp
    USERDOMAIN=JANI
    USERNAME=Jani Vartia
    USERPROFILE=C:\Documents and Settings\Jani Vartia
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Jani Vartia (admin)
    Järjestelmänvalvoja (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
    --> "C:\Program Files\Sonera Tietoturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
    --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNNMP.exe /UNINSTALL
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    --> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
    Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    BSPlayer --> "C:\Program Files\Webteh\BSPlayer\uninstall.exe"
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe"
    Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
    Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    eMule --> "C:\Program Files\eMule\Uninstall.exe"
    eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
    Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0xb UNINSTALL
    Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0xb
    Logitech QuickCam --> MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
    Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
    Logitech® Camera -ohjain --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    Microsoft Works 7.0 --> MsiExec.exe /I{323F6CCF-BBBA-41FB-AF39-62C4FE717CA4}
    Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    RedOrchestra --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69997863-7239-4E5C-833C-EAC2F0116EB3}\setup.exe" -l0x9 -removeonly
    S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
    S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
    S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
    S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
    S3 S3TrayPlus --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Ski Jump International 3.11 Shareware --> C:\PROGRA~1\SKIJUM~1\Setup.exe /remove
    Sonera Tietoturva --> "C:\Program Files\Sonera Tietoturva\FSGUI\PostInstall.exe" /tUnInstall
    Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
    Steam(TM) --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
    Suojauspäivitys Windows XP:lle (KB913433) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
    UMVPLStandalone --> MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
    Unibet Poker --> C:\PROGRA~1\UNIBET~1\UNIBET~1\UNWISE.EXE C:\PROGRA~1\UNIBET~1\UNIBET~1\INSTALL.LOG
    VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    VIA Vinyl Audio Codecs Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
    Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
    Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
    Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
    Windows Live installer --> MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
    Windows Live Messenger --> MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B}
    Windows Liven kirjautumisavustaja --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
    Windows Rights Management -asiakkaan yhteensopivuus taaksepäin SP2-versioon --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
    Windows Rights Management Service Pack 2 -asiakas --> MsiExec.exe /X{267747D1-31CF-4FA3-B4F4-1746B55C52BD}
    WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
    WinRAR-pakkausohjelma --> C:\Program Files\WinRAR\uninstall.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type24732 / Warning
    Event Submitted/Written: 01/17/2008 05:20:03 PM
    Event ID/Source: 1015 / EvntAgnt
    Event Description:
    TraceLevel-parametria ei ole rekisterissä.
    Käytetään seurannan tason oletusarvoa 32.

    Event Record #/Type24731 / Warning
    Event Submitted/Written: 01/17/2008 05:20:03 PM
    Event ID/Source: 1003 / EvntAgnt
    Event Description:
    TraceFileName-parametriä ei ole rekisterissä.
    Käytetään oletusseurantatiedostoa .

    Event Record #/Type24728 / Warning
    Event Submitted/Written: 01/17/2008 02:46:46 PM
    Event ID/Source: 1015 / EvntAgnt
    Event Description:
    TraceLevel-parametria ei ole rekisterissä.
    Käytetään seurannan tason oletusarvoa 32.

    Event Record #/Type24727 / Warning
    Event Submitted/Written: 01/17/2008 02:46:46 PM
    Event ID/Source: 1003 / EvntAgnt
    Event Description:
    TraceFileName-parametriä ei ole rekisterissä.
    Käytetään oletusseurantatiedostoa .

    Event Record #/Type24724 / Warning
    Event Submitted/Written: 01/17/2008 02:29:31 PM
    Event ID/Source: 1015 / EvntAgnt
    Event Description:
    TraceLevel-parametria ei ole rekisterissä.
    Käytetään seurannan tason oletusarvoa 32.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type42185 / Error
    Event Submitted/Written: 01/17/2008 05:19:38 PM / 01/17/2008 05:20:08 PM
    Event ID/Source: 4 / sptd
    Event Description:
    Ohjain löysi sisäisen virheen datarakenteissaan laitteelle .

    Event Record #/Type42176 / Error
    Event Submitted/Written: 01/17/2008 05:20:03 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
    sptd

    Event Record #/Type42156 / Error
    Event Submitted/Written: 01/17/2008 02:46:22 PM / 01/17/2008 02:46:52 PM
    Event ID/Source: 4 / sptd
    Event Description:
    Ohjain löysi sisäisen virheen datarakenteissaan laitteelle .

    Event Record #/Type42146 / Error
    Event Submitted/Written: 01/17/2008 02:46:46 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
    sptd

    Event Record #/Type42125 / Error
    Event Submitted/Written: 01/17/2008 02:29:07 PM / 01/17/2008 02:29:37 PM
    Event ID/Source: 4 / sptd
    Event Description:
    Ohjain löysi sisäisen virheen datarakenteissaan laitteelle .



    -- End of Deckard's System Scanner: finished at 2008-01-17 17:29:27 ------------


     
  4. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Onko sulla lisenssi voimassa:(varmista)
    Sonera Tietoturva 7.00 (F-Secure Corporation)
    -----------------------------------------------------------
    Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
    Vistassa Ohjelmat ja toiminnot
    Etsi ja poista ohjelma jonka nimessä on:

    Pokeripelit toistaiseksi

    ---------------------------------------------
    Lataa ja tallenna Blacklight työpöydällesi;

    Tupla-klikkaa fsbl.exe, hyväksy sopimus, klikkaa > Scan, sitten > Next

    Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

    Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".
    ------------------------------------------------
    Aja se RenV.exe ilman raahauksia ja logi siitä.
    ------------------------------------------------
    Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
    * Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    * Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    * Käynnistä AVG Anti-Spyware.
    * Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
    * Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
    * Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    * Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    * Sitten "Reports" valikon alta:
    * Laita täppi kohtaan "Do not Automatically generate report"
    * Ota täppi pois kohdasta"Only if threats were found"
    * Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    * "Resident shield is", muuta tila active:sta inactive:ksi
    * Sulje ohjelma, ÄLÄ skannaa vielä.
    ---------------------
    Lataa Atribunen ATF Cleaner
    Ohjeet;
    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasiKlikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
    ------------------------
    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta
    Käynnistä kone vikasietotilaan => OHJE
    JOS AVG ei toimi vikasietotilassa ja valittaa "..reinstall .." niin tällä patchilla ohjelman pitäisi alkaa toimia.

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
    * Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    * Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    * Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    * Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    * Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
    [​IMG]
    * Sitten klikkaa "Reports" palkkia ruudun ala-osasta.
    * Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    * Sulje ohjelma, käynnistä kone normaalisti.

    Tyhjennä roskakori.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * AVG:n raportti
    * RenV raportti
    * fsbl:n raportti
    * Jatkuu huomenna
     
  5. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    ok. pokerit poistettu paitsi paffia sitä ei voinu poistaa :(
    lisenssi on voimassa

    Huomiseen
     
  6. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Laita se AVG 7.5 pyörimään ja otat vapaaillan.
     
  7. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    huomenta tai oikeastaan päivää täs ois noita raportteja

    fsbl


    01/17/08 19:07:23 [Info]: BlackLight Engine 1.0.67 initialized
    01/17/08 19:07:23 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    01/17/08 19:07:23 [Note]: 7019 4
    01/17/08 19:07:23 [Note]: 7005 0
    01/17/08 19:07:30 [Note]: 7006 0
    01/17/08 19:07:31 [Note]: 7011 2228
    01/17/08 19:07:33 [Note]: FSRAW library version 1.7.1024
    01/17/08 19:12:56 [Note]: 2000 1012
    01/17/08 19:17:09 [Note]: 7007 0

    renV

    code]
    Ran on 2008-01-18 - 9:02:15.59

    ----a-w 185,896 2008-01-07 13:11:36 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    ----a-w 132,496 2008-01-07 13:11:34 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 1,694,208 2008-01-07 13:11:49 C:\Program Files\Messenger\msmsgs .exe
    ----a-w 183,208 2008-01-12 12:45:56 C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
    ----a-w 740,208 2008-01-12 12:46:03 C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
    ----a-w 15,360 2008-01-16 10:45:22 C:\WINDOWS\system32\ctfmon .exe

    Entries: 6 (6)
    Directories: 0 Files: 6
    Bytes: 2,951,376 Blocks: 5,766
    [/code]



    avg

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:58 2008-01-18

    + Scan result:



    C:\Program Files\Sonera Tietoturva\Common\FSM32.0XE -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\Program Files\Windows Live\Messenger\msnmsgr .0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\Program Files\Windows Live\Messenger\msnmsgr .0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\Program Files\Windows Live\Messenger\msnmsgr.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\RCXD.0mp.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtutu.0xe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtutu.1xe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtutu.2xe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP12\A0003916.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP12\A0003917.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP15\A0006975.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP15\A0006983.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP15\A0006984.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP15\A0007982.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP15\A0008984.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP15\A0008986.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP16\A0009983.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP2\A0000706.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP2\A0000743.0XE -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP2\A0000744.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP2\A0000746.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP5\A0000755.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP5\A0000756.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP5\A0000757.0XE -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP9\A0002843.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ctfmon.0xe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ctfmon.exe.0mp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ctfmon.exe.1mp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).


    ::Report end


    hj

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:12, on 2008-01-18
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
    C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
    C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\hoojiitee\hoojiitee.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157102305475
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 5588 bytes

     
  8. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    AVG hoiti osan !!!
    [*]Lataa OTMoveIt by OldTimer.
    [*]Tuplaklikkaa OTMoveIt käynnistääksesi se.
    [​IMG]
    [*]Ota rasti pois kohdasta Unregister Dll's and Ocx's (1).
    [*]Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti.
    Koodi:
     
    C:\WINDOWS\system32\vtutu.2xe 
    C:\WINDOWS\system32\vtutu.1xe 
    C:\TSF_7.00_387_02S.EXE 
    C:\WINDOWS\system32\aaufjmeh.dll 
    C:\WINDOWS\system32\fnfpiaaa.dll 
    C:\WINDOWS\system32\RCXD.0mp 
    C:\WINDOWS\system32\vtutu.0xe 
    C:\WINDOWS\system32\midiihuh.exe 
    
    [*]Nyt paina oikeanpuoleista hiiren nappia Paste List of Files/Folders to be Moved-ikkunassa.
    [*]Paina Liitä(2).
    [*]Kun tiedostot ovat ikkunassa, paina MoveIt!(3) .
    [*]Kopioi (CTRL+C) ja liitä(CTRL+V) Results-ikkunaan tullut teksti seuraavaan viestiisi(4).

    *********************************************************

    Seuraavaksi poistamme kaikki käytetyt työkalut.

    [*]Tuplaklikkaa[ b]OTMoveIt.exe[/b].
    [*]Klikkaa CleanUp!.
    [*]Valitse Yes kun kysytään "Begin cleanup Process?".
    [*]Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
    [*]OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

    HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

    Boottaa kone ja tämän OTMoveIt logi.
     
  9. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    joo toi ot moveit ilmotti että "cannot create file C:\OTMoveIt\movedfiles\01182008_123714.log

    File/Folder C:\WINDOWS\system32\vtutu.2xe not found.
    File/Folder C:\WINDOWS\system32\vtutu.1xe not found.
    File/Folder C:\TSF_7.00_387_02S.EXE not found.
    File/Folder C:\WINDOWS\system32\aaufjmeh.dll not found.
    File/Folder C:\WINDOWS\system32\fnfpiaaa.dll not found.
    File/Folder C:\WINDOWS\system32\RCXD.0mp not found.
    File/Folder C:\WINDOWS\system32\vtutu.0xe not found.
    File/Folder C:\WINDOWS\system32\midiihuh.exe not found.

    Created on 01-18-2008 12:37:14
     
  10. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    omat tiedostot on täynnä tällässiä???


    pos14BE.tmp noita on varmaan tuhat kappaletta
     
  11. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Kaikki .tmp tiedostot saat poistaa huoletta oli ne missä hakemistossa
    hyvänsä. MoveIt meni oikein.
    Sinun Vundo File infectio on seuraavaksi vuorossa.
    Lataa uusi Combo ja aja se.
    Jos eimene läpi kokeile vikasietotilassa.
    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix.exe
    combofix.exe
    Kerropa tuloksista ???
     
  12. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    eli poistan nuo kaikki mitkä olen ottanu koneelle???
     
  13. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    siis avg vundofix dss ja muut
    mite tollanen sav tiedosto??
     
  14. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Tämä poistaa kaikki turhat .TMP tiedostot:
    Lataa Atribunen ATF Cleaner
    Ohjeet;
    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
    • Main:n alla valitse: Select All
      Klikkaa Empty Selected valintaa.
      Jos käytät FireFoxia selaimenasi
      • Klikkaa Firefox yläpuolelta ja valitse: Select All
        Klikkaa Empty Selected valintaa.
        HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
        Jos käytät Operaa selaimenasi
        • Klikkaa Opera yläpuolelta ja valitse: Select All
          Klikkaa Empty Selected valintaa taas.
          HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
          Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
          Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

          .SAV on esm... pelin talletus tiedosto.
          Tuo ATF riittää. ajo kerran kuussa.
     
  15. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    do dii vikasieto tilassa combo toimi hyvin

    ComboFix 08-01-17.5 - Jani Vartia 2008-01-18 17:02:03.21 - NTFSx86 MINIMAL
    Running from: C:\Documents and Settings\Jani Vartia\Työpöytä\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-12-18 to 2008-01-18 )))))))))))))))))
    .

    2008-01-18 16:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-18 09:06 . 2008-01-18 09:06 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\Grisoft
    2008-01-18 09:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-14 15:28 . 2008-01-14 15:28 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2008-01-12 14:53 . 2008-01-12 14:53 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\F-Secure
    2008-01-12 13:29 . 2008-01-12 13:47 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-01-12 13:29 . 2008-01-12 13:47 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-01-12 13:25 . 2008-01-12 13:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-01-12 13:24 . 2008-01-12 14:44 <KANSIO> d-------- C:\Program Files\Sonera Tietoturva
    2008-01-12 12:12 . 2008-01-12 12:13 418,135 --a------ C:\UITool3-370a.zip
    2008-01-12 11:39 . 2006-03-02 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-01-12 11:38 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-01-12 11:37 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
    2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-01-12 11:33 . 2008-01-12 11:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-01-12 11:31 . 2006-03-02 14:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
    2008-01-12 11:31 . 2006-03-02 14:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
    2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
    2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
    2008-01-12 11:17 . 2008-01-12 11:17 34 --a------ C:\WINDOWS\system\oeminfo.ini
    2008-01-09 18:43 . 2008-01-09 18:45 <KANSIO> d-------- C:\Program Files\Windows Live
    2008-01-09 17:26 . 2008-01-16 12:45 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2008-01-07 17:42 . 2007-10-25 18:44 8,464,384 --a------ C:\WINDOWS\system32\drivers\vmxnet.sys
    2008-01-07 17:35 . 2008-01-12 13:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
    2008-01-03 00:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-01-02 23:20 . 2008-01-12 12:22 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-30 13:52 . 2008-01-12 09:02 4,410 --a------ C:\WINDOWS\setupapi.old
    2007-12-29 22:05 . 2007-12-29 22:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-29 22:05 . 2008-01-09 18:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-29 16:36 . 2008-01-14 15:17 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-12-29 16:01 . 2007-12-29 16:26 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
    2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
    2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
    2007-12-27 14:16 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Remote

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-10 16:56 --------- d-----w C:\Documents and Settings\Jani Vartia\Application Data\Microgaming
    2008-01-06 10:32 --------- d-----w C:\Program Files\DC++
    2008-01-04 21:21 --------- d-----w C:\Program Files\Winamp
    2008-01-02 22:56 --------- d-----w C:\Program Files\Java
    2007-12-30 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-29 16:38 --------- d-----w C:\Program Files\Steam
    2007-12-29 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-12-29 12:04 --------- d-----w C:\Program Files\Macrogaming
    2007-12-22 13:32 --------- d-----w C:\Program Files\eMule
    2007-11-25 21:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
    2007-10-18 09:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
    .
    Koodi:
    <pre>
    ----a-w           185,896 2008-01-07 13:11:36  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    ----a-w           132,496 2008-01-07 13:11:34  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w         1,694,208 2008-01-07 13:11:49  C:\Program Files\Messenger\msmsgs .exe
    ----a-w           183,208 2008-01-12 12:45:56  C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
    ----a-w           740,208 2008-01-12 12:46:03  C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
    ----a-w            15,360 2008-01-16 10:45:22  C:\WINDOWS\system32\ctfmon .exe
    </pre>

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTrayp"="VTtrayp.exe" [2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
    "VTTimer"="VTTimer.exe" [2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe]
    "!AVG Anti-Spyware"="C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 13:15:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
    --a------ 2005-09-06 05:10 450560 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-03-09 13:15 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    --a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    --a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
    --a------ 2007-12-18 03:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-03-09 11:05 65536 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
    --a------ 2004-04-23 14:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2007-11-30 14:38 1266936 c:\program files\steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    -ra------ 2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
    -ra------ 2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-01-12 13:47]
    R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]
    R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 04:28]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
    S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Sonera Tietoturva\HIPS\fshs.sys [2007-04-26 19:11]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]
    S4 si3112r;si3112r;C:\WINDOWS\system32\drivers\si3112r.sys [2003-05-09 15:55]
    S4 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 17:31]

    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2008-01-18 06:55:05 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\SONERA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SONERA~1\ANTI-V~1\report.txt
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-18 17:04:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-18 17:05:50
    ComboFix-quarantined-files.txt 2008-01-18 15:05:29
    .
    2008-01-18 06:55:34 --- E O F ---
     
  16. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Mä en tänään kerkiä enempää. huomenna lisää.
    Avaa Windowsin Notebad ohjelma ja kopioi alla oleva koodi sinne.

    Koodi:
    @echo on 
    Regsvr32.exe /u msimtf.dll
    Regsvr32.exe /u Msctf.dll
    
    Tallenna se työpöydälle CTFMonFix.bat nimellä.Poistu Notepadista.
    Tuplaklikaa työpöydällä tiedostoa CTFMonFix.bat
    ------------------------------------
    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    *
     
  17. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    ok munkin pitä mennä treeneihin huomiseen
     
  18. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Avaa Windowsin Notebad ohjelma ja kopioi alla oleva koodi sinne.

    Tallenna se työpöydälle Virus.bat nimellä.Poistu Notepadista.
    Käynnistä vikasietotilaan jossa =>
    Tuplaklikaa työpöydällä tiedostoa Virus.bat

    Aja lopuksi vikasiedossa ComboFix.exe logia tulemaan.
     
  19. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    morjens tossa olis eka hj logi


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:29:35, on 19.1.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
    C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
    C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
    C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\hoojiitee\hoojiitee.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157102305475
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 5023 bytes
     
  20. j.pv

    j.pv Member

    Liittynyt:
    27.04.2005
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    ctf kysy pari kertaa ni painoin ok
    virus.bat kerran et poistetaanko ni painoin kyllä

    täs combo

    ComboFix 08-01-17.5 - Jani Vartia 2008-01-19 12:03:58.23 - NTFSx86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.785 [GMT 2:00]
    Running from: C:\Documents and Settings\Jani Vartia\Työpöytä\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-12-19 to 2008-01-19 )))))))))))))))))
    .

    2008-01-18 16:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-18 09:06 . 2008-01-18 09:06 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\Grisoft
    2008-01-18 09:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-14 15:28 . 2008-01-14 15:28 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2008-01-12 14:53 . 2008-01-12 14:53 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\F-Secure
    2008-01-12 13:29 . 2008-01-12 13:47 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-01-12 13:29 . 2008-01-12 13:47 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-01-12 13:25 . 2008-01-12 13:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-01-12 13:24 . 2008-01-12 14:44 <KANSIO> d-------- C:\Program Files\Sonera Tietoturva
    2008-01-12 12:12 . 2008-01-12 12:13 418,135 --a------ C:\UITool3-370a.zip
    2008-01-12 11:39 . 2006-03-02 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-01-12 11:38 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-01-12 11:37 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
    2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-01-12 11:33 . 2008-01-12 11:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-01-12 11:31 . 2006-03-02 14:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
    2008-01-12 11:31 . 2006-03-02 14:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
    2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
    2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
    2008-01-12 11:17 . 2008-01-12 11:17 34 --a------ C:\WINDOWS\system\oeminfo.ini
    2008-01-09 18:43 . 2008-01-09 18:45 <KANSIO> d-------- C:\Program Files\Windows Live
    2008-01-09 17:26 . 2008-01-16 12:45 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2008-01-07 17:42 . 2007-10-25 18:44 8,464,384 --a------ C:\WINDOWS\system32\drivers\vmxnet.sys
    2008-01-07 17:35 . 2008-01-12 13:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
    2008-01-03 00:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-01-02 23:20 . 2008-01-12 12:22 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-30 13:52 . 2008-01-12 09:02 4,410 --a------ C:\WINDOWS\setupapi.old
    2007-12-29 22:05 . 2007-12-29 22:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-29 22:05 . 2008-01-09 18:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-29 16:36 . 2008-01-14 15:17 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-12-29 16:01 . 2007-12-29 16:26 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
    2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
    2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
    2007-12-27 14:16 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Remote

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-10 16:56 --------- d-----w C:\Documents and Settings\Jani Vartia\Application Data\Microgaming
    2008-01-06 10:32 --------- d-----w C:\Program Files\DC++
    2008-01-04 21:21 --------- d-----w C:\Program Files\Winamp
    2008-01-02 22:56 --------- d-----w C:\Program Files\Java
    2007-12-30 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-29 16:38 --------- d-----w C:\Program Files\Steam
    2007-12-29 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-12-29 12:04 --------- d-----w C:\Program Files\Macrogaming
    2007-12-22 13:32 --------- d-----w C:\Program Files\eMule
    2007-11-25 21:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
    .
    Koodi:
    <pre>
    ----a-w           185,896 2008-01-07 13:11:36  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    ----a-w           132,496 2008-01-07 13:11:34  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w         1,694,208 2008-01-07 13:11:49  C:\Program Files\Messenger\msmsgs .exe
    ----a-w           183,208 2008-01-12 12:45:56  C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
    ----a-w           740,208 2008-01-12 12:46:03  C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
    ----a-w            15,360 2008-01-16 10:45:22  C:\WINDOWS\system32\ctfmon .exe
    </pre>

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTrayp"="VTtrayp.exe" [2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
    "VTTimer"="VTTimer.exe" [2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe]
    "!AVG Anti-Spyware"="C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 13:15:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
    --a------ 2005-09-06 05:10 450560 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-03-09 13:15 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    --a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    --a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
    --a------ 2007-12-18 03:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-03-09 11:05 65536 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
    --a------ 2004-04-23 14:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2007-11-30 14:38 1266936 c:\program files\steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    -ra------ 2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
    -ra------ 2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-01-12 13:47]
    R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]
    R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 04:28]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
    S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Sonera Tietoturva\HIPS\fshs.sys [2007-04-26 19:11]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]
    S4 si3112r;si3112r;C:\WINDOWS\system32\drivers\si3112r.sys [2003-05-09 15:55]
    S4 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 17:31]

    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2008-01-19 09:10:46 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\SONERA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SONERA~1\ANTI-V~1\report.txt
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 12:06:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-19 12:07:18
    ComboFix-quarantined-files.txt 2008-01-19 10:06:57
    ComboFix2.txt 2008-01-19 09:42:37
    ComboFix3.txt 2008-01-18 15:05:50
    .
    2008-01-19 09:11:05 --- E O F ---
     
  21. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    Ottaapa lujille.

    Menisitkö vielä sinne vikasietotilaan.
    Jos siellä on tämmöisiä tiedostoja poista (ovat saastuneita)

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
    C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe
    C:\WINDOWS\system32\ctfmon.exe

    ************************************************
    ------------------------------------------------
    Samalla kun olet siellä hiiren oikealla napilla pääset uudelleen nimeämään nämä.
    Sillätavoin, että otat vain tuon välilyönnin pois .exe edestä (nämä on terveitä)
    Jotta ne olisi saman laisia, kuin tuossa ylempänä.

    C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Program Files\Messenger\msmsgs .exe
    C:\Program Files\Sonera Tietoturva\Common\FSM32 .EXE
    C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil .exe
    C:\WINDOWS\system32\ctfmon .exe

    Kerro mitä siellä oli ja Conbon logi vikasiedossa.

    ctf kysy pari kertaa ni painoin ok mikä on ctf ???

    Tarkasta koneesi päivämäärä 2008-01-19 12:03:58
     

Jaa tämä sivu