1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

WinPatrol logi-onko kone ok

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi samppuli 18.11.2007.

  1. samppuli

    samppuli Guest

    Log created by WinPatrol version 12.2.2007.0:12.2.2007.0
    Scan saved at 9:41:09 PM, on 11/18/2007
    Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
    MSIE: Internet Explorer (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRAM FILES\Sygate\SPF\Smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\PROGRAM FILES\Java\JRE1.6.0_03\bin\jusched.exe
    C:\PROGRAM FILES\Sonera\INTERNETAVUSTAJA\bin\sprtcmd.exe
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
    C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [AVG7_CC]C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SmcService]C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [Sonera]C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe /P Sonera
    O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer]C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [updateMgr]C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate]C:\Program Files\Logitech\Video\ManifestEngine.exe boot
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_03\bin
    O11 - Options group: [] -
    O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
    O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
    O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
    O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
    O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Sovellusten hallinta - - C:\WINDOWS\System32\appmgmts.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ewido security suite control - - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: HID (Human Interface Device) -liittymä - - C:\WINDOWS\System32\hidserv.dll
    O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - - C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini
    O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

    --- Additional WinPatrol Info ---
    Default Browser: Windows® Internet Explorer - Internet Explorer version 7.00.6000.16544
    MSIE: Internet Explorer (7.00.6000.16544)
    69 IE Cookies in Folder: C:\Documents and Settings\Sami\Cookies\

    WP00 - HKLM\CS1: BootExecute = autocheck autochk *
    WP00 - HKLM\CCS: BootExecute = autocheck autochk *
    WP00 - HKLM\CS2: BootExecute = autocheck autochk *
    WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

    WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


    WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
    WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://


    WP32 - Hidden File: C:\boot.ini
    WP32 - Hidden File: C:\Bootfont.bin
    WP32 - Hidden File: C:\hiberfil.sys
    WP32 - Hidden File: C:\IO.SYS
    WP32 - Hidden File: C:\MSDOS.SYS
    WP32 - Hidden File: C:\NTDETECT.COM
    WP32 - Hidden File: C:\ntldr
    WP32 - Hidden File: C:\pagefile.sys
    WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
    WP32 - Hidden File: C:\WINDOWS\Thumbs.db
    WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
    WP32 - Hidden File: C:\WINDOWS\winnt.bmp
    WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
    WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
    WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\default.rctemp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\default.tmp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.rctemp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.tmp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.rctemp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.tmp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\software.rctemp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\software.tmp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\system.rctemp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\system.tmp.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\config\userdifr.LOG
    WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
    WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
    WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
    WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
    WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
    WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
    WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
    WP32 - Hidden File: C:\WINDOWS\system32\zllictbl.dat

    WP33 - File Type .AVI: [Videoleike]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
    WP33 - File Type .BAT: [MS-DOS-komentojonotiedosto]%1 %*
    WP33 - File Type .CAB: [Cab-tiedosto]C:\WINDOWS\Explorer.exe /idlist,%I,%L
    WP33 - File Type .CAT: [Suojausluettelo]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
    WP33 - File Type .CHM: [Käännetty HTML Help -tiedosto]C:\WINDOWS\hh.exe %1
    WP33 - File Type .COM: [MS-DOS-sovellus]%1 %*
    WP33 - File Type .CMD: [Windows NT -komentosarja]%1 %*
    WP33 - File Type .DOC: [Microsoft Word -asiakirja]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
    WP33 - File Type .EML: [Outlook Express Mail -viesti]C:\Program Files\Outlook Express\msimn.exe /eml:%1
    WP33 - File Type .EXE: [Sovellus]%1 %*
    WP33 - File Type .INF: [Asennustiedot]C:\WINDOWS\System32\NOTEPAD.EXE %1
    WP33 - File Type .JS: [JScript-komentosarjatiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .LOG: [Tekstiasiakirja]C:\WINDOWS\system32\NOTEPAD.EXE %1
    WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
    WP33 - File Type .MSG: [Outlook-kohde]C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /f %1
    WP33 - File Type .MID: [MIDI-jakso]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
    WP33 - File Type .MP3: [MP3-ääni]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
    WP33 - File Type .PIF: [Pikakuvake MS-DOS-ohjelmalle]%1 %*
    WP33 - File Type .REG: [Rekisterimerkinnät]regedit.exe %1
    WP33 - File Type .REG: [Rekisterimerkinnät]regedit.exe %1
    WP33 - File Type .RTF: [RTF]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
    WP33 - File Type .SBS: [Spyware supplemental file]C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
    WP33 - File Type .SCR: [Näytönsäästäjä]%1 /S
    WP33 - File Type .TXT: [Tekstiasiakirja]C:\WINDOWS\system32\NOTEPAD.EXE %1
    WP33 - File Type .URL: [Internet-linkki]rundll32.exe ieframe.dll,OpenURL %l
    WP33 - File Type .VBS: [VBScript-komentosarjatiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .VBE: [Koodattu VBScript-komentosarjatiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .WSF: [Windows-komentosarjatiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .WSH: [Windows Script Hostin asetustiedosto]C:\WINDOWS\System32\WScript.exe %1 %*
    WP33 - File Type .XLS: [Microsoft Excel -laskentataulukko]C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e

    Memory currently in use: 70%
    Physical Memory Free: 157,120 KB
    Paging File Free: 977,244 KB
    Virtual Memory Free: 2,042,068 KB


    --
    End of file


    Ja escan löysi sit tämmöstä.

    Fri Nov 16 18:43:18 2007 => ERROR!!! Invalid Entry C:\Program Files\ewido anti-malware\ewidoctrl.exe in SYSTEM\CurrentControlSet\Services\ewido security suite control...
    Fri Nov 16 18:43:18 2007 => ERROR!!! Invalid Entry \??\C:\Program Files\ewido anti-malware\guard.sys in SYSTEM\CurrentControlSet\Services\ewido security suite driver...
    Fri Nov 16 18:43:18 2007 => ERROR!!! Invalid Entry C:\Program Files\ewido anti-malware\ewidoguard.exe in SYSTEM\CurrentControlSet\Services\ewido security suite guard
    ERROR!!! Invalid Entry system32\DRIVERS\pfc027.sys in SYSTEM\CurrentControlSet\Services\SoC PC-Camera Service...
    ERROR!!! Invalid Entry system32\ZoneLabs\srescan.sys in SYSTEM\CurrentControlSet\Services\srescan...
    ERROR!!! Invalid Entry  in SYSTEM\CurrentControlSet\Services\vsdatant...
    ERROR!!! ScanFile fails for C:\WINDOWS\SchedLgU.Txt
    ERROR!!! ScanFile fails for C:\WINDOWS\wiadebug.log
    ERROR!!! ScanFile fails for C:\WINDOWS\wiaservc.log
    ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log
    File C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

    File C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
     
    Moderaattorin viimeksi muokkaama: 18.11.2007
  2.  

Jaa tämä sivu