Winudspm.exe ja muuta skeidaa

matkahomo · 01.06.2008

Tämmöinen vaivaa. Messengerin mukana tullut. Olen ajanut combofixillä, sdfixillä ja malwarebytesillä. Hijackthis loki ois tällähetkellä tämmöinen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:08, on 1.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plaza.fi/kotimaa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Documents and Settings\Lotta\Omat tiedostot\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Documents and Settings\Lotta\Omat tiedostot\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 5600 bytes

AfterDawn

yaht · 01.06.2008

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Tuon rivin voisit fixata muuten logi näyttää ihan puhtaalta ainakin näin äkkiseltään katsottuna.

matkahomo · 01.06.2008

Entä miten tämä rivi. Onko tämä ok?

O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe

Ainakin windowsia käynnistäessä herjaa että julkaisijan vahvistaminen ei onnistu.

yaht · 01.06.2008

Jaahas eli näemmä on viellä se mesevirus siellä koneella elikkä aja viellä tuo combofixi ja malwarebytesi ja pistä logia tuleen molemmista ohjelmista ja myös uusi hijackthis logi.

matkahomo · 01.06.2008

Tässä uutta lokia:

ComboFix 08-05-29.1 - Asiakas 2008-06-01 14:07:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.111 [GMT 3:00]
Running from: C:\Documents and Settings\Asiakas\Työpöytä\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-01 to 2008-06-01 )))))))))))))))))
.

2008-06-01 10:42 . 2008-06-01 10:42 244 --ah----- C:\sqmnoopt16.sqm
2008-06-01 10:42 . 2008-06-01 10:42 232 --ah----- C:\sqmdata16.sqm
2008-05-31 16:28 . 2008-05-31 16:28 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 16:28 . 2008-05-31 16:28 <KANSIO> d-------- C:\Documents and Settings\Asiakas\Application Data\Malwarebytes
2008-05-31 16:28 . 2008-05-31 16:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 16:28 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-31 16:28 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 16:11 . 2008-05-31 16:11 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-05-31 16:10 . 2008-06-01 14:02 <KANSIO> d-------- C:\SDFix
2008-05-31 16:02 . 2008-05-31 16:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-05-31 14:19 . 2008-05-31 14:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-31 14:15 . 2008-05-31 14:15 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 14:15 . 2008-05-31 14:15 232 --ah----- C:\sqmdata15.sqm
2008-05-31 14:13 . 2008-05-31 14:13 86,512 --a------ C:\setup1.exe
2008-05-31 14:10 . 2008-05-31 14:10 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-31 11:39 . 2008-05-31 11:39 <KANSIO> d-------- C:\fsaua.data
2008-05-29 20:46 . 2008-05-31 09:33 345 --ahs---- C:\WINDOWS\system32\OYbdKkkj.ini
2008-05-29 20:40 . 2008-05-29 20:40 60,132 --a------ C:\ddc.exe
2008-05-28 19:00 . 2008-05-28 19:00 <KANSIO> d-------- C:\Program Files\Tikkurila
2008-05-28 18:59 . 2008-05-28 18:59 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-05-26 14:35 . 2008-05-26 14:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-26 14:35 . 2008-05-26 14:35 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 11:09 --------- d-----w C:\Documents and Settings\Asiakas\Application Data\Skype
2008-05-31 11:27 --------- d-----w C:\Program Files\Java
2008-05-29 13:51 --------- d-----w C:\Program Files\Euroword 99
2008-05-22 18:56 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-14 18:48 --------- d-----w C:\Documents and Settings\Asiakas\Application Data\SiteAdvisor
2008-05-11 10:05 --------- d-----w C:\Documents and Settings\Lotta\Application Data\SiteAdvisor
2008-04-25 12:25 --------- d-----w C:\Program Files\McAfee
2008-04-25 06:12 --------- d-----w C:\Program Files\Common Files\McAfee
2008-04-25 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-25 05:30 --------- d-----w C:\Documents and Settings\Asiakas\Application Data\McAfee
2008-04-18 15:44 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2001-11-23 04:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-05-31_14.53.27.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-31 11:47:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 10:57:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-30 01:36:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-01 10:43:59 3,743,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-06-01 10:43:59 184,320 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-30 01:36:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-31 13:11:16 3,719,168 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-05-31 13:11:16 184,320 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-05-31 10:34:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-01 07:08:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-31 10:34:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2008-06-01 07:08:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
- 2008-05-31 10:34:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-01 07:08:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 11:51 172032]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-10 21:15 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 11:50 204800]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-01-17 22:24 36904]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"Windows svchost"="service.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Documents and Settings\Lotta\Omat tiedostot\Picasa2\PicasaMediaDetector.exe" [2007-09-28 04:17 443968]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-11-23 12:37:12 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 TFBULK;Topfield USB client driver;C:\WINDOWS\system32\drivers\TfBulk.sys [2008-02-18 19:28]

.
'Ajoitetut tehtävät'-kansion sisältö
"2007-04-14 08:00:20 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-04-14 08:00:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 14:09:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
Completion time: 2008-06-01 14:12:53
ComboFix-quarantined-files.txt 2008-06-01 11:12:40
ComboFix2.txt 2008-05-31 11:53:51

Pre-Run: 60,985,630,720 tavua vapaana
Post-Run: 60,990,398,464 tavua vapaana

132 --- E O F --- 2008-05-16 07:40:44

Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 807

14:59:16 1.6.2008
mbam-log-6-1-2008 (14-59-16).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 87246
Kulunut aika: 36 minute(s), 45 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:39, on 1.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plaza.fi/kotimaa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Documents and Settings\Lotta\Omat tiedostot\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Documents and Settings\Lotta\Omat tiedostot\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 5568 bytes

yaht · 01.06.2008

Kyllä tuo ihan puhtaalta logilta nytten näyttää ellei joku muu sitten huomaa mitään erikoista.

Tämän voisit viellä tehdä eli avaa käynnistä valikosta suorita ja kirjoita sinne combofix.exe /u

matkahomo · 01.06.2008

Jess, Sen tein. Kiitoksia paljon avusta!!!

yaht · 01.06.2008

Mukavaa että oli apua

Kirjaudu tai liity jäseneksi

Winudspm.exe ja muuta skeidaa

matkahomo Member

yaht Regular member

matkahomo Member

yaht Regular member

matkahomo Member

yaht Regular member

matkahomo Member

yaht Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Winudspm.exe ja muuta skeidaa

matkahomo Member

yaht Regular member

matkahomo Member

yaht Regular member

matkahomo Member

yaht Regular member

matkahomo Member

yaht Regular member

Jaa tämä sivu

Hyödyllisiä hakuja