Generic host process for Win32 Services

impi80 · Nov 3, 2009

Kone päälle ja tollasta viskelee ja boottaa,ellen laita suoritukseen shutdown -a.

Monet ovat viitanneet,blaster/sasser matoon, mutta mitkään scannerit mitä olen koeillut eivät ole haittoja löytäneet.

Ad-Aware ei suostu edes asentumaan eikä myöskään escan.

SDfixiä hieman huono suorittaa vikasietotilassa,koska koneen käynnistyessä kun renkkaa tota F8,niin antaa kyllä 3 vaihtoehtoa mutta jonkun niistä kun valitsee niin rupee lataamaan mutta parin sekunnin päästä boottaa koneen. Ja logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:34, on 3.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared\a2service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1801674531-1482476501-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255734618843
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5742 bytes

kalminen · Nov 3, 2009

Kuulostaa pahalta vaikka logilla ei
näy mitään sopimatonta !!!

------------------------------------------------

Sammuta terrieri toistaiseksi WinPatrol

* Kirjoita windowsin käynnistä-valikon suorita-kenttään msconfig paina OK
* Valitse oikealla sijaitseva käynnistys-välilehti.
* Jos joukossa on ohjelmia

WinPatrol

* ota ruksi ohjelman kohdalta pois.
* Valitse sitten käytä. (poistu ohjelmasta)
* Samasta paikkaa ohjelman voi palauttaa StartMenuun.

Käynnistä koneesi uudelleen.

Koneen uudelleen käynnistyksessä se kysyy mitä tehdään.
Otat uuden kokoonpanon käyttöön ja ruksi vasempaan alakulmaan
ettei kysy samaa jokakerta uudelleen.

-------------------------------------------------------------------------

Oletko tätä ajanut ???

Lataa Malwarebytes' Anti-Malware työpöydällesi.

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.

----------------------------------------------------------------------------------

* Lähetä lokin sisältö seuraavassa viestissäsi
+ uusi hjt-loki.
.

impi80 · Nov 3, 2009

Malwarebytes' Anti-Malware 1.41
Tietokantaversio: 3092
Windows 5.1.2600 Service Pack 3

3.11.2009 17:13:00
mbam-log-2009-11-03 (17-13-00).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 262023
Kulunut aika: 1 hour(s), 7 minute(s), 55 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:38, on 3.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared\a2service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1801674531-1482476501-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255734618843
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5375 bytes

kalminen · Nov 3, 2009

Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 1
Linkki 2
Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.

* Tuplaklikkaa Combofix.exe ja noudata ohjeita.

* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.

Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:

Klikkaa Kyllä jatkaaksesi skannausta.

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:
C:\ComboFix.txt
Uusi HijackThis-loki

Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

impi80 · Nov 3, 2009

ComboFix 09-11-02.05 - Ari Immonen 03.11.2009 19:15.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1022.633 [GMT 2:00]
Sijainti: c:\documents and settings\Ari Immonen.HILUX\Työpöytä\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091103-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ari Immonen.HILUX\Application Data\inst.exe
c:\documents and settings\Impi\Application Data\.#
c:\documents and settings\Impi\Application Data\inst.exe
C:\drivers
c:\drivers\setpoint424.exe
c:\recycler\S-1-5-21-1214440339-1708537768-725345543-1003
c:\recycler\S-1-5-21-2000478354-115176313-1801674531-1004
c:\recycler\S-1-5-21-790525478-1682526488-725345543-1004
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AVSredirect.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Saastunut kopio tiedostosta c:\windows\system32\DRIVERS\atapi.sys löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - Kitty ate it
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-10-03 to 2009-11-03 )))))))))))))))))
.

2009-11-03 09:06 . 2009-11-03 09:06 -------- d-----w- c:\program files\Trend Micro
2009-11-02 09:54 . 2009-11-02 15:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Työpöytä
2009-11-02 09:48 . 2000-08-19 18:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
2009-10-31 11:42 . 2009-11-02 10:07 -------- d-----w- c:\program files\Nidesoft MP4 Video Converter v2.0
2009-10-30 09:41 . 2009-10-30 09:53 -------- d-----w- c:\program files\Advanced SystemCare 3
2009-10-30 09:41 . 2009-10-30 09:51 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\IObit
2009-10-30 08:10 . 2009-10-30 09:06 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-10-30 05:57 . 2009-10-30 05:57 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-30 05:41 . 2009-10-30 05:41 -------- d-----w- c:\program files\Svchost Fix Wizard
2009-10-30 05:41 . 2009-04-16 12:13 81920 ----a-w- c:\windows\eSellerateControl350.dll
2009-10-30 05:41 . 2009-04-16 12:13 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-10-30 05:28 . 2009-10-30 05:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F-Secure
2009-10-30 03:44 . 2009-10-30 03:44 -------- d-sh--w- c:\documents and settings\Ari Immonen.HILUX\PrivacIE
2009-10-29 15:35 . 2009-10-29 15:42 -------- d-----w- c:\program files\Oberon Media
2009-10-29 15:35 . 2009-10-29 15:35 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-10-29 15:35 . 2009-10-30 08:22 -------- d-----w- c:\program files\Break For Games
2009-10-29 09:46 . 2009-10-30 06:52 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\OpenOffice.org2
2009-10-27 20:09 . 2008-04-13 19:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-27 04:28 . 2009-10-27 04:29 -------- d-----w- c:\program files\Free Video Joiner
2009-10-23 20:38 . 2007-05-17 14:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-10-23 20:38 . 2004-02-22 07:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-10-23 20:38 . 2004-01-24 21:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-23 20:38 . 2004-01-24 21:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-10-23 20:38 . 2009-10-23 20:38 -------- d-----w- c:\program files\AviSynth 2.5
2009-10-23 05:22 . 2009-10-30 09:53 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Local Settings\Application Data\WinAVI
2009-10-23 05:13 . 2009-10-31 11:31 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\Any Video Converter
2009-10-23 05:13 . 2009-10-27 04:14 -------- d-----w- c:\program files\Any Video Converter
2009-10-23 01:31 . 2009-10-23 01:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\vsosdk
2009-10-21 16:57 . 2009-10-21 17:28 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\Xilisoft
2009-10-21 15:31 . 2009-10-21 15:31 -------- d-----w- c:\program files\Java
2009-10-20 21:12 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-10-20 20:10 . 2009-10-20 20:10 -------- d-sh--w- c:\documents and settings\LocalService.NT-HALLINTA.001\IETldCache
2009-10-20 20:03 . 2009-10-23 05:06 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\vlc
2009-10-19 11:28 . 2009-10-19 11:28 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Local Settings\Application Data\Ahead
2009-10-19 10:44 . 2009-10-19 10:44 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Local Settings\Application Data\LightScribe
2009-10-19 06:17 . 2009-10-19 06:17 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-10-19 06:17 . 2009-11-03 16:15 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\Spyware Terminator
2009-10-19 06:17 . 2009-11-03 16:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spyware Terminator
2009-10-19 06:17 . 2009-11-03 16:15 -------- d-----w- c:\program files\Spyware Terminator
2009-10-19 06:13 . 2009-10-19 06:13 -------- d-----w- c:\program files\MozBackup
2009-10-19 06:13 . 2009-10-19 06:13 -------- d-----w- c:\program files\Cobian Backup 9
2009-10-19 06:12 . 2009-10-19 06:12 -------- d-----w- c:\program files\MyDefrag v4.0
2009-10-19 06:11 . 2009-10-19 06:11 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\Malwarebytes
2009-10-19 06:11 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 06:11 . 2009-11-03 09:17 -------- d-----w- c:\program files\Malwarebytes
2009-10-19 06:11 . 2009-10-19 06:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-10-19 06:11 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 18:34 . 2009-10-18 18:36 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Local Settings\Application Data\Adobe
2009-10-18 17:12 . 2009-10-21 15:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-17 17:12 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-17 16:53 . 2009-10-17 16:53 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\WinPatrol
2009-10-17 16:53 . 2009-10-17 16:56 -------- d-----w- c:\program files\WinPatrol
2009-10-17 16:45 . 2009-10-17 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-17 16:12 . 2009-10-17 16:12 -------- d-sh--w- c:\documents and settings\NetworkService.NT-HALLINTA.001\IETldCache
2009-10-17 16:12 . 2009-10-17 16:12 -------- d-sh--w- c:\documents and settings\Ari Immonen.HILUX\IETldCache
2009-10-17 16:09 . 2009-08-29 07:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-17 16:09 . 2009-08-29 07:58 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-17 16:09 . 2009-08-29 07:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-17 16:09 . 2009-08-29 07:58 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-17 16:09 . 2009-08-29 07:58 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-17 16:09 . 2009-08-29 07:58 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-17 16:09 . 2009-10-17 18:14 -------- d-----w- c:\windows\ie8updates
2009-10-17 16:09 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-17 16:08 . 2009-10-17 16:09 -------- dc-h--w- c:\windows\ie8
2009-10-17 15:46 . 2004-09-14 13:06 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2009-10-17 02:17 . 2009-11-01 17:21 -------- d-----w- c:\program files\PS3 Media Server
2009-10-17 02:16 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-17 02:16 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-17 02:15 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-17 02:11 . 2009-10-17 02:11 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2009-10-17 02:11 . 2007-03-18 20:00 215040 ----a-w- c:\windows\system32\CNMLM8S.DLL
2009-10-17 02:08 . 2009-10-17 02:13 -------- d-----w- c:\program files\Canon
2009-10-17 01:27 . 2009-10-17 01:28 -------- d-----w- C:\Temp
2009-10-17 01:26 . 1998-07-21 21:00 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2009-10-17 01:26 . 1998-07-21 21:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2009-10-17 01:23 . 2004-07-09 05:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-10-17 01:23 . 2000-06-26 07:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-10-17 01:23 . 2004-07-26 13:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-10-17 01:23 . 2004-07-26 13:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-10-17 01:23 . 2004-07-26 13:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-10-17 01:23 . 2004-07-26 13:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-10-17 01:23 . 2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-10-17 01:22 . 2009-10-17 01:23 -------- d-----w- c:\program files\Ahead
2009-10-17 01:22 . 2004-10-01 12:00 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-10-17 01:00 . 2009-10-30 09:53 -------- d-----w- c:\program files\VLC
2009-10-17 00:57 . 2009-10-17 03:18 -------- d-----w- c:\program files\SubtitleWorkshop
2009-10-17 00:56 . 2009-10-17 00:56 -------- d-----w- c:\program files\PowerISO
2009-10-17 00:56 . 2009-10-17 00:56 -------- d-----w- c:\program files\ffdshow
2009-10-17 00:56 . 2006-10-02 10:44 5120 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-17 00:55 . 2009-11-02 07:10 -------- d-----w- c:\program files\BitComet
2009-10-17 00:29 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-10-17 00:29 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-10-17 00:29 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-10-17 00:27 . 2009-10-17 00:27 -------- d-----w- c:\program files\Realtek
2009-10-17 00:27 . 2009-03-02 08:14 57344 ----a-w- c:\windows\ALCMTR.EXE
2009-10-17 00:27 . 2008-08-05 17:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-10-17 00:27 . 2008-06-19 13:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2009-10-17 00:27 . 2009-08-18 14:16 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-17 00:12 . 2009-10-17 00:12 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-17 00:10 . 2008-12-25 23:08 453152 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-17 00:10 . 2008-12-23 18:58 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-16 23:42 . 2009-10-16 23:42 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 23:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-16 23:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-16 23:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-16 23:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-16 23:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-16 23:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-16 23:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-16 23:39 . 2009-10-16 23:39 -------- d-----w- c:\program files\MSXML 6.0
2009-10-16 23:09 . 2009-10-16 23:09 -------- d-sh--w- c:\documents and settings\Ari Immonen.HILUX\UserData
2009-10-16 23:06 . 2009-10-16 23:06 -------- d-----w- c:\program files\Unlocker
2009-10-16 23:06 . 2009-10-17 00:37 -------- d-----w- c:\program files\TagScanner
2009-10-16 23:05 . 2009-11-03 11:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-10-16 23:05 . 2009-10-17 00:30 -------- d-----w- c:\program files\Spybot
2009-10-16 22:56 . 2009-10-16 22:57 -------- d-----w- c:\program files\QuickTime
2009-10-16 22:56 . 2009-10-16 22:56 -------- d-----w- c:\program files\Apple Software Update
2009-10-16 22:56 . 2009-10-16 22:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-10-16 22:56 . 2009-10-16 22:56 -------- d-----w- c:\program files\QuickSFV
2009-10-16 22:53 . 2009-10-16 22:53 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-10-16 22:52 . 2009-10-16 22:52 -------- d-----w- c:\program files\mp3DirectCut
2009-10-16 22:51 . 2009-10-17 00:21 -------- d-----w- c:\program files\EVEREST
2009-10-16 22:51 . 2009-10-16 22:51 -------- d-----w- c:\program files\CUE Splitter
2009-10-16 22:50 . 2009-10-16 22:50 -------- d-----w- c:\program files\CloneDVD2
2009-10-16 22:48 . 2009-10-30 09:53 -------- d-----w- c:\program files\ACD Systems

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 22:57 . 2009-10-16 20:23 -------- d-----w- c:\program files\Avast4
2009-10-30 09:53 . 2009-10-16 22:39 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\Vso
2009-10-30 09:53 . 2007-09-10 19:33 -------- d-----w- c:\documents and settings\Impi\Application Data\Vso
2009-10-30 09:53 . 2007-05-02 14:31 -------- d-----w- c:\documents and settings\Ari Immonen\Application Data\Vso
2009-10-30 09:53 . 2006-12-14 18:03 -------- d-----w- c:\documents and settings\Omistaja\Application Data\Vso
2009-10-30 09:53 . 2009-10-17 01:00 -------- d-----w- c:\program files\VLC
2009-10-30 09:53 . 2009-10-16 22:39 -------- d-----w- c:\program files\ConvertX3
2009-10-29 18:00 . 2006-03-02 12:00 80308 ----a-w- c:\windows\system32\perfc00B.dat
2009-10-29 18:00 . 2006-03-02 12:00 406560 ----a-w- c:\windows\system32\perfh00B.dat
2009-10-29 17:59 . 2006-12-13 12:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 05:06 . 2009-10-20 20:03 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\vlc
2009-10-23 01:31 . 2009-10-23 01:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\vsosdk
2009-10-17 01:26 . 2006-12-13 13:09 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-17 01:05 . 2009-10-17 00:58 -------- d-----w- c:\documents and settings\Ari Immonen.HILUX\Application Data\Winamp
2009-10-17 00:59 . 2009-10-17 00:58 -------- d-----w- c:\program files\Winamp
2009-10-17 00:21 . 2009-10-16 22:51 -------- d-----w- c:\program files\EVEREST
2009-10-17 00:12 . 2007-03-05 13:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 00:05 . 2009-10-17 00:05 0 --sh--w- c:\windows\S127C10EB.tmp
2009-10-16 22:43 . 2009-10-16 22:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-16 22:39 . 2009-10-16 22:39 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-16 22:39 . 2009-10-16 22:39 47360 ----a-w- c:\documents and settings\Ari Immonen.HILUX\Application Data\pcouffin.sys
2009-10-16 22:39 . 2009-10-16 22:39 -------- d-----w- c:\program files\VSO
2009-10-16 22:21 . 2006-12-13 13:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-16 19:29 . 2009-10-16 19:29 21672 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-07 23:01 . 2008-07-15 14:08 -------- d-----w- c:\documents and settings\Impi\Application Data\OpenOffice.org2
2009-10-06 19:06 . 2007-09-10 17:52 25616 ----a-w- c:\documents and settings\Impi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-06 15:54 . 2009-10-17 00:28 5922816 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-10-06 13:34 . 2009-10-17 00:28 18750976 ----a-w- c:\windows\RTHDCPL.EXE
2009-10-03 15:07 . 2007-07-02 13:55 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 15:38 . 2009-10-17 00:28 352256 ----a-w- c:\windows\vncutil.exe
2009-09-27 13:48 . 2009-09-27 13:48 -------- d-----w- c:\program files\CCleaner
2009-09-21 13:47 . 2009-10-17 00:28 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-09-15 10:59 . 2009-10-16 20:23 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-10-16 20:23 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-10-16 20:23 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-10-16 20:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-16 20:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-10-16 20:23 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-10-16 20:23 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-10-16 20:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-10-16 20:23 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:18 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 16:56 . 2009-09-09 16:56 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2009-09-04 21:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:44 . 2009-10-27 11:13 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44 . 2009-10-27 11:13 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:44 . 2009-10-27 11:13 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:29 . 2009-10-27 11:13 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29 . 2009-10-27 11:13 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29 . 2009-10-27 11:13 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29 . 2009-10-27 11:13 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29 . 2009-10-27 11:13 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 07:58 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-10-16 19:30 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-10-16 19:30 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-10-16 19:30 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 11:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-10-16 19:30 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-10-16 19:30 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-10-16 19:30 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 17:23 . 2008-10-16 11:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-21 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-10-06 18750976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7607:TCP"= 7607:TCP:BitComet 7607 TCP
"7607:UDP"= 7607:UDP:BitComet 7607 UDP
"26165:TCP"= 26165:TCP:BitComet 26165 TCP
"26165:UDP"= 26165:UDP:BitComet 26165 UDP
"27574:TCP"= 27574:TCP:BitComet 27574 TCP
"27574:UDP"= 27574:UDP:BitComet 27574 UDP
"26606:TCP"= 26606:TCP:BitComet 26606 TCP
"26606:UDP"= 26606:UDP:BitComet 26606 UDP
"27464:TCP"= 27464:TCP:BitComet 27464 TCP
"27464:UDP"= 27464:UDP:BitComet 27464 UDP
"27468:TCP"= 27468:TCP:BitComet 27468 TCP
"27468:UDP"= 27468:UDP:BitComet 27468 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.10.2009 22:23 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.10.2009 8:17 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2009 22:23 20560]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.10.2009 2:27 1684736]

--- Muut muistissa olevat ajurit/palvelut ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
'Ajoitetut tehtävät'-kansion sisältö

2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 12:42]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
FF - ProfilePath - c:\documents and settings\Ari Immonen.HILUX\Application Data\Mozilla\Firefox\Profiles\cgioirb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOXIN KÄYTÄNNÖT ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 19:22
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"=""
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2009-11-03 19:24
ComboFix-quarantined-files.txt 2009-11-03 17:24

Ennen ajoa: 13 324 017 664 tavua vapaana
Ajon jälkeen: 13 343 019 008 tavua vapaana

WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:41, on 3.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared\a2service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255734618843
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4858 bytes

impi80 · Nov 4, 2009

Kiitoksia paljon ongelman ratkaisussa, kaikki toimii taas niin kuin pitääkin. Mikähän örkki siellä oli?

kalminen · Nov 4, 2009

Osa noista poistetuista tiedostoista kuuluu SmitFaudFix ohjelmaan !!!
(homma mennyt jotensakin pieleen joskus aiemmin)

Tämmöinen sulla on ainakin ollut keylogger/password stealing
se vain on jossain vaiheessa Fixattu piiloon logilta ???
Huomioi, että salasanojasi on voitu kähveltää !!!

Tämän hetkisen ongelman on todennäköisesti muodostanut jonkinlainen Rootkitt.

******************************************

Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK

*************************************************************

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

sekä sammuta ne.(fix Chekked) napista.

-----------------------------------------------------------------

Globally OpenPorts_List ???????????????????????????????????????????????

"7607:TCP"= 7607:TCP:BitComet 7607 TCP
"7607:UDP"= 7607:UDP:BitComet 7607 UDP
"26165:TCP"= 26165:TCP:BitComet 26165 TCP
"26165:UDP"= 26165:UDP:BitComet 26165 UDP
"27574:TCP"= 27574:TCP:BitComet 27574 TCP
"27574:UDP"= 27574:UDP:BitComet 27574 UDP
"26606:TCP"= 26606:TCP:BitComet 26606 TCP
"26606:UDP"= 26606:UDP:BitComet 26606 UDP
"27464:TCP"= 27464:TCP:BitComet 27464 TCP
"27464:UDP"= 27464:UDP:BitComet 27464 UDP
"27468:TCP"= 27468:TCP:BitComet 27468 TCP
"27468:UDP"= 27468:UDP:BitComet 27468 UDP

------------------------------------------------------------------------------

* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.
Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

* Asenna SpywareBlaster!
SpywareBlaster estää haittaohjelmien asentumista koneelle.
Lataus ja ohjeet: TÄÄLTÄ

.

impi80 · Nov 4, 2009

C:\WINDOWS\system32\drivers\etc kansiota ei löydy, C:\WINDOWS\system32 löytyy mutta ei driversia?!

Pystyykö millään ohjelmalla/muulla ottamaan selvää mitä salasanoja on ronkittu?

kalminen · Nov 4, 2009

Laita piilotiedostot näkyviin => OHJE

Sitten pudotat sen HOSTS tiedoston sinne.

.

Log in or Sign up

Generic host process for Win32 Services

impi80 Member

kalminen Regular member

impi80 Member

kalminen Regular member

impi80 Member

impi80 Member

kalminen Regular member

impi80 Member

kalminen Regular member

Share This Page

Log in or Sign up

Generic host process for Win32 Services

impi80 Member

kalminen Regular member

impi80 Member

kalminen Regular member

impi80 Member

impi80 Member

kalminen Regular member

impi80 Member

kalminen Regular member

Share This Page

Useful Searches