kone hidas mese viruksen jäljiltä

Discussion in 'Virukset ja haittaohjelmat' started by heinuri1, Jun 2, 2008.

Thread Status:
Not open for further replies.
  1. heinuri1

    heinuri1 Member

    Joined:
    Jun 2, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Eli sain jollain tavoin viruksen ehkä pois kun nyt netti toimii, jotenkin, mutta silti kone huomattavasti normaalia hitaampi. Ajoin compo fixillä koneen ja seuraavanlainen logi seurasi. Mitä näistä pitää poistaa?


    .

    C:\WINDOWS\BM2bd07b2b.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\cbjxvnej.ini
    C:\WINDOWS\system32\ddccyyvu.dll
    C:\WINDOWS\system32\dskyhwhr.dll
    C:\WINDOWS\system32\efcDVppp.dll
    C:\WINDOWS\system32\fccyxuUo.dll
    C:\WINDOWS\system32\ijuhypsj.ini
    C:\WINDOWS\system32\jkkKedcy.dll
    C:\WINDOWS\system32\jspyhuji.dll
    C:\WINDOWS\system32\kltdmyni.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\myfhrqfh.dll
    C:\WINDOWS\system32\opnLedeB.dll
    C:\WINDOWS\system32\opnmkhHA.dll
    C:\WINDOWS\system32\sAcKmnpo.ini
    C:\WINDOWS\system32\sAcKmnpo.ini2
    C:\WINDOWS\system32\tivxnemc.dll
    C:\WINDOWS\system32\usoiwsmx.ini
    C:\WINDOWS\system32\xgaeojph.dll
    C:\WINDOWS\system32\xmswiosu.dll
    C:\WINDOWS\winhelp.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
    .

    2008-06-02 20:27 . 2008-06-02 21:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-02 20:27 . 2008-06-02 21:19 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-02 19:12 . 2008-06-02 19:13 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-06-01 22:39 . 2008-06-01 22:39 <DIR> d-------- C:\Program Files\Trend Micro
    2008-06-01 21:31 . 2008-06-02 18:54 93,184 --------- C:\WINDOWS\is154890.exe
    2008-05-29 23:08 . 2008-05-29 23:08 86,340 --a------ C:\profile.com
    2008-05-29 22:03 . 2008-05-30 00:38 96,768 --------- C:\is15480.exe
    2008-05-29 20:18 . 2008-05-29 20:18 86,340 --a------ C:\img.com
    2008-05-29 17:03 . 2008-05-29 18:13 56,832 --a------ C:\fa.com
    2008-05-29 04:39 . 2008-05-29 04:39 40,960 --a------ C:\d.MSNFix
    2008-05-28 23:47 . 2008-05-28 23:47 214,528 --a------ C:\vundoFIX.exe
    2008-05-28 20:10 . 2008-05-28 20:10 56,832 --a------ C:\sxy1.com
    2008-05-28 15:49 . 2008-05-28 15:49 3,770 --a------ C:\WINDOWS\system32\ybmurgor.dll
    2008-05-28 01:38 . 2008-06-02 18:00 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
    2008-05-28 01:08 . 2008-05-28 01:08 370,688 --a------ C:\WINDOWS\system32\opnmKcAs.dll
    2008-05-28 01:03 . 2008-05-29 21:35 96,768 --------- C:\is154890.exe
    2008-05-28 00:33 . 1999-11-10 11:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
    2008-05-28 00:33 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2008-05-28 00:32 . 2008-05-28 00:33 <DIR> d-------- C:\WINDOWS\system32\QuickTime
    2008-05-28 00:32 . 2008-05-28 01:33 <DIR> d-------- C:\Program Files\QuickTime
    2008-05-28 00:32 . 2008-05-28 01:31 <DIR> d-------- C:\Program Files\Longman iBT
    2008-05-28 00:32 . 2008-05-28 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-05-27 22:53 . 2008-05-28 06:30 56,832 --a------ C:\sexy.com
    2008-05-27 19:30 . 2008-05-27 19:30 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
    2008-05-25 16:58 . 2008-05-25 16:58 1,409 --a------ C:\WINDOWS\system32\tmpE1A59.FOT
    2008-05-25 16:58 . 2008-05-25 16:58 1,409 --a------ C:\WINDOWS\system32\tmpC6A59.FOT
    2008-05-25 16:58 . 2008-05-25 16:58 1,409 --a------ C:\WINDOWS\system32\tmpAAA59.FOT
    2008-05-22 20:53 . 2008-05-28 01:08 <DIR> d-------- C:\Program Files\PowerISO
    2008-05-22 05:37 . 2008-05-22 21:14 <DIR> d-------- C:\Program Files\AskTBar
    2008-05-21 22:50 . 2008-05-21 22:51 <DIR> d-------- C:\Program Files\MagicDisc
    2008-05-21 22:50 . 2008-02-18 17:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
    2008-05-21 17:06 . 2008-05-21 17:06 50 --a------ C:\WINDOWS\cdplayer.ini
    2008-05-21 17:04 . 2006-05-31 20:26 7 --------- C:\M-HTOEFL.MS
    2008-05-21 06:37 . 2008-05-23 05:24 <DIR> d-------- C:\Program Files\ETS TOEFL Guide
    2008-05-21 06:23 . 2008-05-21 06:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
    2008-05-21 06:20 . 2008-05-21 06:20 <DIR> d-------- C:\Documents and Settings\Antti Karppinen\Application Data\DAEMON Tools
    2008-05-21 06:20 . 2008-05-21 06:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-05-20 23:42 . 2008-05-20 23:42 <DIR> d-------- C:\Program Files\MagicISO
    2008-05-09 21:57 . 2008-05-13 12:02 <DIR> d-------- C:\Program Files\Kap.TOEFL

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-02 15:12 --------- d-----w C:\Program Files\Windows Live
    2008-06-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\NPF
    2008-05-28 20:47 214,528 ----a-w C:\vundoFIX.exe
    2008-05-27 22:40 --------- d-----w C:\Documents and Settings\Antti Karppinen\Application Data\uTorrent
    2008-05-22 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-22 16:49 --------- d-----w C:\Program Files\Ahead
    2008-05-21 18:14 --------- d-----w C:\Program Files\uTorrent
    2008-04-22 19:03 --------- d-----w C:\Documents and Settings\Antti Karppinen\Application Data\dvdcss
    2008-04-11 07:41 --------- d-----w C:\Program Files\Java
    2008-04-04 07:26 --------- d-----w C:\Program Files\YouTube Downloader
    2007-02-18 17:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B19287C4-F9BB-41F0-B144-5E8E6D41FEF4}]
    2008-05-28 01:08 370688 --a------ C:\WINDOWS\system32\opnmKcAs.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-05 17:46 68856]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
    "ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
    "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
    "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
    "EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 06:00 98304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 21:29 35328]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-04 21:35 1838592]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
    "Windows UDP Control"="winudspm.exe" [2008-05-27 19:30 56832 C:\WINDOWS\winudspm.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-28 00:33 77824]
    "psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15:00 15360]

    C:\Documents and Settings\Antti Karppinen\Start Menu\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-05-21 22:50:17 546816]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-19 23:27:41 438272]
    NPF Messenger.lnk - C:\Program Files\Norman\NPF\NPFMSG.EXE [2007-02-16 21:43:23 290865]
    Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 23:24:38 1134592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
    C:\Program Files\AdVantage\AdVantage.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-03-19 14:04 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9048:TCP"= 9048:TCP:BitComet 9048 TCP
    "9048:UDP"= 9048:UDP:BitComet 9048 UDP

    R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 11:18]
    R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 17:00]
    R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 18:01]
    R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 16:22]
    R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 23:01]
    R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 00:38]
    R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
    R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
    R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
    S2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service []
    S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
    S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]
    S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]
    S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-02 21:22:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Norman\npm\bin\elogsvc.exe
    C:\Norman\npm\bin\Zanda.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\AstSrv.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Norman\NVC\Bin\Nip.exe
    C:\Program Files\Norman\NPF\npfsvice.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Norman\npm\bin\Njeeves.exe
    C:\Norman\NVC\Bin\CClaw.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\system32\taskmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-02 21:42:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-02 18:42:08

    Pre-Run: 26,396,282,880 bytes free
    Post-Run: 27,194,957,824 bytes free

    206 --- E O F --- 2008-05-27 18:35:21
     
    heinuri1, Jun 2, 2008
    #1
Thread Status:
Not open for further replies.

Share This Page