Elikkä eilen selasin jotain sivua missä piti olla koodeja peleihin. Sitte latasin semmosen tiedoston missä piti olla kaikkien pelien kaikki koodit yhtenä tekstitiedostona. Sen jälkeen ku olin ladannu sen nii joka viides sekuntti avast pistää tämmösen ilmotuksen: Vaikka tos lukee että hyökkäys torjuttu niin kone on kyllä silti menny ihan sekasin. pelit ei toimi ollenkaa ku ne alkaa pätkiä ja välillä ad-aware ilmottaa epäilyttävistä prosesseista. kone ei sammu ku painan käynnistä valikosta sammuta vaan mun pitää väkisin se sammuttaa. Eilen skannasin jo koneesta viruksia mutta ei kyllä auttanu pahemmin.. Osaisittekos auttaa tän kans? niin joo ja kun katon task managerista nii se näyttää että suoritin käyttää kokoaja 80-100% tehoistansa
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:12:32, on 7.9.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE E:\Winamp\winampa.exe C:\WINDOWS\System32\comrepl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\drivers\downld\10367156.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.41.3.55:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Safe surf - {A8485774-8230-4D88-B00F-4A04A3E4FC1C} - C:\WINDOWS\system32\roisafe.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [UVS11 Preload] E:\ulead video studio\uvPL.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\radis\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ComRepl] C:\WINDOWS\System32\comrepl.exe /com /w O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-21-1454471165-484061587-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'noora ja jassu') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: ole2nls32 - C:\WINDOWS\SYSTEM32\ole2nls32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c909d520904b82) (gupdate1c909d520904b82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7913 bytes
Palomuuri koneelle esim. Zonealarm Free 1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä: Combofix.exe Combofix.exe Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti * Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista. * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
ComboFix 08-09-05.03 - rampo 2008-09-07 16:43:32.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.643 [GMT 3:00] Running from: C:\Documents and Settings\rampo\Työpöytä\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\rampo\LOCALS~1\Temp\tmp1.tmp C:\DOCUME~1\rampo\LOCALS~1\Temp\tmp2.tmp C:\WINDOWS\system32\dao350.dll C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\10347218.exe C:\WINDOWS\system32\drivers\downld\10349187.exe C:\WINDOWS\system32\drivers\downld\10367156.exe C:\WINDOWS\system32\drivers\downld\10377078.exe C:\WINDOWS\system32\drivers\downld\10627921.exe C:\WINDOWS\system32\drivers\downld\10632484.exe C:\WINDOWS\system32\drivers\downld\10694000.exe C:\WINDOWS\system32\drivers\downld\10708437.exe C:\WINDOWS\system32\drivers\downld\10730765.exe C:\WINDOWS\system32\drivers\downld\10741687.exe C:\WINDOWS\system32\drivers\downld\183312.exe C:\WINDOWS\system32\drivers\downld\185546.exe C:\WINDOWS\system32\drivers\downld\202000.exe C:\WINDOWS\system32\drivers\downld\212078.exe C:\WINDOWS\system32\drivers\downld\258453.exe C:\WINDOWS\system32\drivers\downld\263406.exe C:\WINDOWS\system32\drivers\downld\300109.exe C:\WINDOWS\system32\drivers\downld\311109.exe C:\WINDOWS\system32\drivers\downld\332125.exe C:\WINDOWS\system32\drivers\downld\347015.exe C:\WINDOWS\system32\drivers\hldrrr.exe . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-07 to 2008-09-07 ))))))))))))))))) . 2008-09-07 13:12 . 2008-09-07 13:12 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-09-06 23:48 . 2008-09-06 23:48 25,088 --a------ C:\WINDOWS\system32\syssafe.dll 2008-09-06 23:48 . 2008-09-06 23:48 25,088 --a------ C:\WINDOWS\system32\roisafe.dll 2008-09-06 23:41 . 2008-09-06 23:41 <KANSIO> d-------- C:\Program Files\Data Doctor Recovery Digital Camera (Demo) 2008-08-29 15:45 . 2008-08-29 15:48 <KANSIO> d-------- C:\Program Files\Google 2008-08-22 22:32 . 2008-08-22 22:32 <KANSIO> d-------- C:\Program Files\HTTP-Tunnel 2008-08-22 21:59 . 2008-08-22 21:59 <KANSIO> d-------- C:\Program Files\KLC 2008-08-22 21:59 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX 2008-08-22 21:59 . 1999-12-07 07:00 61,491 --a------ C:\WINDOWS\system32\wbemdisp.TLB 2008-08-22 15:20 . 2008-08-22 15:20 <KANSIO> d-------- C:\Program Files\ScreenMates 2008-08-19 22:17 . 2008-08-21 21:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-08-19 22:06 . 2008-08-19 22:06 <KANSIO> d-------- C:\Program Files\Messenger Plus! Live 2008-08-19 16:44 . 2008-08-19 16:44 <KANSIO> d-------- C:\Program Files\Technitium 2008-08-19 16:37 . 2008-08-19 16:38 <KANSIO> d-------- C:\WINDOWS\vf_hip 2008-08-19 16:37 . 2008-08-19 16:37 <KANSIO> d-------- C:\Program Files\Hide IP Platinum 2008-08-18 17:49 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-08-18 17:49 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2008-08-18 15:29 . 2008-08-18 15:29 65,536 --a------ C:\WINDOWS\system32\comrepl.exe 2008-08-17 22:05 . 2008-08-17 22:05 <KANSIO> d-------- C:\Documents and Settings\noora ja jassu\Application Data\DivX 2008-08-17 17:50 . 2008-08-17 17:51 <KANSIO> d-------- C:\Program Files\Animated GIF Banner Maker 2008-08-17 17:50 . 2002-08-19 10:25 373,760 --a------ C:\WINDOWS\system32\xwpdlx20.ocx 2008-08-17 17:50 . 2003-05-02 15:20 194,048 --a------ C:\WINDOWS\system32\PlayGif.ocx 2008-08-17 17:35 . 2008-08-17 17:36 <KANSIO> d-------- C:\Program Files\QuickTime 2008-08-17 17:35 . 2008-08-17 17:35 <KANSIO> d-------- C:\Program Files\Apple Software Update 2008-08-17 17:35 . 2008-08-17 17:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-17 17:35 . 2008-08-17 17:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-08-17 17:25 . 2008-08-17 17:25 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles 2008-08-17 17:25 . 2008-08-17 17:26 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-08-17 17:19 . 2008-08-17 17:19 <KANSIO> d-------- C:\Program Files\WMV9_VCM 2008-08-17 17:19 . 2008-08-17 17:19 <KANSIO> d-------- C:\Program Files\River Past 2008-08-17 17:19 . 2008-08-17 17:19 <KANSIO> d-------- C:\Program Files\Common Files\River Past 2008-08-17 17:19 . 2008-08-17 17:19 166,021 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe 2008-08-17 17:06 . 2008-08-17 17:09 <KANSIO> d-------- C:\Documents and Settings\rampo\Application Data\DivX 2008-08-17 17:06 . 2008-08-17 17:06 407,198 --a------ C:\output.avi 2008-08-17 17:04 . 2008-08-17 17:05 <KANSIO> d-------- C:\Program Files\DivX 2008-08-17 17:04 . 2008-07-23 19:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-08-17 17:04 . 2008-07-23 19:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-08-17 16:53 . 2008-08-17 16:54 <KANSIO> d-------- C:\Program Files\vgif 2008-08-17 16:49 . 2008-08-17 16:49 <KANSIO> d-------- C:\Program Files\WMVTOAVI 2008-08-17 16:24 . 2008-08-17 16:24 <KANSIO> d-------- C:\Temp 2008-08-17 16:20 . 2008-08-17 17:19 <KANSIO> d-------- C:\Documents and Settings\rampo\Application Data\River Past G5 2008-08-17 16:14 . 2008-08-17 17:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5 2008-08-17 16:14 . 2008-08-17 16:14 163,032 --a------ C:\WINDOWS\Animated GIF Converter and Booster Pack Uninstaller.exe.bak 2008-08-17 13:27 . 2008-08-17 13:27 274,637 --a------ C:\WINDOWS\Fast Video to GIF SWF Converter Uninstaller.exe.bak 2008-08-17 00:04 . 2008-08-17 00:04 <KANSIO> d-------- C:\Documents and Settings\rampo\Application Data\Bitsoft 2008-08-14 17:01 . 2008-08-14 17:01 <KANSIO> d-------- C:\Documents and Settings\rampo\Application Data\Anonymizer 2008-08-14 17:00 . 2008-08-14 17:00 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer 2008-08-13 13:47 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 13:43 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-12 16:18 . 2008-08-12 16:28 <KANSIO> d-------- C:\Program Files\OpenDNS Updater 2008-08-07 23:10 . 2008-08-07 23:10 <KANSIO> d-------- C:\Program Files\Teamspeak2_RC2 2008-08-07 23:10 . 2008-08-07 23:10 <KANSIO> d-------- C:\Documents and Settings\rampo\Application Data\teamspeak2 2008-08-07 23:10 . 2008-08-07 23:10 34,064 --a------ C:\WINDOWS\system32\lhacm.acm . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 23:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-08-17 18:07 --------- d-----w C:\Documents and Settings\noora ja jassu\Application Data\ShoppingReport 2008-07-31 18:28 --------- d-----w C:\Program Files\Java 2008-07-31 08:02 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-31 08:02 --------- d-----w C:\Program Files\Bonjour 2008-07-31 07:48 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-08 21:13 --------- d-----w C:\Documents and Settings\rampo\Application Data\SystemRequirementsLab 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 14:28 --------- d-----w C:\Program Files\DC++ 2008-07-02 16:16 23 ----a-w C:\Documents and Settings\rampo\jagex_runescape_preferences.dat 2008-06-28 00:00 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-06-28 00:00 249,856 ------w C:\WINDOWS\Setup1.exe 2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-30 14:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008053020080531\index.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}] 2008-08-31 13:35 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8485774-8230-4D88-B00F-4A04A3E4FC1C}] 2008-09-06 23:48 25088 --a------ C:\WINDOWS\system32\roisafe.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2006-09-16 831496] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinampAgent"="E:\Winamp\winampa.exe" [2008-04-01 36352] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "UVS11 Preload"="E:\ulead video studio\uvPL.exe" [2007-07-23 341232] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "ComRepl"="C:\WINDOWS\System32\comrepl.exe" [2008-08-18 65536] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 C:\WINDOWS\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ole2nls32] 2004-08-17 20:19 13312 C:\WINDOWS\system32\ole2nls32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo8"= STV680tg.dll "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "E:\\eMule\\emule.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "E:\\MotoGP URT 3\\motogp1.exe"= "E:\\BitLord\\BitLord.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Documents and Settings\\noora ja jassu\\Työpöytä\\DC++\\DCPlusPlus.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "C:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3461:TCP"= 3461:TCP:messenger "8678:TCP"= 8678:TCP:messenger "5171:TCP"= 5171:TCP:messenger R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848] S2 gupdate1c909d520904b82;Google Update Service (gupdate1c909d520904b82);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\radis\x86\RaInfo.sys [ ] S3 S3chipid;S3chipid;C:\DOCUME~1\rampo\LOCALS~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b03c5d0c-6ed9-11dd-8225-00131d3a79ea}] \Shell\AutoRun\command - F:\Autorun.exe /run \Shell\Shell00\Command - F:\Autorun.exe /run \Shell\Shell01\Command - F:\Autorun.exe /action \Shell\Shell02\Command - F:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88f5e02-7c43-11dd-8259-00075b392020}] \Shell\AutoRun\command - F:\nideiect.com \Shell\explore\Command - F:\nideiect.com \Shell\open\Command - F:\nideiect.com *Newly Created Service* - PROCEXP90 . 'Ajoitetut tehtävät'-kansion sisältö . - - - - ORPHANS REMOVED - - - - HKLM-Run-LogMeIn GUI - C:\radis\x86\LogMeInSystray.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\rampo\Application Data\Mozilla\Firefox\Profiles\2qcne0w1.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://uif.highveldgaming.com/index.php?action=unread FF -: plugin - C:\Program Files\Google\Lively\nplively.dll FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 16:47:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\TEMP\E4329C46.dll . Completion time: 2008-09-07 17:01:07 ComboFix-quarantined-files.txt 2008-09-07 14:01:00 Pre-Run: 60,290,789,376 tavua vapaana Post-Run: 62,114,631,680 tavua vapaana 234 --- E O F --- 2008-08-18 21:53:51 --------------------------------------------------------------------- ei ollu mitää tyhjättävää roskakoris mutta käynnistin kuitenki koneen uusiks --------------------------------------------------------------------- sitte hjt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:12:19, on 7.9.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe E:\Winamp\winampa.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\comrepl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.41.3.55:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Safe surf - {A8485774-8230-4D88-B00F-4A04A3E4FC1C} - C:\WINDOWS\system32\roisafe.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [UVS11 Preload] E:\ulead video studio\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ComRepl] C:\WINDOWS\System32\comrepl.exe /com /w O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: ole2nls32 - C:\WINDOWS\SYSTEM32\ole2nls32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c909d520904b82) (gupdate1c909d520904b82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7493 bytes
Malwarebytes' Anti-Malware 1.26 Tietokantaversio: 1122 Windows 5.1.2600 Service Pack 3 7.9.2008 18:56:36 mbam-log-2008-09-07 (18-56-36).txt Tarkistustyyppi: Täysi tarkistus (C:\|E:\|) Tarkistetut kohteet: 127513 Kulunut aika: 1 hour(s), 32 minute(s), 11 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 1 Saastuneita rekisteriavaimia: 6 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 2 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: C:\WINDOWS\system32\roisafe.dll (Trojan.FakeAlert) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_CLASSES_ROOT\123 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a8485774-8230-4d88-b00f-4a04a3e4fc1c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8485774-8230-4d88-b00f-4a04a3e4fc1c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolie.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d63fa6e-b209-4fe1-b457-2a85252f0eaf} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d1b08e8b-bb9c-4c08-83f9-3219878e58a3} (Trojan.BHO) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\roisafe.dll (Trojan.FakeAlert) -> Delete on reboot. C:\System Volume Information\_restore{83FEF246-A438-435D-88B4-024FDC18ACC4}\RP110\A0046351.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:02:27, on 7.9.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe E:\Winamp\winampa.exe C:\WINDOWS\System32\comrepl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.41.3.55:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [UVS11 Preload] E:\ulead video studio\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ComRepl] C:\WINDOWS\System32\comrepl.exe /com /w O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: ole2nls32 - C:\WINDOWS\SYSTEM32\ole2nls32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c909d520904b82) (gupdate1c909d520904b82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7511 bytes Oke eli enään avast ei pistä niitä ilmotuksia. kiitos ku autoitte Sitte vielä semmonen kysymys että voiko joku virus aiheuttaa semmosta ku mun näppikses on lakannu toimimasta justii silloin ku se viruski tuli niin oikee nuolinäppäin.. Vai onko se vaan sattumalta hajonnu justii samaan aikaan? ei reagoi ollenkaa ku painaa sitä nappii
