Logi tarkistettavaksi

Martsap · Apr 8, 2007

Elikkäs kone hidastelee, ohjelmat kaatuilee ja hermoja kiristää.
Ja tässä logi:

Logfile of HijackThis v1.99.1
Scan saved at 15:31:33, on 8.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Markku P\Ohjelmat\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: MSN Search -työkalurivi Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1114088365158
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.virustorjunta.net/modules/Online_Scanner/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Auttaja · Apr 8, 2007

Kyllähän siel yks troijalainen pyörii

**********

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

**********

* Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

Martsap · Apr 8, 2007

ComboFix loki:

"Pihlajaviita" - 07-04-08 17:17:09 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Pihlajaviita\Ty”p”yt„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\{38836~1
C:\Program Files\Common Files\{E8836~1

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_MCHINJDRV

((((((((((((((((((((((((((((((( Files Created from 2007-03-08 to 2007-04-08 ))))))))))))))))))))))))))))))))))

2007-03-31 00:39 <KANSIO> d-------- C:\DOCUME~1\PIHLAJ~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-03-31 00:28 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2007-03-31 00:28 <KANSIO> dr-h----- C:\DOCUME~1\PIHLAJ~1\APPLIC~1\SecuROM
2007-03-31 00:27 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-03-29 18:20 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\K„ynnist„-valikko
2007-03-28 12:32 95,288 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys
2007-03-26 14:47 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-16 17:37 47,251 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-03-16 17:34 2,165 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-03-16 17:34 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2007-03-15 22:58 <KANSIO> d-------- C:\Program Files\themexp
2007-03-14 22:47 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2007-03-14 22:46 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-12 20:24 <KANSIO> d-------- C:\DOCUME~1\PIHLAJ~1\APPLIC~1\Xfire
2007-03-08 20:04 <KANSIO> d-------- C:\Lataukset 2
2007-03-08 09:26 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-08 15:07 5 --a------ C:\NPF_USER.DAT
2007-04-08 15:04 -------- d-------- C:\Program Files\creative
2007-03-27 18:30 -------- d-------- C:\DOCUME~1\PIHLAJ~1\APPLIC~1\utorrent
2007-03-25 08:55 84312 --a------ C:\WINDOWS\system32\perfc00b.dat
2007-03-25 08:55 395308 --a------ C:\WINDOWS\system32\perfh00b.dat
2007-03-24 04:03 -------- d-------- C:\DOCUME~1\PIHLAJ~1\APPLIC~1\hamachi
2007-03-19 16:36 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll
2007-03-19 16:36 17212 --a----t- C:\WINDOWS\system32\sintf32.dll
2007-03-19 16:36 12067 --a----t- C:\WINDOWS\system32\sintf16.dll
2007-03-16 17:37 219136 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-03-14 22:45 -------- d-------- C:\Program Files\windows media connect
2007-03-08 18:50 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 18:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 18:50 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 18:45 1844224 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 20:54 -------- d-------- C:\DOCUME~1\PIHLAJ~1\APPLIC~1\humanbalance
2007-03-06 08:31 -------- d-------- C:\Program Files\java
2007-03-03 21:48 -------- d-------- C:\DOCUME~1\PIHLAJ~1\APPLIC~1\command & conquer 3 tiberium wars demo
2007-02-27 16:42 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-02-27 16:42 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-02-27 16:38 -------- d--h----- C:\Program Files\installshield installation information
2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"I/O Controllers"="svcnet.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"Norman ZANDA"="C:\\Norman\\Npm\\bin\\ZLH.EXE /LOAD /SPLASH"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone -pikakäynnistys.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\HP Image Zone -pikakäynnistys.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone -pikakäynnistys.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone -pikakäynnistys"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pihlajaviita^Käynnistä-valikko^Ohjelmat^Käynnistys^Rainlendar.lnk]
"path"="C:\\Documents and Settings\\Pihlajaviita\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Rainlendar.lnk"
"backup"="C:\\WINDOWS\\pss\\Rainlendar.lnkStartup"
"location"="Startup"
"command"="C:\\MARKKU~1\\Ohjelmat\\RAINLE~1\\RAINLE~2.EXE "
"item"="Rainlendar"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PMC"
"hkey"="HKLM"
"command"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe -host -clearDebug"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9643a65e-9fa9-11da-873b-001217a0140e}]
Shell\AutoRun\command N:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "TrueCrypt.exe"
Shell\dismount\command N:\TrueCrypt\TrueCrypt.exe /q /d
Shell\mount\command N:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "TrueCrypt.exe"
Shell\open\command N:\TrueCrypt\TrueCrypt.exe /e /m rm /v "TrueCrypt.exe"
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-08 17:21:01
C:\ComboFix-quarantined-files.txt ... 07-04-08 17:21

Martsap · Apr 8, 2007

DrWeb:

elogsvc.exe;c:\norman\npm\bin;Probably BACKDOOR.Trojan;Incurable.Will be moved after reboot.;
zanda.exe;c:\norman\npm\bin;Probably BACKDOOR.Trojan;Incurable.Will be moved after reboot.;

Auttaja · Apr 8, 2007

Lataa eScan ja päivitä se aja se sen jälkeen ohjeet ja lataus: http://koti.mbnet.fi/pattaya1/escanmwav.htm Laita se viruslogi tänne.

Merkkaa tämä rivi ja paina fix checked O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe

Hae haku toiminnolla tuota tiedostoa ja poista!

Martsap · Apr 8, 2007

eScan:

File C:\Documents and Settings\Pihlajaviita\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\Documents and Settings\Pihlajaviita\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\Markku P\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.

File C:\Markku P\mIRC\mirc617.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.

*****

"O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe " Ei enää löytynyt

*****

Kiitos

Auttaja · Apr 8, 2007

Sitten login mukaan homma hoidossa

Log in or Sign up

Logi tarkistettavaksi

Martsap Member

Auttaja Guest

Martsap Member

Martsap Member

Auttaja Guest

Martsap Member

Auttaja Guest

Share This Page

Log in or Sign up

Logi tarkistettavaksi

Martsap Member

Auttaja Guest

Martsap Member

Martsap Member

Auttaja Guest

Martsap Member

Auttaja Guest

Share This Page

Useful Searches