Koneella tuntuu olevan sitkeä mundo, mikä ei tunnu poistuvan sitten millään. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:13:55, on 4.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe H:\programs\iso\PowerISO\PWRISOVM.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe D:\games\steam1\steam.exe C:\Documents and Settings\Matias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe D:\Programs\mIRC\mirc.exe D:\Programs\ventti\Ventrilo 2.1.4.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AD26AFEC-08CA-4CAB-A8EE-2CABC1EFDCD1} - C:\WINDOWS\system32\xxywVoOI.dll (file missing) O2 - BHO: {5bca6f34-0e10-1f8b-26f4-329d31ce06dc} - {cd60ec13-d923-4f62-b8f1-01e043f6acb5} - C:\WINDOWS\system32\xomnhs.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\programs\iso\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "d:\games\steam1\steam.exe" -silent O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - AppInit_DLLs: xomnhs.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - D:\Programs\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 9267 bytes
Javan päivitys ja välimuistin tyhjennys: Lataa JavaRa ja pura se työpöydällesi. ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!*** * Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma. * Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select. * Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi. * Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK. * Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi. 4. Asenna uusin Java päivitys seuraavasta linkistä.. http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 11 Paina Download Laita Platform -kohtaan Windows Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe Tallenna tiedosto vaikka työpöydälle ja asenna se. 5. Käynnistä kone uudelleen asennuksen jälkeen. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja: * Applications and Applets * Trace and Log Files Ja paina OK -nappia Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA. 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically Valitse Never check 11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi. ================== Jos koneella on Malwarebytes' Anti-Malware ennestään suorita ensin päivitys aja sen jälkeen. Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi =============== 1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Malwarebytes' Anti-Malware 1.30 Tietokantaversio: 1454 Windows 5.1.2600 Service Pack 2 5.12.2008 11:49:07 mbam-log-2008-12-05 (11-49-07).txt Tarkistustyyppi: Täysi tarkistus (C:\|H:\|) Tarkistetut kohteet: 184218 Kulunut aika: 48 minute(s), 35 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 0 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 6 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\Qoobox\Quarantine\C\WINDOWS\system32\ctqivocb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\xomnhs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5EE826BF-413C-412F-8506-0078A5E2A66A}\RP428\A0088501.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5EE826BF-413C-412F-8506-0078A5E2A66A}\RP429\A0088530.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5EE826BF-413C-412F-8506-0078A5E2A66A}\RP429\A0088532.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vittusaatana (Trojan.Vundo) -> Quarantined and deleted successfully.
ComboFix 08-12-04.04 - Matias 2008-12-05 12:18:07.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.719 [GMT 2:00] Sijainti: d:\aaa\ComboFix.exe * Uusi palautuspiste luotu . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-05 to 2008-12-05 ))))))))))))))))) . 2008-12-04 23:56 . 2008-12-04 23:56 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-04 13:13 . 2008-12-04 13:13 <KANSIO> d-------- c:\program files\Trend Micro 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Verkkoympäristö 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Verkkoympäristö 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Työpöytä 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Työpöytä 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Tulostinympäristö 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Tulostinympäristö 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Suosikit 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Suosikit 2008-12-04 12:23 . 2007-09-13 20:13 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Mallit 2008-12-04 12:23 . 2007-09-13 20:13 <KANSIO> d--h----- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Mallit 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> dr------- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Käynnistä-valikko 2008-12-04 12:23 . 2007-09-13 23:07 <KANSIO> dr------- c:\documents and settings\Järjestelmänvalvoja.TYKKI\Käynnistä-valikko 2008-12-04 12:23 . 2008-12-04 12:23 <KANSIO> d-------- c:\documents and settings\Järjestelmänvalvoja.TYKKI 2008-12-03 22:01 . 2008-12-03 22:01 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-03 22:01 . 2008-12-03 22:01 <KANSIO> d-------- c:\documents and settings\Matias\Application Data\Malwarebytes 2008-12-03 22:01 . 2008-12-03 22:01 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-03 22:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 22:01 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-26 19:40 . 2008-11-26 19:43 <KANSIO> d-------- c:\program files\Garena 2008-11-26 19:40 . 2008-11-26 19:40 <KANSIO> d-------- c:\documents and settings\Matias\Application Data\InstallShield 2008-11-23 18:32 . 2008-11-23 18:35 <KANSIO> d-------- c:\windows\lastCall 2008-11-20 22:44 . 2008-11-20 22:44 42,320 --a------ c:\windows\system32\xfcodec.dll 2008-11-12 13:37 . 2008-11-12 13:37 <KANSIO> d-------- c:\program files\foobar2000 2008-11-12 13:37 . 2008-11-12 13:38 <KANSIO> d-------- c:\documents and settings\Matias\Application Data\foobar2000 2008-11-11 23:27 . 2008-11-11 23:27 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Fallout3 2008-11-11 23:27 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll 2008-11-11 23:27 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll 2008-11-11 23:27 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll 2008-11-11 23:27 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll 2008-11-11 23:25 . 2008-11-11 23:25 <KANSIO> d-------- c:\windows\system32\xlive 2008-11-09 00:33 . 2008-12-04 12:39 335 --a------ c:\windows\wininit.ini 2008-11-08 23:38 . 2008-11-08 23:45 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-08 23:35 . 2008-11-08 23:35 <KANSIO> d-------- c:\program files\Spybot - Search & Destroy 2008-11-08 23:35 . 2008-12-03 00:55 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-08 23:34 . 2008-11-08 23:34 <KANSIO> d-------- c:\program files\CCleaner 2008-11-08 23:33 . 2008-11-08 23:33 <KANSIO> d-------- c:\program files\ToniArts 2008-11-08 15:35 . 2008-11-08 15:35 <KANSIO> d-------- C:\ConvertTemp 2008-11-07 20:02 . 2008-11-07 20:02 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus! 2008-11-07 16:32 . 2008-11-07 16:32 <KANSIO> d-------- c:\program files\Messenger Plus! Live 2008-11-07 16:31 . 2005-12-23 15:00 32,768 --a------ c:\windows\system32\LogLCD.dll 2008-11-07 16:31 . 2005-12-23 15:00 1,746 --a------ c:\windows\system32\LogLCD.lib 2008-11-07 16:30 . 2008-11-07 16:30 <KANSIO> d-------- c:\windows\system32\DLL 2008-11-06 12:58 . 2008-11-06 13:08 <KANSIO> d-------- c:\documents and settings\Matias\Application Data\Red Alert 3 2008-11-06 12:47 . 2008-11-06 12:47 <KANSIO> d-------- c:\windows\Logs 2008-11-06 12:47 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll 2008-11-06 12:47 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll 2008-11-06 12:47 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll 2008-11-05 21:30 . 2008-11-05 21:37 <KANSIO> d-------- c:\program files\Common Files\3DO Shared 2008-11-05 21:30 . 2008-11-05 21:30 <KANSIO> d-------- c:\program files\3DO 2008-11-05 21:29 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-11-05 16:50 . 2008-11-05 16:50 <KANSIO> d-------- c:\program files\Hamachi . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-04 23:41 --------- d-----w c:\program files\Java 2008-12-04 21:51 --------- d-----w c:\documents and settings\Matias\Application Data\OpenOffice.org2 2008-12-03 14:27 --------- d-----w c:\documents and settings\Matias\Application Data\Xfire 2008-12-03 10:56 --------- d-----w c:\documents and settings\Matias\Application Data\uTorrent 2008-12-02 22:31 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-01 17:01 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-11-26 17:47 136,888 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-26 17:47 111,928 ----a-w c:\windows\system32\PnkBstrB.exe 2008-11-24 23:57 --------- d-----w c:\program files\Winamp 2008-11-22 18:55 --------- d-----w c:\documents and settings\muut\Application Data\OpenOffice.org2 2008-11-08 22:33 --------- d-----w c:\program files\Everest Poker 2008-11-08 21:38 --------- d-----w c:\program files\Lavasoft 2008-11-08 21:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-08 21:37 --------- d-----w c:\documents and settings\Matias\Application Data\Hamachi 2008-11-05 14:50 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2008-11-03 19:51 --------- d-----w c:\documents and settings\Matias\Application Data\SPORE 2008-10-30 17:53 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-10-30 17:53 --------- d-----w c:\program files\Adobe Media Player 2008-10-29 09:50 --------- d-----w c:\program files\Apple Software Update 2008-10-29 09:49 --------- d-----w c:\program files\iTunes 2008-10-29 09:49 --------- d-----w c:\program files\iPod 2008-10-29 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-29 09:48 --------- d-----w c:\program files\QuickTime 2008-10-29 09:48 --------- d-----w c:\program files\Common Files\Apple 2008-10-29 09:43 --------- d-----w c:\program files\Bonjour 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 11:52 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2008-10-15 11:30 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard 2008-10-15 10:56 --------- d-----w c:\program files\PartyGaming 2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys 2008-03-15 10:47 146,927,720 ----a-w c:\documents and settings\Matias\WoW-2.3.3.7799-to-0.4.0.7897-enGB-patch.exe 2008-02-23 11:31 22,328 ----a-w c:\documents and settings\Matias\Application Data\PnkBstrK.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-04_13.38.00.57 ))))))))))))))))))))))))))))))))))))))))) . - 2007-07-11 22:22:00 135,168 ----a-w c:\windows\system32\java.exe + 2008-12-04 21:56:06 144,792 ----a-w c:\windows\system32\java.exe - 2007-07-11 22:22:04 135,168 ----a-w c:\windows\system32\javaw.exe + 2008-12-04 21:56:06 144,792 ----a-w c:\windows\system32\javaw.exe - 2007-07-11 23:22:38 139,264 ----a-w c:\windows\system32\javaws.exe + 2008-12-04 21:56:07 148,888 ----a-w c:\windows\system32\javaws.exe + 2008-12-04 21:49:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c8.dat + 2008-12-04 21:56:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f78.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-15 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Steam"="d:\games\steam1\steam.exe" [2008-10-10 1410296] "Google Update"="c:\documents and settings\Matias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 774168] "Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "PWRISOVM.EXE"="h:\programs\iso\PowerISO\PWRISOVM.EXE" [2008-01-20 217088] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-15 15360] c:\documents and settings\muut\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 393216] c:\documents and settings\Matias\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 393216] c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3\TMMonitor.exe [2007-12-22 245760] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=xomnhs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"= "c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\Games\\steam1\\Steam.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "d:\\Programs\\Xfire\\xfire.exe"= "d:\\Programs\\mIRC\\mirc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "h:\\Games\\crysis\\Bin32\\Crysis.exe"= "h:\\Games\\crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "h:\\Games\\cod4\\iw3mp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "d:\\Games\\steam1\\steamapps\\invidio\\counter-strike\\hl.exe"= "h:\\programs\\RevConnect\\DCPlusPlus.exe"= "d:\\Games\\cod5\\CoDWaWmp.exe"= "d:\\Games\\cod5\\CoDWaW.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20806:TCP"= 20806:TCP:BitCometBeta 20806 TCP "20806:UDP"= 20806:UDP:BitCometBeta 20806 UDP "6112:TCP"= 6112:TCP:Wc3 "6113:TCP"= 6113:TCP:wc33 "6114:TCP"= 6114:TCP:wc33 "6115:TCP"= 6115:TCP:wc333 "6116:TCP"= 6116:TCP:wcc3333 "6117:TCP"= 6117:TCP:wcc3 R0 ppa;Iomega Parallel Port Filter -ohjain;c:\windows\system32\DRIVERS\ppa.sys [2008-03-02 17792] R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-03 38496] S3 AF15BDA;AF9015 BDA Filter;c:\windows\system32\Drivers\AF15BDA.sys [2007-12-31 283776] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 [2008-02-26 29183504] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] *Newly Created Service* - JAVAQUICKSTARTERSERVICE *Newly Created Service* - WMIAPSRV . 'Ajoitetut tehtävät'-kansion sisältö 2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-12-05 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\Matias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:36] . . ------- Täydentävä tarkistus ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local FireFox -: Profile - c:\documents and settings\Matias\Application Data\Mozilla\Firefox\Profiles\57v5iy99.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fi/ig?hl=fi FF -: plugin - c:\documents and settings\Matias\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-05 12:20:10 Windows 5.1.2600 Service Pack 2 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . Valmistumisajankohta: 2008-12-05 12:21:05 ComboFix-quarantined-files.txt 2008-12-05 10:20:44 ComboFix2.txt 2008-12-04 11:38:30 Ennen ajoa: 13 683 232 768 tavua vapaana Ajon jälkeen: 13,678,116,864 tavua vapaana 244 --- E O F --- 2008-11-13 01:02:14
ajas tuo nortonin poistotyökalu Poista vikasiedossa kansiot C:\Program Files\Symantec C:\Program Files\Common Files\Symantec Shared
