Onko koneella vielä viruksia? HJT logi

Jalppis · Jun 3, 2008

Eli, olen tässä katellut muitten ohjeita ja poistellu vähän kamaa koneelta. Mutta haluaisin vielä tietää että onko koneellani viruksia/haittaohjelmia.

Tässä logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:53, on 2008-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1206440052179
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: tuvWnkHA - tuvWnkHA.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8124 bytes

Hujo · Jun 3, 2008

scannaa hjt.llä merkkaa paina Fix checked

O20 - Winlogon Notify: tuvWnkHA - tuvWnkHA.dll (file missing)

===========

Mitäs oot ajellut koneella..

Jalppis · Jun 3, 2008

Kaikkia näitä ComboFix ja VundoFix juttuja. F-Securella, easycleanerilla ja Malwarebytesilla.

Löytyikö sieltä mitään örkkejä vielä?

Hujo · Jun 3, 2008

scannaa uusi combofix loki

Jalppis · Jun 3, 2008

täsä:

ComboFix 08-06-01.6 - Risto Jalonen 2008-06-03 23:36:39.2 - NTFSx86
Running from: C:\Documents and Settings\Risto Jalonen\Työpöytä\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_003771_.tmp.dll
.
---- Previous Run -------
.
C:\WINDOWS\BMfb654178.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dtkhmhbc.ini
C:\WINDOWS\system32\EOUENXbc.ini
C:\WINDOWS\system32\EOUENXbc.ini2
C:\WINDOWS\system32\euofqalg.dll
C:\WINDOWS\system32\lidhtkvy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrwnkbnv.ini
C:\WINDOWS\system32\PqpWvyay.ini
C:\WINDOWS\system32\PqpWvyay.ini2
C:\WINDOWS\system32\sqtafwsw.ini
C:\WINDOWS\system32\takbrutm.ini
C:\WINDOWS\system32\TCMnmUvw.ini
C:\WINDOWS\system32\TCMnmUvw.ini2
C:\WINDOWS\system32\yayvWpqP.dll
C:\WINDOWS\system32\yvkthdil.dll
C:\WINDOWS\system32\yvryvxbi.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-03 to 2008-06-03 )))))))))))))))))
.

2008-06-03 00:35 . 2008-06-03 00:35 2,786 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 00:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-03 00:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-03 00:32 . 2008-05-27 13:54 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-03 00:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-03 00:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-03 00:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-03 00:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 00:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-02 23:53 . 2008-06-02 23:53 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-02 23:15 . 2008-06-02 23:15 <KANSIO> d-------- C:\Program Files\ToniArts
2008-06-01 00:05 . 2008-06-01 00:05 <KANSIO> d-------- C:\Documents and Settings\Risto Jalonen\Application Data\RealWorld
2008-06-01 00:03 . 2008-06-01 00:04 <KANSIO> d-------- C:\Program Files\RealWorld Cursor Editor
2008-05-31 23:56 . 2008-05-31 23:56 <KANSIO> d-------- C:\Program Files\AxiomX
2008-05-31 23:56 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-05-30 11:49 . 2008-05-30 11:49 <KANSIO> d-------- C:\Documents and Settings\Risto Jalonen\Application Data\Malwarebytes
2008-05-30 11:48 . 2008-05-30 11:50 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 11:48 . 2008-05-30 11:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-30 11:48 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 11:48 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 17:17 . 2008-05-29 17:17 96,768 --a------ C:\is154890.0xe
2008-05-28 23:31 . 2008-05-28 23:31 <KANSIO> d-------- C:\Documents and Settings\Risto Jalonen\Application Data\Grisoft
2008-05-28 23:31 . 2008-05-28 23:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-28 23:31 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-28 20:10 . 2008-05-28 20:10 56,832 --a------ C:\sxy1.0om
2008-05-28 19:35 . 2008-05-28 19:35 57,344 --a------ C:\WINDOWS\system32\tuvWnkHA.0ll
2008-05-28 19:32 . 2008-05-28 19:34 40,960 --a------ C:\dci.0xe
2008-05-24 20:46 . 2008-05-24 20:46 <KANSIO> d-------- C:\Documents and Settings\Aino\Application Data\Apple Computer
2008-05-24 19:54 . 2008-06-03 23:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 19:54 . 2008-05-24 19:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-24 19:39 . 2008-05-24 19:39 <KANSIO> d-------- C:\Documents and Settings\Risto Jalonen\Application Data\Apple Computer
2008-05-24 19:38 . 2008-05-24 19:38 <KANSIO> d-------- C:\Program Files\iPod
2008-05-24 19:37 . 2008-05-24 19:38 <KANSIO> d-------- C:\Program Files\iTunes
2008-05-24 19:32 . 2008-05-24 19:32 <KANSIO> d-------- C:\Program Files\Bonjour
2008-05-24 19:31 . 2008-05-24 19:32 <KANSIO> d-------- C:\Program Files\QuickTime
2008-05-24 19:31 . 2008-05-24 19:37 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-24 19:30 . 2008-05-24 19:30 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-05-24 19:29 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-24 19:28 . 2008-05-24 19:28 <KANSIO> d-------- C:\Program Files\Common Files\Apple
2008-05-24 19:28 . 2008-05-24 19:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-22 20:03 . 2008-03-19 13:44 <KANSIO> d--h----- C:\Documents and Settings\Risto\Verkkoympäristö
2008-05-22 20:03 . 2008-03-19 13:44 <KANSIO> d-------- C:\Documents and Settings\Risto\Työpöytä
2008-05-22 20:03 . 2008-03-19 13:44 <KANSIO> d--h----- C:\Documents and Settings\Risto\Tulostinympäristö
2008-05-22 20:03 . 2008-05-30 20:30 <KANSIO> dr------- C:\Documents and Settings\Risto\Suosikit
2008-05-22 20:03 . 2008-05-22 20:03 <KANSIO> dr------- C:\Documents and Settings\Risto\Omat tiedostot
2008-05-22 20:03 . 2008-03-19 14:08 <KANSIO> d--h----- C:\Documents and Settings\Risto\Mallit
2008-05-22 20:03 . 2008-03-19 13:44 <KANSIO> dr------- C:\Documents and Settings\Risto\Käynnistä-valikko
2008-05-22 20:03 . 2008-05-22 20:03 <KANSIO> d-------- C:\Documents and Settings\Risto\Bluetooth Software
2008-05-22 20:03 . 2008-05-31 18:34 <KANSIO> d-------- C:\Documents and Settings\Risto
2008-05-22 20:02 . 2008-05-22 20:02 <KANSIO> d-------- C:\Documents and Settings\Suvianna\Bluetooth Software
2008-05-22 20:02 . 2004-09-15 02:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-22 20:01 . 2008-03-19 13:44 <KANSIO> d--h----- C:\Documents and Settings\Suvianna\Verkkoympäristö
2008-05-22 20:01 . 2008-06-01 20:22 <KANSIO> d-------- C:\Documents and Settings\Suvianna\Työpöytä
2008-05-22 20:01 . 2008-03-19 13:44 <KANSIO> d--h----- C:\Documents and Settings\Suvianna\Tulostinympäristö
2008-05-22 20:01 . 2008-05-22 20:02 <KANSIO> dr------- C:\Documents and Settings\Suvianna\Suosikit
2008-05-22 20:01 . 2008-05-22 20:02 <KANSIO> dr------- C:\Documents and Settings\Suvianna\Omat tiedostot
2008-05-22 20:01 . 2008-03-19 14:08 <KANSIO> d--h----- C:\Documents and Settings\Suvianna\Mallit
2008-05-22 20:01 . 2008-03-19 13:44 <KANSIO> dr------- C:\Documents and Settings\Suvianna\Käynnistä-valikko
2008-05-22 20:01 . 2008-06-02 20:44 <KANSIO> d-------- C:\Documents and Settings\Suvianna
2008-05-11 20:24 . 2008-05-11 20:25 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:16 --------- d-----w C:\Documents and Settings\Risto Jalonen\Application Data\Azureus
2008-06-02 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 20:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 21:31 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-01 21:31 --------- d-----w C:\Program Files\Common Files\Real
2008-05-01 21:30 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-01 21:30 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-01 21:30 --------- d-----w C:\Program Files\Real
2008-04-28 20:17 --------- d-----w C:\Documents and Settings\Risto Jalonen\Application Data\JLC's Software
2008-04-28 20:16 --------- d-----w C:\Program Files\JLC's Software
2008-04-28 19:29 --------- d-----w C:\Documents and Settings\Risto Jalonen\Application Data\U3
2008-04-27 12:46 --------- d-----w C:\Program Files\TVUPlayer
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Risto Jalonen\Application Data\TVU Networks
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 10:25 --------- d-----w C:\Program Files\Azureus
2008-04-19 10:13 --------- d-----w C:\Program Files\Online TV Player 4
2008-04-03 15:39 --------- d-----w C:\Program Files\Java
2008-04-03 15:37 --------- d-----w C:\Program Files\Common Files\Java
2008-03-28 15:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-27 19:56 11,437,820 ----a-w C:\WLAN4.2.0.82_APPS4.2.0.358bin.zip
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 11:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2008-02-15 18:46 182936]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2008-02-15 18:46 895584]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 16:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 21:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 21:11 692316]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-02 00:30 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2004-06-02 18:48:22 565309]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-02-15 18:45]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2008-02-15 18:46]
R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-02-15 18:45]
S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-08-30 03:14]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-02-15 18:45]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-02-15 18:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685fc07c-fc3d-11dc-8a07-0012793eca20}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-24 16:30:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 23:43:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 23:46:03
ComboFix-quarantined-files.txt 2008-06-03 20:45:56

Pre-Run: 33,289,248,768 tavua vapaana
Post-Run: 33,290,326,016 tavua vapaana

185 --- E O F --- 2008-05-28 11:50:59

Hujo · Jun 3, 2008

ajas tuo Malwarebytesilla. onkos toi ollut pitkään koneella jos on päivitä se ensin

Jalppis · Jun 3, 2008

siis en nyt oikeen ymmärtänyt mitä tarkotit?

siis malwarebytes vaan päälle?

Hujo · Jun 3, 2008

jos sulla on se olut jo aikaisemmin päivitä se ensin sitten päälle tai jos oot sen tänään ladannut koneelle niin laita vain päälle.

Jalppis · Jun 3, 2008

poistan sitten kaikki ne mitä se näyttää ja laita lokin tänne?

Hujo · Jun 3, 2008

juu laita loki sitten.

Jalppis · Jun 3, 2008

Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 818

0:49:40 4.6.2008
mbam-log-6-4-2008 (00-49-40).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 76557
Kulunut aika: 40 minute(s), 36 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\dci.0xe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\sxy1.0om (Backdoor.Bot) -> Quarantined and deleted successfully.

Hujo · Jun 3, 2008

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\is154890.0xe

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

Jalppis · Jun 4, 2008

ComboFix 08-06-01.6 - Risto Jalonen 2008-06-04 11:57:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1035.18.128 [GMT 3:00]
Running from: C:\Documents and Settings\Risto Jalonen\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Risto Jalonen\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\is154890.0xe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\is154890.0xe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-04 to 2008-06-04 )))))))))))))))))
.

2008-06-03 00:35 . 2008-06-03 00:35 2,786 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 00:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-03 00:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-03 00:32 . 2008-05-27 13:54 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-03 00:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-03 00:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-03 00:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-03 00:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 00:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-02 23:53 . 2008-06-02 23:53 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-02 23:15 . 2008-06-02 23:15 <KANSIO> d-------- C:\Program Files\ToniArts
2008-06-01 00:05 . 2008-06-01 00:05 <KANSIO> d-------- C:\Documents and Settings\Risto Jalonen\Application Data\RealWorld
2008-06-01 00:03 . 2008-06-01 00:04 <KANSIO> d-------- C:\Program Files\RealWorld Cursor Editor
2008-05-31 23:56 . 2008-05-31 23:56 <KANSIO> d-------- C:\Program Files\AxiomX
2008-05-31 23:56 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-05-30 11:49 . 2008-05-30 11:49 <KANSIO> d-------- C:\Documents and Settings\Risto Jalonen\Application Data\Malwarebytes
2008-05-30 11:48 . 2008-05-30 11:50 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 11:48 . 2008-05-30 11:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-30 11:48 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 11:48 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 23:31 . 2008-05-28 23:31 <KANSIO> d-------- C:\Documents and Settings\Risto Jalonen\Application Data\Grisoft
2008-05-28 23:31 . 2008-05-28 23:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-28 23:31 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-28 19:35 . 2008-05-28 19:35 57,344 --a------ C:\WINDOWS\system32\tuvWnkHA.0ll
2008-05-24 20:46 . 2008-05-24 20:46 <KANSIO> d-------- C:\Documents and Settings\Aino\Application Data\Apple Computer
2008-05-24 19:54 . 2008-06-04 11:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 19:54 . 2008-05-24 19:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-24 19:39 . 2008-05-24 19:39 <KANSIO> d-------- C:\Documents and Settings\Risto Jalonen\Application Data\Apple Computer
2008-05-24 19:38 . 2008-05-24 19:38 <KANSIO> d-------- C:\Program Files\iPod
2008-05-24 19:37 . 2008-05-24 19:38 <KANSIO> d-------- C:\Program Files\iTunes
2008-05-24 19:32 . 2008-05-24 19:32 <KANSIO> d-------- C:\Program Files\Bonjour
2008-05-24 19:31 . 2008-05-24 19:32 <KANSIO> d-------- C:\Program Files\QuickTime
2008-05-24 19:31 . 2008-05-24 19:37 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-24 19:30 . 2008-05-24 19:30 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-05-24 19:29 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-24 19:28 . 2008-05-24 19:28 <KANSIO> d-------- C:\Program Files\Common Files\Apple
2008-05-24 19:28 . 2008-05-24 19:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-22 20:03 . 2008-03-19 13:44 <KANSIO> d--h----- C:\Documents and Settings\Risto\Verkkoympäristö
2008-05-22 20:03 . 2008-03-19 13:44 <KANSIO> d-------- C:\Documents and Settings\Risto\Työpöytä
2008-05-22 20:03 . 2008-03-19 13:44 <KANSIO> d--h----- C:\Documents and Settings\Risto\Tulostinympäristö
2008-05-22 20:03 . 2008-05-30 20:30 <KANSIO> dr------- C:\Documents and Settings\Risto\Suosikit
2008-05-22 20:03 . 2008-05-22 20:03 <KANSIO> dr------- C:\Documents and Settings\Risto\Omat tiedostot
2008-05-22 20:03 . 2008-03-19 14:08 <KANSIO> d--h----- C:\Documents and Settings\Risto\Mallit
2008-05-22 20:03 . 2008-03-19 13:44 <KANSIO> dr------- C:\Documents and Settings\Risto\Käynnistä-valikko
2008-05-22 20:03 . 2008-05-22 20:03 <KANSIO> d-------- C:\Documents and Settings\Risto\Bluetooth Software
2008-05-22 20:03 . 2008-05-31 18:34 <KANSIO> d-------- C:\Documents and Settings\Risto
2008-05-22 20:02 . 2008-05-22 20:02 <KANSIO> d-------- C:\Documents and Settings\Suvianna\Bluetooth Software
2008-05-22 20:02 . 2004-09-15 02:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-22 20:01 . 2008-03-19 13:44 <KANSIO> d--h----- C:\Documents and Settings\Suvianna\Verkkoympäristö
2008-05-22 20:01 . 2008-06-01 20:22 <KANSIO> d-------- C:\Documents and Settings\Suvianna\Työpöytä
2008-05-22 20:01 . 2008-03-19 13:44 <KANSIO> d--h----- C:\Documents and Settings\Suvianna\Tulostinympäristö
2008-05-22 20:01 . 2008-05-22 20:02 <KANSIO> dr------- C:\Documents and Settings\Suvianna\Suosikit
2008-05-22 20:01 . 2008-05-22 20:02 <KANSIO> dr------- C:\Documents and Settings\Suvianna\Omat tiedostot
2008-05-22 20:01 . 2008-03-19 14:08 <KANSIO> d--h----- C:\Documents and Settings\Suvianna\Mallit
2008-05-22 20:01 . 2008-03-19 13:44 <KANSIO> dr------- C:\Documents and Settings\Suvianna\Käynnistä-valikko
2008-05-22 20:01 . 2008-06-02 20:44 <KANSIO> d-------- C:\Documents and Settings\Suvianna
2008-05-11 20:24 . 2008-05-11 20:25 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:16 --------- d-----w C:\Documents and Settings\Risto Jalonen\Application Data\Azureus
2008-06-02 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 20:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 21:31 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-01 21:31 --------- d-----w C:\Program Files\Common Files\Real
2008-05-01 21:30 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-01 21:30 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-01 21:30 --------- d-----w C:\Program Files\Real
2008-04-28 20:17 --------- d-----w C:\Documents and Settings\Risto Jalonen\Application Data\JLC's Software
2008-04-28 20:16 --------- d-----w C:\Program Files\JLC's Software
2008-04-28 19:29 --------- d-----w C:\Documents and Settings\Risto Jalonen\Application Data\U3
2008-04-27 12:46 --------- d-----w C:\Program Files\TVUPlayer
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\Risto Jalonen\Application Data\TVU Networks
2008-04-27 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-23 10:25 --------- d-----w C:\Program Files\Azureus
2008-04-19 10:13 --------- d-----w C:\Program Files\Online TV Player 4
2008-03-28 15:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-27 19:56 11,437,820 ----a-w C:\WLAN4.2.0.82_APPS4.2.0.358bin.zip
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 11:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-03_23.45.32.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 09:44:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 05:02:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2008-02-15 18:46 182936]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2008-02-15 18:46 895584]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 16:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 21:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 21:11 692316]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-02 00:30 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2004-06-02 18:48:22 565309]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-02-15 18:45]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2008-02-15 18:46]
R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-02-15 18:45]
S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-08-30 03:14]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-02-15 18:45]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-02-15 18:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685fc07c-fc3d-11dc-8a07-0012793eca20}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-24 16:30:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 12:00:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-04 12:02:27
ComboFix-quarantined-files.txt 2008-06-04 09:02:21
ComboFix2.txt 2008-06-03 20:46:05

Pre-Run: 33,207,439,360 tavua vapaana
Post-Run: 33,201,577,984 tavua vapaana

170 --- E O F --- 2008-05-28 11:50:59

Hujo · Jun 4, 2008

No mites kone nyt pätkii

Log in or Sign up

Onko koneella vielä viruksia? HJT logi

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Share This Page

Log in or Sign up

Onko koneella vielä viruksia? HJT logi

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Jalppis Member

Hujo Guest

Share This Page

Useful Searches