pikakuvakkeet ja ohjelmat alkaa vilkkua

hirohi · Mar 22, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:37, on 22.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE
C:\Program Files\Steam\Steam.exe
C:\Program Files\NCSoft\Launcher\NCLauncher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_S9DCA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6548 bytes

elikkä kuvakeet ja ohjelmat joita käytän alkavat vilkkua

Hujo · Mar 22, 2008

Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

hirohi · Mar 22, 2008

kumpikaan ei tuntunut mitään löytävn mutta tässä on jälkimmäisen logi
=======

ComboFix 08-03-22.1 - Kimmo 2008-03-22 23:27:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1035.18.1261 [GMT 2:00]
Running from: C:\Users\Kimmo\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://launcher.patcher.ncsoft.com
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-22 to 2008-03-22 )))))))))))))))))
.

Tiedostoja ei ole luotu tällä aikavälillä

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 20:36 --------- d-----w C:\Program Files\Trend Micro
2008-03-22 20:20 --------- d-----w C:\Program Files\Steam
2008-03-22 17:39 --------- d-----w C:\ProgramData\Symantec
2008-03-22 16:23 --------- d-----w C:\Users\Kimmo\AppData\Roaming\uTorrent
2008-03-21 20:58 --------- d--h--w C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-03-21 07:37 --------- d-----w C:\Users\Kimmo\AppData\Roaming\dvdcss
2008-03-16 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 13:23 --------- d-----w C:\Program Files\NCSoft
2008-03-13 13:53 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 13:48 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-06 16:30 --------- d-----w C:\Users\Kimmo\AppData\Roaming\Ubisoft
2008-03-06 16:30 --------- d-----w C:\ProgramData\Ubisoft
2008-02-29 20:01 --------- d-----w C:\Program Files\NEXON
2008-02-28 17:58 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-23 16:57 --------- d-----w C:\Users\Kimmo\AppData\Roaming\Nokia
2008-02-23 16:57 --------- d-----w C:\ProgramData\PC Suite
2008-02-23 16:54 --------- d-----w C:\Program Files\Nokia
2008-02-23 16:54 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-23 16:54 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-23 16:35 --------- d-----w C:\Users\Kimmo\AppData\Roaming\PC Suite
2008-02-23 16:33 --------- d-----w C:\Program Files\DIFX
2008-02-23 16:30 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-23 16:23 --------- d-----w C:\ProgramData\Installations
2008-02-14 14:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 14:07 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 14:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 14:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 14:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 14:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 14:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 14:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-11 06:44 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-02-09 22:33 12,961 ----a-w C:\Program Files\kuva.jpg
2008-02-01 15:13 --------- d-----w C:\Program Files\Guild Wars
2008-01-26 18:52 8,398 ----a-w C:\Program Files\phpBfzTrV_c2PM.jpg
2008-01-09 20:17 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-11-25 16:20 6,643,564 ----a-w C:\Users\Kimmo\themaniandmymomlove01_e.zip
2007-11-25 16:04 4,035,258 ----a-w C:\Users\Kimmo\naughtyterroristinauniform_e.zip
2007-11-25 15:41 4,432,037 ----a-w C:\Users\Kimmo\kamehasutra_e.zip
2007-11-25 09:40 304,809 ----a-w C:\Users\Kimmo\GEARS.OF.WAR.V1.0.ALL.RELOADED.NOCD.ZIP
2007-11-23 20:28 37,622,281 ----a-w C:\Users\Kimmo\RF_Episode2_mpg4.zip
2007-11-23 14:06 79,553,034 ----a-w C:\Users\Kimmo\_Shiwasu_nkina__Sei_So_Tsui_Dan_Sha__english_.zip
2007-11-17 21:25 4,510,273 ----a-w C:\Users\Kimmo\nakaba_e.zip
2007-11-17 21:04 12,534,784 ----a-w C:\Users\Kimmo\handmadefamily_e.zip
2007-11-17 21:01 7,904,718 ----a-w C:\Users\Kimmo\oniichaniswatching_e.zip
2007-11-17 20:57 1,880,990 ----a-w C:\Users\Kimmo\morningswithmymother_e.zip
2007-10-31 18:44 52,184 ----a-w C:\Users\Kimmo\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-10-31 17:10 118,739,008 ----a-w C:\Users\Kimmo\TheWitcherPatch_1.1a.exe
2007-10-28 12:04 5,255,961 ----a-w C:\Users\Kimmo\oneechanexclusive_e.zip
2007-10-28 12:02 1,772,054 ----a-w C:\Users\Kimmo\horribledream_e.zip
2007-10-28 11:59 5,118,857 ----a-w C:\Users\Kimmo\asistersunusualbehavior_e.zip
2007-10-28 11:59 3,880,362 ----a-w C:\Users\Kimmo\thegirlstruth_e.zip
2007-10-27 19:54 2,576,268 ----a-w C:\Users\Kimmo\oneechanslips_e.zip
2007-10-27 19:52 4,464,255 ----a-w C:\Users\Kimmo\contact_e.zip
2007-10-27 19:52 3,828,678 ----a-w C:\Users\Kimmo\mutuallove_e.zip
2007-10-27 19:51 4,021,870 ----a-w C:\Users\Kimmo\icantcallhermama_e.zip
2007-10-27 19:48 4,988,941 ----a-w C:\Users\Kimmo\messingwithlittlebrother_e.zip
2007-10-27 19:47 2,399,157 ----a-w C:\Users\Kimmo\youngersisterslocker_e.zip
2007-10-27 13:05 11,182,080 ----a-w C:\Users\Kimmo\epson31641eu.exe
2007-10-26 12:43 118,248,584 ----a-w C:\Users\Kimmo\TheWitcherPatch_1.1.exe
2007-10-25 16:25 31,828,574 ----a-w C:\Users\Kimmo\163.69_forceware_winvista_32bit_english_whql.exe
2007-10-20 21:19 4,330,027 ----a-w C:\Users\Kimmo\Anime List 3.0.4.exe
2007-10-16 11:53 45,990,940 ----a-w C:\Users\Kimmo\Iga_A-Nuditas-NEW.zip
2007-10-16 11:28 318,904 ----a-w C:\Users\Kimmo\wmpfirefoxplugin.exe
2007-10-13 09:14 8,683,517 ----a-w C:\Users\Kimmo\nosewasure01_e.zip
2007-10-13 09:12 7,464,294 ----a-w C:\Users\Kimmo\nosewasure02_e.zip
2007-10-13 09:06 3,575,695 ----a-w C:\Users\Kimmo\nosewasure03_e.zip
2007-10-13 09:05 6,184,619 ----a-w C:\Users\Kimmo\nosewasure04_e.zip
2007-10-13 09:01 3,212,443 ----a-w C:\Users\Kimmo\nosewasure07_e.zip
2007-10-13 08:59 5,074,599 ----a-w C:\Users\Kimmo\nosewasure08_e.zip
2007-10-13 08:58 4,106,796 ----a-w C:\Users\Kimmo\nosewasure06_e.zip
2007-10-13 08:57 4,658,386 ----a-w C:\Users\Kimmo\nosewasure05_e.zip
2007-10-13 08:47 5,733,953 ----a-w C:\Users\Kimmo\shigurenoarubaito_e.zip
2007-10-13 08:47 3,262,188 ----a-w C:\Users\Kimmo\hyuugahinatasgrowth_e.zip
2007-10-13 08:46 6,376,893 ----a-w C:\Users\Kimmo\barietchi_e.zip
2007-10-13 08:45 11,967,439 ----a-w C:\Users\Kimmo\landg_e.zip
2007-10-08 09:10 72,757,184 ----a-w C:\Users\Kimmo\HCB_Hana_s_Holiday_by_Saigado.zip
2007-10-05 15:01 79,283,044 ----a-w C:\Users\Kimmo\Irishka_A-Onirique.zip
2007-10-04 17:19 22,328 ----a-w C:\Users\Kimmo\AppData\Roaming\PnkBstrK.sys
2007-09-29 14:21 8,688,833 ----a-w C:\Users\Kimmo\Kemonono_Muchi_to_ha_Zai_new_ver_eng.zip
2007-09-28 16:28 2,117,101 ----a-w C:\Users\Kimmo\abrightfamilyplanning_e.zip
2007-09-28 16:16 6,419,794 ----a-w C:\Users\Kimmo\shampoo_e.zip
2007-09-19 13:52 7,878,498 ----a-w C:\Users\Kimmo\24hourrehabilitationward_e.zip
2007-09-19 13:51 9,481,390 ----a-w C:\Users\Kimmo\sakurarisestothefront_e.zip
2007-09-19 13:51 2,695,348 ----a-w C:\Users\Kimmo\dailylife.zip
2007-09-17 16:27 1,314,816 ----a-w C:\Users\Kimmo\pbsetup.exe
2007-09-17 16:19 15,786 ----a-w C:\Users\Kimmo\BF2142_Universal_1.25b.zip
2007-09-16 12:46 12,763,888 ----a-w C:\Users\Kimmo\ead-installer(2).exe
2007-09-16 12:11 12,763,888 ----a-w C:\Users\Kimmo\ead-installer.exe
2007-09-16 11:45 287,592 ----a-w C:\Users\Kimmo\dxwebsetup.exe
2007-09-15 13:17 1,164,456 ----a-w C:\Users\Kimmo\install_flash_player.exe
2007-09-11 17:31 6,221,304 ----a-w C:\Users\Kimmo\winamp535_full_emusic-7plus.exe
2007-09-09 15:16 1,207,026 ----a-w C:\Users\Kimmo\wrar370.exe
2007-09-08 21:28 605,286 ----a-w C:\Users\Kimmo\P5K0603.zip
2007-09-08 21:06 60,816,768 ----a-w C:\Users\Kimmo\setpoint400.exe
2007-09-08 19:48 23,661,600 ----a-w C:\Users\Kimmo\DivXInstaller.exe
2007-09-08 07:11 0 ----a-w C:\Users\Kimmo\Shockwave_Installer_Slim.exe
2007-09-07 16:31 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 17:38 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 22:17 1232896]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728]
"EPSON Stylus DX6000 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.exe" [2006-09-22 03:01 139264]
"Steam"="c:\program files\steam\steam.exe" [2008-01-19 21:51 1266936]
"PlayNC Launcher"="C:\Program Files\NCSoft\Launcher\NCLauncher.exe" [2008-03-16 15:28 38128]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-07 18:26 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 21:04 4423680 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 17:06 1822720 C:\Windows\SkyTel.exe]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\Windows\KHALMNPR.Exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-07 18:42:01 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3B5256E5-6187-4650-82FC-7D7D9FB3743F}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D617C912-2EA8-4E2E-A78A-39042A422B3B}"= UDP:E:\Supreme\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{338E2354-4FC5-443E-AE04-BB5805A35D76}"= TCP:E:\Supreme\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{DF4BAC55-2306-46AA-BC51-80C67E32C0E7}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B201B560-84B7-438E-97EC-493FE9A9F8DD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{669F6511-C755-450B-8757-70EFB817FE62}"= UDP:E:\2142\BF2142.exe:Battlefield 2
"{C3DCF6E3-E0BD-4AD4-8215-207BC037BE9A}"= TCP:E:\2142\BF2142.exe:Battlefield 2
"{1416BAFE-6DDD-4237-9091-039C16BD80A0}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{CCBE70F6-F2E0-4E5A-A6B1-BBCE17C6FACC}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{10B12555-4084-4B50-A584-6889EFF66985}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{25435205-60DA-4584-B1D1-AB38976DE284}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{B16359E8-B998-4D2D-B371-02F98FD9F182}"= UDP:E:\CoH\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{FFACF7C2-5757-4E05-A387-9729743B5BC3}"= TCP:E:\CoH\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{5BFD4A24-7AF8-4045-AD52-C706C79C2462}"= UDP:E:\Gears\Binaries\WarGame-G4WLive.exe:Gears of War
"{B7A72186-FAD4-4251-8E37-ADA3289E3B77}"= TCP:E:\Gears\Binaries\WarGame-G4WLive.exe:Gears of War
"{13B46162-310F-41CE-AEA4-075D6E25AFDA}"= UDP:E:\Unreal\Bin32\Crysis.exe:Crysis_32
"{00E51210-3A59-4FF5-975D-7B045D05C333}"= TCP:E:\Unreal\Bin32\Crysis.exe:Crysis_32
"{5467DCB8-B88D-4066-859D-5618053E18B2}"= UDP:E:\Unreal\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{9543B852-FDD9-48AD-B600-255DCE78BE8A}"= TCP:E:\Unreal\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{1AF6D953-CD97-4519-B18C-558409643CEF}"= UDP:E:\NW2\nwn2main.exe:Neverwinter Nights 2 Main
"{77C7067D-C8ED-4573-B91B-5671CFEE1BD2}"= TCP:E:\NW2\nwn2main.exe:Neverwinter Nights 2 Main
"{13F4D279-CDE3-4B29-B36D-F5AE376EE8F2}"= UDP:E:\NW2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{E93813AB-17ED-4CDB-B815-9E7C605A37E0}"= TCP:E:\NW2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{D40DF3F1-B64B-4EBA-8623-2EBE4B2CC616}"= UDP:E:\NW2\nwupdate.exe:Neverwinter Nights 2 Updater
"{93C0B081-F584-4460-8FEF-FC284AC5C6F9}"= TCP:E:\NW2\nwupdate.exe:Neverwinter Nights 2 Updater
"{B6D8C148-B794-4DA2-BEBA-3949028CB39F}"= UDP:E:\NW2\nwn2server.exe:Neverwinter Nights 2 Server
"{25EB5953-E2D6-416C-A4B6-4D7101DF9621}"= TCP:E:\NW2\nwn2server.exe:Neverwinter Nights 2 Server
"{9340EE0A-14AC-4B6C-9F05-8E04A76667C1}"= UDP:E:\lataukset\Assassins.Creed-RELOADED\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{6DF4BC9A-3CB0-4093-82C2-0F4E9A216BF7}"= TCP:E:\lataukset\Assassins.Creed-RELOADED\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{13C4CED9-2CB8-4FEA-9358-E90B799C7BB3}"= UDP:E:\lataukset\Assassins.Creed-RELOADED\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{16950273-D360-4E6E-B6C5-FB548FE8B15C}"= TCP:E:\lataukset\Assassins.Creed-RELOADED\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DF655E85-8DA9-4C85-9386-A99358CD2384}"= UDP:E:\lataukset\Assassins.Creed-RELOADED\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{5768A62F-3662-4EBF-80D5-3B52E07A36A8}"= TCP:E:\lataukset\Assassins.Creed-RELOADED\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F7B495A3-7965-4038-B69C-DCA87C0CDA21}"= UDP:E:\SIns\Uusi kansio\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{53E9520A-F9DE-44E3-BE62-F06645B200F9}"= TCP:E:\SIns\Uusi kansio\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080314.001\IDSvix86.sys [2008-02-13 18:18]
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-05-24 23:53]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 16:41]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-12 16:18]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 14:50]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-17 20:33:11 C:\Windows\Tasks\Norton Internet Security - Suorita täysi järjestelmäntarkistus - Kimmo.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 23:28:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-22 23:28:56
ComboFix-quarantined-files.txt 2008-03-22 21:28:54
.
2008-03-13 13:52:30 --- E O F ---

mind92 · Mar 25, 2008

pistäs uutta hjt-lokia tulemaan

Log in or Sign up

pikakuvakkeet ja ohjelmat alkaa vilkkua

hirohi Member

Hujo Guest

hirohi Member

mind92 Regular member

Share This Page

Log in or Sign up

pikakuvakkeet ja ohjelmat alkaa vilkkua

hirohi Member

Hujo Guest

hirohi Member

mind92 Regular member

Share This Page

Useful Searches