Rundll32.exe, suoritin 100%.

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by spas12, Dec 29, 2007.

Page 1 of 2
  1. spas12

    spas12 Guest

    Eli aina välillä kone alkaa takkuilemaan, ja tehtävänhallinnassa näkyy että rundll32.exe vie prossun suorituskäytön. (tällä hetkellä 99%)
    Kone ei suostu myöskään sammumaan "rundll32.exe ei vastaa". Oon scannannu spybotilla + f-secure 2008 scannilla ja hjt:llä. f-secure löysi vaan jotain 4 vakoiluevästettä spybot ei löytänyt mitään.
    Kone on ollut nyt mulla 3 päivää, käytetty ibm läppäri. Alun perin oli norton 2003.
    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:40:43, on 29.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
    C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

    --
    End of file - 7519 bytes
     
    spas12, Dec 29, 2007
    #1
  2. Hujo

    Hujo Guest

    paljos siinä läppärissä on keskus muistia?
     
    Hujo, Dec 29, 2007
    #2
  3. spas12

    spas12 Guest

    512mt ram. Ei pitäis sen takia koska eilen toi rundll32.exe meni pois päältä ja kone toimi tosi hyvin. Se on välillä, välillä ei.
     
    spas12, Dec 29, 2007
    #3
  4. Hujo

    Hujo Guest

    Kyllä toi on liian vähän 1g pitäis olla vähintään ja kevyempi virusohjelma palomuurilla varustettu.

    ======================
    ajas cckeaner
    Lataa tuolta http://www.ccleaner.com/download/builds.aspx
    CCleaner v2.00.500 - Standard Build, ÄLÄ aseenna Yahoo toolbaria!

    laita asetukset näin:
    Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

    aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
    aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

    ===============

    Escan
    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.

    =============

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
    " Käynnistä tietokone
    " Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
    " Seuraavaksi pitäisi ilmestyä valikko
    " Valitse valikosta vikasietotila.

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
     
    Hujo, Dec 29, 2007
    #4
  5. spas12

    spas12 Guest

    Nyt scannasin ccleanerillä, löysi n. 78rekisteri virhettä, ja 72mt+ turhia tiedostoja. Asennan just escanniä, tai asensin jo, mutta ehkä väärin.. Kun tuolla käskettiin laittaa se c:n juureen. Laitoin program filesiin, ja se ei tehnyt edes kaspersky kansiota (laittoi program filesin kansioon). koitan ilman.
     
    Last edited by a moderator: Dec 29, 2007
    spas12, Dec 29, 2007
    #5
  6. Hujo

    Hujo Guest

    se kansio pitäis löytyä tuolta
    C:\Kapensky
     
    Hujo, Dec 29, 2007
    #6
  7. spas12

    spas12 Guest

    Escannin oletuksessa se asentaa c:/kaspersky. Mutta ajattelin että ois vaikkapa siistimpi laittaa program filesiin. Mutta se ei tehnyt kansiota sinne vaan laittoi kaikki "base" yms ilman.
     
    spas12, Dec 29, 2007
    #7
  8. Hujo

    Hujo Guest

    Joo tuohon kansioon tulee ne tunnisteet Bases kansio
     
    Hujo, Dec 29, 2007
    #8
  9. spas12

    spas12 Guest

    Escan ei löytänyt mitään.. Nyt laitan Sdfixin.
     
    spas12, Dec 29, 2007
    #9
  10. Hujo

    Hujo Guest

    ok.
     
    Hujo, Dec 29, 2007
    #10
  11. spas12

    spas12 Guest

    Ei sanonut mitään "press any key to boot" avasin koneen vikasietotilassa. Kopsasin Sdfixin työpöydälle, tuli kansio. Sitten tuli ilmoitus että jotkut tiedostot ovat "corruption" jotain.. korruptioituneet? Ihmettelin vähän sitten painoin "runthis". Sitten pyysi painaa Y/N painoin Y. Alkoi tulla kansioon about 4-5kansiota. Testnotif1, testnotif3, testnotif. Tommoset tuli ja ehkä joku regedit ja findstr. Niistä en oo varma. Sitten se sammui.. Ihmettelin miksi, ja sammutin koneen ja laitoin uudestaan päälle. :S
    [Edit]
    Nyt tein saman uudelleen, mutta notepadin kanssa.
    "Some of files were corrupted" tai jotain tommosta.
    "Download a fresh copy" Joku tommonen tulee siihen kun purkaa ne.

    Ja kun ohjelman käynnistää niin:
    crc failed in sdfix/apps/process.exe
    unexpected end of archive
    Error opening localization file
    C:/documents and setting /default user.ibm yms.
    Mitä nyt teen? Tuo vituttaa tuo rundll32.exe. Äsken sammutin konetta ja taas piti virtanäppäintä apuna käyttää :S Olisiko tuo virus voinut olla alusta asti koneessa? Käytettynä meinaa ostin, vaikken tokalla ekalla käytöllä huomannutkaan mitään tuosta.
     
    Last edited by a moderator: Dec 29, 2007
    spas12, Dec 29, 2007
    #11
  12. Hujo

    Hujo Guest

    No kokeile tuosta

    1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


     
    Hujo, Dec 29, 2007
    #12
  13. spas12

    spas12 Guest

    UUTTA! Nyt asensin combofixin + scannasin. 3kertaa combofixin scannauksen aikana alkoi f-secure 2008 huutamaan "Virus havaittu"
    "Virus- ja vakoilusuojaus on havainnut trojan.win32.inject.ph (virus) tietokoneessa."
    Mikä avuksi? Puhdista (suositus) Kokeilin eikä se pystynyt poistamaan trojania.. Vaihtoehtoina on myös "poista tartunnan saanut tiedosto" ja "eristä".
    "Tiedot" Tyyppi: Troijalainen (jee)
    Tiedosto: C:/documents and settings/default user.ibm-blääblää
    Polku: xieitlsh21490ae.dll.
    Mikä nyt on.. Aina about 5sekunnin välein tilttaa kone 1sekunniksi.. tekstit yms. :S Vaikeeta kirjottaa tätä viestiä..
    Ja combofixin logi:
    ComboFix 07-12-21.4 - Default user 2007-12-29 22:44:08.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.257 [GMT 2:00]
    Running from: C:\Documents and Settings\Default user.IBM-5E9221490AE\Työpöytä\ComboFix.exe
    * Created a new restore point
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-28 to 2007-12-29 )))))))))))))))))
    .

    2007-12-29 17:38 . 2007-12-29 17:38 0 --a------ C:\23990098.$$$
    2007-12-29 15:21 . 2007-12-29 15:58 <KANSIO> d-------- C:\Downloads
    2007-12-29 14:46 . 2007-12-29 14:46 <KANSIO> d-------- C:\Program Files\CCleaner
    2007-12-29 13:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-12-29 13:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-12-29 13:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-12-29 00:29 . 2007-12-29 00:29 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\InterVideo
    2007-12-28 21:17 . 2007-12-28 21:17 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-12-28 17:41 . 2007-12-28 19:42 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-28 16:19 . 2007-12-28 16:19 <KANSIO> d-------- C:\Program Files\Little Fighter 2.5 - v2.0
    2007-12-28 16:09 . 2007-12-28 16:09 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Incomplete
    2007-12-28 16:08 . 2007-12-28 16:18 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\LimeWire
    2007-12-28 14:49 . 2007-12-28 15:43 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
    2007-12-28 14:19 . 2007-12-28 14:30 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-28 14:18 . 2007-12-28 14:18 <KANSIO> d-------- C:\Program Files\Windows Live
    2007-12-28 14:18 . 2007-12-28 14:18 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-28 14:13 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-28 13:52 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2007-12-28 13:52 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
    2007-12-28 13:52 . 2006-08-21 14:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
    2007-12-28 13:22 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-12-28 04:30 . 2007-12-28 04:30 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
    2007-12-28 03:50 . 2001-10-05 15:59 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-12-28 03:50 . 2001-10-05 15:59 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-12-28 03:49 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-12-28 03:49 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-12-28 03:49 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
    2007-12-28 03:41 . 2007-12-28 03:41 <KANSIO> d-------- C:\WINDOWS\provisioning
    2007-12-28 03:41 . 2007-12-28 03:41 <KANSIO> d-------- C:\WINDOWS\peernet
    2007-12-28 03:37 . 2007-12-28 03:37 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
    2007-12-28 03:28 . 2007-12-28 03:41 <KANSIO> d-------- C:\WINDOWS\EHome
    2007-12-28 02:58 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
    2007-12-28 02:58 . 2004-09-14 16:12 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
    2007-12-28 02:58 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
    2007-12-28 02:58 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
    2007-12-28 00:32 . 2007-12-29 15:06 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\F-Secure
    2007-12-28 00:25 . 2007-12-28 00:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2007-12-28 00:25 . 2007-12-28 01:41 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2007-12-28 00:25 . 2007-12-28 01:41 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2007-12-28 00:24 . 2007-12-28 03:17 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
    2007-12-28 00:20 . 2007-12-28 00:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
    2007-12-27 22:59 . 2007-12-27 22:59 <KANSIO> d---s---- C:\Documents and Settings\Default user.IBM-5E9221490AE\UserData
    2007-12-27 22:54 . 2004-09-15 01:11 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
    2007-12-27 22:54 . 2004-03-10 20:00 593,920 --------- C:\WINDOWS\system32\dllcache\xpsp2res.dll
    2007-12-27 22:54 . 2004-09-15 01:11 330,752 --a------ C:\WINDOWS\system32\ipnathlp.dll
    2007-12-27 22:54 . 2004-09-15 01:12 265,728 --a------ C:\WINDOWS\system32\h323.tsp
    2007-12-27 22:52 . 2007-12-27 22:52 <KANSIO> d-------- C:\WINDOWS\system32\bits
    2007-12-27 22:50 . 2004-09-15 01:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-12-27 22:48 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-12-27 22:45 . 2007-12-28 15:33 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2007-12-27 22:44 . 2007-06-26 08:09 1,104,896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-12-27 22:44 . 2007-06-26 08:09 1,104,896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-12-27 22:44 . 2004-09-15 01:11 102,400 --a------ C:\WINDOWS\system32\cscdll.dll
    2007-12-27 22:42 . 2006-08-14 12:34 332,928 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2007-12-27 22:41 . 2007-01-23 21:31 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx
    2007-12-27 22:41 . 2007-03-08 17:37 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-12-27 22:40 . 2004-09-15 01:11 384,512 --a------ C:\WINDOWS\system32\ipsmsnap.dll
    2007-12-27 22:40 . 2004-09-15 01:11 351,744 --a------ C:\WINDOWS\system32\ipsecsnp.dll
    2007-12-27 22:40 . 2004-09-15 01:11 267,264 --a------ C:\WINDOWS\system32\oakley.dll
    2007-12-27 22:40 . 2004-09-15 01:11 182,784 --a------ C:\WINDOWS\system32\ipsecsvc.dll
    2007-12-27 22:40 . 2006-06-22 12:48 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll
    2007-12-27 22:40 . 2004-09-15 01:11 105,472 --a------ C:\WINDOWS\system32\polstore.dll
    2007-12-27 22:40 . 2004-09-15 01:12 32,768 --a------ C:\WINDOWS\system32\winipsec.dll
    2007-12-27 22:39 . 2004-09-15 01:12 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
    2007-12-27 22:39 . 2004-09-15 01:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2007-12-27 22:39 . 2004-09-15 01:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
    2007-12-27 22:39 . 2004-09-15 01:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
    2007-12-27 22:37 . 2005-10-21 00:26 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
    2007-12-27 22:36 . 2006-06-26 19:45 148,480 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
    2007-12-27 22:36 . 2006-05-19 15:24 110,592 --------- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
    2007-12-27 22:36 . 2006-05-19 15:24 95,744 --------- C:\WINDOWS\system32\dllcache\iphlpapi.dll
    2007-12-27 22:35 . 2006-10-20 03:39 713,728 --a------ C:\WINDOWS\system32\sxs.dll
    2007-12-27 22:35 . 2006-08-25 17:49 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll
    2007-12-27 22:35 . 2006-04-20 13:51 359,808 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-12-27 22:35 . 2004-09-15 01:11 88,064 --a------ C:\WINDOWS\system32\fldrclnr.dll
    2007-12-27 22:32 . 2005-09-01 03:43 19,968 --a------ C:\WINDOWS\system32\linkinfo.dll
    2007-12-27 22:27 . 2005-08-23 05:39 123,904 --a------ C:\WINDOWS\system32\umpnpmgr.dll
    2007-12-27 22:27 . 2006-03-01 21:44 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
    2007-12-27 22:27 . 2006-03-01 21:44 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
    2007-12-27 22:26 . 2006-06-26 19:45 8,192 --------- C:\WINDOWS\system32\dllcache\rasadhlp.dll
    2007-12-27 22:16 . 2007-12-27 22:16 0 --a------ C:\WINDOWS\pestpatrol5.INI
    2007-12-27 22:10 . 2007-12-27 22:10 <KANSIO> d-------- C:\Documents and Settings\DEFAUL~1~IBM\LOCALS~1
    2007-12-27 19:06 . 2007-12-27 19:06 <KANSIO> d-------- C:\WINDOWS\Sun
    2007-12-27 19:06 . 2007-12-28 16:52 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
    2007-12-27 19:04 . 2007-12-27 19:04 <KANSIO> d-------- C:\Program Files\Java
    2007-12-27 19:04 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-27 19:00 . 2007-12-27 19:00 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2007-12-27 18:59 . 2007-12-27 18:59 0 --a------ C:\WINDOWS\mozver.dat
    2007-12-27 18:21 . 2007-12-27 18:21 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\IBM
    2007-12-27 17:43 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-12-27 17:43 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-12-27 17:43 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
    2007-12-27 17:43 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-12-27 17:43 . 2004-08-03 14:03 186,648 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2007-12-27 17:43 . 2004-08-03 14:02 168,728 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2007-12-27 17:43 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
    2007-12-27 17:34 . 2007-12-27 17:34 0 --a------ C:\WINDOWS\nsreg.dat

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-29 16:21 6,825,573 ----a-w C:\Program Files\mwav.log
    2007-12-29 16:21 1,586 ----a-w C:\Program Files\mwXface.log
    2007-12-29 14:04 8,695,505 ----a-w C:\Program Files\vlist.txt
    2007-12-29 13:29 92,954 ----a-w C:\Program Files\daily.avc
    2007-12-29 13:29 8,376 ----a-w C:\Program Files\krn003.avc
    2007-12-29 13:29 8,285 ----a-w C:\Program Files\base036.avc
    2007-12-29 13:29 79,893 ----a-w C:\Program Files\ca.avc
    2007-12-29 13:29 78,840 ----a-w C:\Program Files\krnexe32.avc
    2007-12-29 13:29 766 ----a-w C:\Program Files\daily-ex.avc
    2007-12-29 13:29 75,678 ----a-w C:\Program Files\unp007.avc
    2007-12-29 13:29 72,335 ----a-w C:\Program Files\krn001.avc
    2007-12-29 13:29 7,813 ----a-w C:\Program Files\dailyc.avc
    2007-12-29 13:29 7,758 ----a-w C:\Program Files\smart.avc
    2007-12-29 13:29 68,070 ----a-w C:\Program Files\unp035.avc
    2007-12-29 13:29 67,390 ----a-w C:\Program Files\unp002.avc
    2007-12-29 13:29 65,836 ----a-w C:\Program Files\unp010.avc
    2007-12-29 13:29 64,838 ----a-w C:\Program Files\unp016.avc
    2007-12-29 13:29 63,828 ----a-w C:\Program Files\unp023.avc
    2007-12-29 13:29 62,698 ----a-w C:\Program Files\unp019.avc
    2007-12-29 13:29 60,874 ----a-w C:\Program Files\unp013.avc
    2007-12-29 13:29 57,842 ----a-w C:\Program Files\unp015.avc
    2007-12-29 13:29 56,293 ----a-w C:\Program Files\unp014.avc
    2007-12-29 13:29 56,205 ----a-w C:\Program Files\base144.avc
    2007-12-29 13:29 55,947 ----a-w C:\Program Files\base072c.avc
    2007-12-29 13:29 55,741 ----a-w C:\Program Files\unp006.avc
    2007-12-29 13:29 55,475 ----a-w C:\Program Files\base068c.avc
    2007-12-29 13:29 55,212 ----a-w C:\Program Files\unp003.avc
    2007-12-29 13:29 55,174 ----a-w C:\Program Files\base067c.avc
    2007-12-29 13:29 55,081 ----a-w C:\Program Files\base066c.avc
    2007-12-29 13:29 55,041 ----a-w C:\Program Files\base069c.avc
    2007-12-29 13:29 54,798 ----a-w C:\Program Files\base161.avc
    2007-12-29 13:29 54,423 ----a-w C:\Program Files\unp008.avc
    2007-12-29 13:29 54,406 ----a-w C:\Program Files\base076c.avc
    2007-12-29 13:29 54,393 ----a-w C:\Program Files\base071c.avc
    2007-12-29 13:29 54,367 ----a-w C:\Program Files\base075c.avc
    2007-12-29 13:29 54,231 ----a-w C:\Program Files\base073c.avc
    2007-12-29 13:29 54,061 ----a-w C:\Program Files\base074c.avc
    2007-12-29 13:29 53,971 ----a-w C:\Program Files\base159.avc
    2007-12-29 13:29 53,588 ----a-w C:\Program Files\base070c.avc
    2007-12-29 13:29 53,241 ----a-w C:\Program Files\base077c.avc
    2007-12-29 13:29 52,973 ----a-w C:\Program Files\base095.avc
    2007-12-29 13:29 52,399 ----a-w C:\Program Files\unp011.avc
    2007-12-29 13:29 52,324 ----a-w C:\Program Files\base160.avc
    2007-12-29 13:29 51,448 ----a-w C:\Program Files\base002c.avc
    2007-12-29 13:29 51,199 ----a-w C:\Program Files\unp005.avc
    2007-12-29 13:29 51,077 ----a-w C:\Program Files\base146.avc
    2007-12-29 13:29 51,053 ----a-w C:\Program Files\base029.avc
    2007-12-29 13:29 51,001 ----a-w C:\Program Files\base136.avc
    2007-12-29 13:29 50,768 ----a-w C:\Program Files\base034c.avc
    2007-12-29 13:29 50,729 ----a-w C:\Program Files\base051.avc
    2007-12-29 13:29 50,681 ----a-w C:\Program Files\base009c.avc
    2007-12-29 13:29 50,657 ----a-w C:\Program Files\base109.avc
    2007-12-29 13:29 50,657 ----a-w C:\Program Files\base005c.avc
    2007-12-29 13:29 50,611 ----a-w C:\Program Files\base148.avc
    2007-12-29 13:29 50,562 ----a-w C:\Program Files\base157.avc
    2007-12-29 13:29 50,561 ----a-w C:\Program Files\base013c.avc
    2007-12-29 13:29 50,542 ----a-w C:\Program Files\base030c.avc
    2007-12-29 13:29 50,527 ----a-w C:\Program Files\base081.avc
    2007-12-29 13:29 50,501 ----a-w C:\Program Files\base065.avc
    2007-12-29 13:29 50,500 ----a-w C:\Program Files\base098.avc
    2007-12-29 13:29 50,492 ----a-w C:\Program Files\ext005c.avc
    2007-12-29 13:29 50,489 ----a-w C:\Program Files\base057c.avc
    2007-12-29 13:29 50,444 ----a-w C:\Program Files\base053c.avc
    2007-12-29 13:29 50,423 ----a-w C:\Program Files\base150.avc
    2007-12-29 13:29 50,398 ----a-w C:\Program Files\base119.avc
    2007-12-29 13:29 50,397 ----a-w C:\Program Files\base031c.avc
    2007-12-29 13:29 50,368 ----a-w C:\Program Files\base058c.avc
    2007-12-29 13:29 50,363 ----a-w C:\Program Files\base142.avc
    2007-12-29 13:29 50,335 ----a-w C:\Program Files\base007c.avc
    2007-12-29 13:29 50,325 ----a-w C:\Program Files\base012c.avc
    2007-12-29 13:29 50,286 ----a-w C:\Program Files\base006c.avc
    2007-12-29 13:29 50,278 ----a-w C:\Program Files\base127.avc
    2007-12-29 13:29 50,271 ----a-w C:\Program Files\base051c.avc
    2007-12-29 13:29 50,270 ----a-w C:\Program Files\base027c.avc
    2007-12-29 13:29 50,265 ----a-w C:\Program Files\ext003c.avc
    2007-12-29 13:29 50,263 ----a-w C:\Program Files\base034.avc
    2007-12-29 13:29 50,247 ----a-w C:\Program Files\base024c.avc
    2007-12-29 13:29 50,233 ----a-w C:\Program Files\base064c.avc
    2007-12-29 13:29 50,201 ----a-w C:\Program Files\base120.avc
    2007-12-29 13:29 50,198 ----a-w C:\Program Files\base154.avc
    2007-12-29 13:29 50,188 ----a-w C:\Program Files\base039.avc
    2007-12-29 13:29 50,182 ----a-w C:\Program Files\base078.avc
    2007-12-29 13:29 50,179 ----a-w C:\Program Files\base029c.avc
    2007-12-29 13:29 50,166 ----a-w C:\Program Files\base036c.avc
    2007-12-29 13:29 50,166 ----a-w C:\Program Files\base004c.avc
    2007-12-29 13:29 50,163 ----a-w C:\Program Files\base063c.avc
    2007-12-29 13:29 50,160 ----a-w C:\Program Files\base023.avc
    2007-12-29 13:29 50,158 ----a-w C:\Program Files\base055c.avc
    2007-12-29 13:29 50,149 ----a-w C:\Program Files\base014c.avc
    2007-12-29 13:29 50,135 ----a-w C:\Program Files\base061c.avc
    2007-12-29 13:29 50,131 ----a-w C:\Program Files\base056.avc
    2007-12-29 13:29 50,115 ----a-w C:\Program Files\base017c.avc
    2007-12-29 13:29 50,107 ----a-w C:\Program Files\base037c.avc
    2007-12-29 13:29 50,106 ----a-w C:\Program Files\base018c.avc
    2007-12-29 13:29 50,103 ----a-w C:\Program Files\base141.avc
    2007-12-29 13:29 50,102 ----a-w C:\Program Files\base022.avc
    2007-12-29 13:29 50,098 ----a-w C:\Program Files\base052c.avc
    2007-12-29 13:29 50,098 ----a-w C:\Program Files\base008c.avc
    2007-12-29 13:29 50,081 ----a-w C:\Program Files\base035c.avc
    2007-12-29 13:29 50,079 ----a-w C:\Program Files\base140.avc
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
    "IBM RecordNow!"="" []
    "ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-08-18 20:13]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "S3TRAY2"="S3Tray2.exe" [2001-10-12 08:32 C:\WINDOWS\system32\S3Tray2.exe]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-08-28 21:11]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-08-28 21:10]
    "BluetoothAuthenticationAgent"="irprops.cpl" [2004-09-15 01:12 C:\WINDOWS\system32\irprops.cpl]
    "TpShocks"="TpShocks.exe" [2003-09-04 09:03 C:\WINDOWS\system32\TpShocks.exe]
    "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-03-10 20:10]
    "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2003-07-11 11:34]
    "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2003-09-02 23:56]
    "TP4EX"="tp4ex.exe" [2002-09-04 11:05 C:\WINDOWS\system32\TP4EX.exe]
    "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-07-18 12:02]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 18:53 C:\WINDOWS\AGRSMMSG.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 07:10]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 02:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "UC_SMB"="" []
    "UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [2003-03-18 01:27]
    "ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-08-18 20:13]
    "UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 11:01]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-10-22 11:04]
    "QCTRAY"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE" [2004-03-12 13:10]
    "QCWLICON"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE" [2004-03-12 13:10]
    "BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12]
    "F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-12-28 01:41]
    R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2003-09-11 20:03]
    R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-03-12 13:10]
    R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
    R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-03-12 13:10]
    R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-07-11 11:34]
    R2 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2003-07-24 23:26]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
    S3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-08-18 07:28]
    S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-03-12 13:10]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

    *Newly Created Service* - PROCEXP90
    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2007-12-27 16:21:15 C:\WINDOWS\Tasks\BMMTask.job"
    - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-29 22:56:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-29 23:02:46
    .
    2007-12-28 13:43:39 --- E O F ---
     
    spas12, Dec 29, 2007
    #13
  14. Hujo

    Hujo Guest

    Poista tuo kaspensky koneelta ja se bases kansio.

    aja sitten combofix uudestaan
     
    Hujo, Dec 29, 2007
    #14
  15. spas12

    spas12 Guest

    Nyt onneksi rundll32.exe meni hetkeksi pois päältä, ja tuo "trojan.32.joku" juttu vilkkuu tuossa aina kun scannaan combofixillä.
    Uusi combofix:
    ComboFix 07-12-21.4 - Default user 2007-12-29 23:41:08.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.190 [GMT 2:00]
    Running from: C:\Documents and Settings\Default user.IBM-5E9221490AE\Työpöytä\ComboFix.exe
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-28 to 2007-12-29 )))))))))))))))))
    .

    2007-12-29 17:38 . 2007-12-29 17:38 0 --a------ C:\23990098.$$$
    2007-12-29 15:21 . 2007-12-29 15:58 <KANSIO> d-------- C:\Downloads
    2007-12-29 14:46 . 2007-12-29 14:46 <KANSIO> d-------- C:\Program Files\CCleaner
    2007-12-29 13:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-12-29 13:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-12-29 13:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-12-29 00:29 . 2007-12-29 00:29 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\InterVideo
    2007-12-28 21:17 . 2007-12-28 21:17 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-12-28 17:41 . 2007-12-28 19:42 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-28 16:19 . 2007-12-28 16:19 <KANSIO> d-------- C:\Program Files\Little Fighter 2.5 - v2.0
    2007-12-28 16:09 . 2007-12-28 16:09 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Incomplete
    2007-12-28 16:08 . 2007-12-28 16:18 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\LimeWire
    2007-12-28 14:49 . 2007-12-28 15:43 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
    2007-12-28 14:19 . 2007-12-28 14:30 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-28 14:18 . 2007-12-28 14:18 <KANSIO> d-------- C:\Program Files\Windows Live
    2007-12-28 14:18 . 2007-12-28 14:18 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-28 14:13 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-28 13:52 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2007-12-28 13:52 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
    2007-12-28 13:52 . 2006-08-21 14:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
    2007-12-28 13:22 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-12-28 04:30 . 2007-12-28 04:30 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
    2007-12-28 03:50 . 2001-10-05 15:59 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-12-28 03:50 . 2001-10-05 15:59 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-12-28 03:49 . 2004-08-04 08:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-12-28 03:49 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-12-28 03:49 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
    2007-12-28 03:41 . 2007-12-28 03:41 <KANSIO> d-------- C:\WINDOWS\provisioning
    2007-12-28 03:41 . 2007-12-28 03:41 <KANSIO> d-------- C:\WINDOWS\peernet
    2007-12-28 03:37 . 2007-12-28 03:37 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
    2007-12-28 03:28 . 2007-12-28 03:41 <KANSIO> d-------- C:\WINDOWS\EHome
    2007-12-28 02:58 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
    2007-12-28 02:58 . 2004-09-14 16:12 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
    2007-12-28 02:58 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
    2007-12-28 02:58 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
    2007-12-28 00:32 . 2007-12-29 15:06 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\F-Secure
    2007-12-28 00:25 . 2007-12-28 00:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2007-12-28 00:25 . 2007-12-28 01:41 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2007-12-28 00:25 . 2007-12-28 01:41 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2007-12-28 00:24 . 2007-12-28 03:17 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
    2007-12-28 00:20 . 2007-12-28 00:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
    2007-12-27 22:59 . 2007-12-27 22:59 <KANSIO> d---s---- C:\Documents and Settings\Default user.IBM-5E9221490AE\UserData
    2007-12-27 22:54 . 2004-09-15 01:11 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
    2007-12-27 22:54 . 2004-03-10 20:00 593,920 --------- C:\WINDOWS\system32\dllcache\xpsp2res.dll
    2007-12-27 22:54 . 2004-09-15 01:11 330,752 --a------ C:\WINDOWS\system32\ipnathlp.dll
    2007-12-27 22:54 . 2004-09-15 01:12 265,728 --a------ C:\WINDOWS\system32\h323.tsp
    2007-12-27 22:52 . 2007-12-27 22:52 <KANSIO> d-------- C:\WINDOWS\system32\bits
    2007-12-27 22:50 . 2004-09-15 01:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-12-27 22:48 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-12-27 22:45 . 2007-12-28 15:33 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2007-12-27 22:44 . 2007-06-26 08:09 1,104,896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-12-27 22:44 . 2007-06-26 08:09 1,104,896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-12-27 22:44 . 2004-09-15 01:11 102,400 --a------ C:\WINDOWS\system32\cscdll.dll
    2007-12-27 22:42 . 2006-08-14 12:34 332,928 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2007-12-27 22:41 . 2007-01-23 21:31 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx
    2007-12-27 22:41 . 2007-03-08 17:37 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-12-27 22:40 . 2004-09-15 01:11 384,512 --a------ C:\WINDOWS\system32\ipsmsnap.dll
    2007-12-27 22:40 . 2004-09-15 01:11 351,744 --a------ C:\WINDOWS\system32\ipsecsnp.dll
    2007-12-27 22:40 . 2004-09-15 01:11 267,264 --a------ C:\WINDOWS\system32\oakley.dll
    2007-12-27 22:40 . 2004-09-15 01:11 182,784 --a------ C:\WINDOWS\system32\ipsecsvc.dll
    2007-12-27 22:40 . 2006-06-22 12:48 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll
    2007-12-27 22:40 . 2004-09-15 01:11 105,472 --a------ C:\WINDOWS\system32\polstore.dll
    2007-12-27 22:40 . 2004-09-15 01:12 32,768 --a------ C:\WINDOWS\system32\winipsec.dll
    2007-12-27 22:39 . 2004-09-15 01:12 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
    2007-12-27 22:39 . 2004-09-15 01:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2007-12-27 22:39 . 2004-09-15 01:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
    2007-12-27 22:39 . 2004-09-15 01:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
    2007-12-27 22:37 . 2005-10-21 00:26 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
    2007-12-27 22:36 . 2006-06-26 19:45 148,480 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
    2007-12-27 22:36 . 2006-05-19 15:24 110,592 --------- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
    2007-12-27 22:36 . 2006-05-19 15:24 95,744 --------- C:\WINDOWS\system32\dllcache\iphlpapi.dll
    2007-12-27 22:35 . 2006-10-20 03:39 713,728 --a------ C:\WINDOWS\system32\sxs.dll
    2007-12-27 22:35 . 2006-08-25 17:49 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll
    2007-12-27 22:35 . 2006-04-20 13:51 359,808 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-12-27 22:35 . 2004-09-15 01:11 88,064 --a------ C:\WINDOWS\system32\fldrclnr.dll
    2007-12-27 22:32 . 2005-09-01 03:43 19,968 --a------ C:\WINDOWS\system32\linkinfo.dll
    2007-12-27 22:27 . 2005-08-23 05:39 123,904 --a------ C:\WINDOWS\system32\umpnpmgr.dll
    2007-12-27 22:27 . 2006-03-01 21:44 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
    2007-12-27 22:27 . 2006-03-01 21:44 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
    2007-12-27 22:26 . 2006-06-26 19:45 8,192 --------- C:\WINDOWS\system32\dllcache\rasadhlp.dll
    2007-12-27 22:16 . 2007-12-27 22:16 0 --a------ C:\WINDOWS\pestpatrol5.INI
    2007-12-27 22:10 . 2007-12-27 22:10 <KANSIO> d-------- C:\Documents and Settings\DEFAUL~1~IBM\LOCALS~1
    2007-12-27 19:06 . 2007-12-27 19:06 <KANSIO> d-------- C:\WINDOWS\Sun
    2007-12-27 19:06 . 2007-12-28 16:52 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
    2007-12-27 19:04 . 2007-12-27 19:04 <KANSIO> d-------- C:\Program Files\Java
    2007-12-27 19:04 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-27 19:00 . 2007-12-27 19:00 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2007-12-27 18:59 . 2007-12-27 18:59 0 --a------ C:\WINDOWS\mozver.dat
    2007-12-27 18:21 . 2007-12-27 18:21 <KANSIO> d-------- C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\IBM
    2007-12-27 17:43 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-12-27 17:43 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-12-27 17:43 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
    2007-12-27 17:43 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-12-27 17:43 . 2004-08-03 14:03 186,648 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2007-12-27 17:43 . 2004-08-03 14:02 168,728 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2007-12-27 17:43 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
    2007-12-27 17:34 . 2007-12-27 17:34 0 --a------ C:\WINDOWS\nsreg.dat

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-27 22:21 --------- d-----w C:\Program Files\Symantec
    2007-12-27 22:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-12-27 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-14 22:45 47 ----a-w C:\WINDOWS\system32\drivers\IBM_2373_7FG.MRK
    2007-11-14 22:34 --------- d-----w C:\Program Files\PC-Doctor for Windows
    2007-11-14 22:30 --------- d-----w C:\Program Files\Sonic
    2007-11-14 22:30 --------- d-----w C:\Program Files\InterVideo
    2007-11-14 22:30 --------- d-----w C:\Program Files\IBM RecordNow!
    2007-11-14 22:30 --------- d-----w C:\Program Files\IBM DLA
    2007-11-14 22:30 --------- d-----w C:\Program Files\Common Files\SureThing Shared
    2007-11-14 22:30 --------- d-----w C:\Program Files\Common Files\Sonic
    2007-11-14 22:30 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sonic
    2007-11-14 22:30 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sonic
    2007-11-14 22:30 --------- d-----w C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\Sonic
    2007-11-14 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ibm
    2007-11-14 22:28 --------- d-----w C:\Program Files\IBM
    2007-11-14 22:27 --------- d-----w C:\Program Files\SBApps
    2007-11-14 22:27 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec
    2007-11-14 22:27 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec
    2007-11-14 22:27 --------- d-----w C:\Documents and Settings\Default user.IBM-5E9221490AE\Application Data\Symantec
    2007-11-14 22:23 --------- d-----w C:\Program Files\ATI Technologies
    2007-11-14 22:22 14,037 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
    2007-11-14 22:22 0 ---ha-r C:\WINDOWS\system32\drivers\IBM_2373_7FG_TP.MRK
    2007-11-14 22:22 --------- d-----w C:\Program Files\ltmoh
    2007-11-14 22:22 --------- d-----w C:\Program Files\Intel
    2007-11-14 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-14 22:18 --------- d-----w C:\Program Files\ThinkPad
    2007-11-14 22:18 --------- d-----w C:\Program Files\Common Files\InstallShield
    2007-11-14 21:49 --------- d-----w C:\Program Files\Synaptics
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-30 23:26 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:01 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
    2007-10-25 08:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:00 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-11 06:00 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-10-11 06:00 1,497,600 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-10-11 05:59 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-10-11 05:59 1,055,232 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-10-11 05:59 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-10-10 23:52 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:52 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:52 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:52 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:52 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:52 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:52 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:52 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:52 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:52 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:52 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:52 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:52 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:52 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:52 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:52 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:52 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:52 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:52 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:52 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:52 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:52 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 11:00 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
    "IBM RecordNow!"="" []
    "ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-08-18 20:13]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "S3TRAY2"="S3Tray2.exe" [2001-10-12 08:32 C:\WINDOWS\system32\S3Tray2.exe]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-08-28 21:11]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-08-28 21:10]
    "BluetoothAuthenticationAgent"="irprops.cpl" [2004-09-15 01:12 C:\WINDOWS\system32\irprops.cpl]
    "TpShocks"="TpShocks.exe" [2003-09-04 09:03 C:\WINDOWS\system32\TpShocks.exe]
    "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-03-10 20:10]
    "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2003-07-11 11:34]
    "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2003-09-02 23:56]
    "TP4EX"="tp4ex.exe" [2002-09-04 11:05 C:\WINDOWS\system32\TP4EX.exe]
    "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-07-18 12:02]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 18:53 C:\WINDOWS\AGRSMMSG.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 07:10]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 02:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "UC_SMB"="" []
    "UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [2003-03-18 01:27]
    "ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-08-18 20:13]
    "UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 11:01]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-10-22 11:04]
    "QCTRAY"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE" [2004-03-12 13:10]
    "QCWLICON"="C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE" [2004-03-12 13:10]
    "BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12]
    "F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-12-28 01:41]
    R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2003-09-11 20:03]
    R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-03-12 13:10]
    R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
    R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-03-12 13:10]
    R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-07-11 11:34]
    R2 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2003-07-24 23:26]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
    S3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-08-18 07:28]
    S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-03-12 13:10]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

    *Newly Created Service* - PROCEXP90
    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2007-12-27 16:21:15 C:\WINDOWS\Tasks\BMMTask.job"
    - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-29 23:52:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-29 23:56:05
    C:\ComboFix2.txt ... 2007-12-29 23:03
    .
    2007-12-28 13:43:39 --- E O F ---
     
    Last edited by a moderator: Dec 29, 2007
    spas12, Dec 29, 2007
    #15
  16. Hujo

    Hujo Guest

    scannaa uusi hjt:n loki
     
    Hujo, Dec 29, 2007
    #16
  17. spas12

    spas12 Guest

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:34:32, on 30.12.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
    C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure Internet Security\FSAUA\program\licmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCTRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\Yhteysapuohjelmat\QCWLICON.EXE
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

    --
    End of file - 7492 bytes
     
    Last edited by a moderator: Dec 31, 2007
    spas12, Dec 29, 2007
    #17
  18. spas12

    spas12 Guest

    Last edited by a moderator: Dec 29, 2007
    spas12, Dec 29, 2007
    #18
  19. spas12

    spas12 Guest

    Voiko tuon kanssa mitään tehdä enää.. Vai onko enää vaihtoehtoina windowsin uudelleenasennus? Onko mahd. virusscannereita vielä?
     
    spas12, Dec 31, 2007
    #19
  20. Hujo

    Hujo Guest

    spas12

    Niinkuin tossa aikasemmin laitoin ,että tuo 512mb on vähän keskusmuistia . Sitä pitää ainakin olla se 1g.
    Sillä Windows XP SP2 syö jo tuosta muistista puolet.
    Tämä on myös oikea teho syöppö F-Secure Internet Security tuo pitäis ainakin vaihtaa kevyempään.
    Paljon noita käynnistyviä näyttää olevan myös.

    Formatoi, mutta sitä keskusmuisti pitää olla enenmän
     
    Last edited by a moderator: Dec 31, 2007
    Hujo, Dec 31, 2007
    #20
Page 1 of 2

Share This Page