Hei. Tänään koneellani istuessa huomasin, että Antivirus XP 2008 löysi 424 virusta koneeltani, joka suorastaan järkytti. Kuitenkin pääosin käytän Avira Antivirusta, joka ei löytänyt kuin yhden viruksen nimeltä TR/Dldr.FraudLoa.NC Yritin poistaa, mutta valittaa ettei käyttöoikeuksia ole. Olen koneen ainoa käyttäjä täysillä oikeuksilla)
No näitähän riittää näköjään vaikka kuinka paljon! Tuo Antivirus XP 2008 on itsessään haittaohjelma, antaa virheellisiä ilmoituksia koneen virustilanteesta yms, googlettamalla saat lisää tietoa Laita hjt-loki joko tänne Afterdawniin tai Virustorjunta.nettiin, saat lisäohjeita sen jälkeen!
Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\mobsync.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FI&range=AD&phase=8&key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [lphccrrj0e349] C:\Windows\system32\lphccrrj0e349.exe O4 - HKLM\..\Run: [SMrhc9rrj0e349] C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6134 bytes Tossa olisi
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä: Combofix.exe Combofix.exe Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti * Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista. * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
Jooh, no täs ois nää. Lähetän peräkkäin HJT ja ComboFixin, Malwarebytes' Anti-Malware tulee perässä vähän myöhemmin Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:51, on 11.8.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\mobsync.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FI&range=AD&phase=8&key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [lphccrrj0e349] C:\Windows\system32\lphccrrj0e349.exe O4 - HKLM\..\Run: [SMrhc9rrj0e349] C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6134 bytes Tässä seuraava ComboFix 08-08-10.05 - Lauri 2008-08-11 21:10:51.1 - NTFSx86 Running from: C:\Users\Lauri\Desktop\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\rhc9rrj0e349 C:\Program Files\RichVideoCodec C:\Program Files\RichVideoCodec\MultiLoader.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk C:\Users\Lauri\AppData\Local\Temp\E_4 C:\Users\Lauri\AppData\Local\Temp\E_4\HtmlView.fne C:\Users\Lauri\AppData\Local\Temp\E_4\krnln.fnr C:\Users\Lauri\AppData\Roaming\rhc9rrj0e349 C:\Users\Public\Desktop\Antivirus XP 2008.lnk C:\Windows\system32\lphccrrj0e349.exe C:\Windows\system32\phccrrj0e349.bmp . ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-11 to 2008-08-11 ))))))))))))))))) . 2008-08-11 19:01 . 2008-08-11 19:01 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-08-11 17:27 . 2008-08-11 17:27 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-08-11 15:10 . 2008-08-11 15:10 0 --a------ C:\Windows\System32\212A.tmp 2008-08-03 19:24 . 2008-08-03 19:24 <KANSIO> d-------- C:\Program Files\Magelo 2008-08-02 10:02 . 2008-02-12 14:06 184,320 --a------ C:\Control Panel.exe 2008-08-02 10:01 . 2008-08-02 10:04 <KANSIO> d-------- C:\Tools 2008-08-02 10:01 . 2008-01-07 23:03 <KANSIO> d-a------ C:\Server 2008-08-02 10:01 . 2008-08-02 11:09 <KANSIO> d-------- C:\Ascent 2008-08-01 21:08 . 2008-08-01 21:08 <KANSIO> d-------- C:\PerfLogs 2008-07-29 19:25 . 2008-08-02 19:18 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\LimeWire 2008-07-29 19:25 . 2008-07-29 19:25 <KANSIO> d-------- C:\Program Files\LimeWire 2008-07-28 12:38 . 2008-07-28 12:38 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Music 2008-07-28 12:36 . 2008-07-28 12:36 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Apple Computer 2008-07-28 12:35 . 2008-07-28 12:35 <KANSIO> d-------- C:\Program Files\iTunes 2008-07-28 12:35 . 2008-07-28 12:35 <KANSIO> d-------- C:\Program Files\iPod 2008-07-28 12:35 . 2008-07-28 12:35 <KANSIO> d-------- C:\Program Files\Bonjour 2008-07-28 12:33 . 2008-07-28 12:35 <KANSIO> d-------- C:\Users\All Users\Apple Computer 2008-07-28 12:33 . 2008-07-28 12:35 <KANSIO> d-------- C:\ProgramData\Apple Computer 2008-07-28 12:33 . 2008-07-28 12:34 <KANSIO> d-------- C:\Program Files\QuickTime 2008-07-28 12:32 . 2008-07-28 12:32 <KANSIO> d-------- C:\Program Files\Apple Software Update 2008-07-28 12:31 . 2008-07-28 12:31 <KANSIO> d-------- C:\Users\All Users\Apple 2008-07-28 12:31 . 2008-07-28 12:31 <KANSIO> d-------- C:\ProgramData\Apple 2008-07-28 12:31 . 2008-07-28 12:31 <KANSIO> d-------- C:\Program Files\Common Files\Apple 2008-07-20 21:04 . 2008-07-20 21:05 <KANSIO> d-------- C:\.NS_file_store_32 2008-07-20 20:53 . 2008-07-20 20:58 <KANSIO> d-------- C:\.mpr_file_store_32 2008-07-20 20:40 . 2008-07-20 20:44 <KANSIO> d-------- C:\weedscapecache 2008-07-20 20:39 . 2008-07-20 20:39 <KANSIO> d-------- C:\Program Files\Sun 2008-07-20 20:38 . 2008-07-20 20:38 <KANSIO> d-------- C:\Program Files\Java 2008-07-20 20:37 . 2008-07-20 20:37 <KANSIO> d-------- C:\Program Files\Common Files\Java 2008-07-20 18:42 . 2008-07-20 18:42 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys 2008-07-20 11:33 . 2008-01-19 10:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr 2008-07-20 11:32 . 2008-01-19 10:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-07-20 11:31 . 2008-01-19 09:53 130,048 --a------ C:\Windows\System32\drivers\drmk.sys 2008-07-20 11:30 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-07-20 11:29 . 2008-01-19 10:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-07-20 11:28 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-07-20 11:28 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-07-20 11:28 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-07-20 11:27 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-07-20 11:27 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-07-20 11:25 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-07-20 11:25 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-07-20 11:25 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-07-20 11:25 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-07-20 01:26 . 2008-08-11 15:44 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\uTorrent 2008-07-20 01:26 . 2008-07-20 01:26 <KANSIO> d-------- C:\Program Files\uTorrent 2008-07-19 23:56 . 2008-07-19 23:56 <KANSIO> d-------- C:\Program Files\MySQL 2008-07-18 18:50 . 2008-07-18 18:50 131,072,000 --a------ C:\Windows\MEMORY.DMP 2008-07-18 11:03 . 2008-07-18 11:03 1,820 --a------ C:\Windows\System32\rasctrnm.h 2008-07-18 10:58 . 2008-07-18 10:58 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-07-18 10:58 . 2008-07-18 10:58 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-07-18 10:58 . 2008-07-18 10:58 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-07-18 10:58 . 2008-07-18 10:58 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-07-18 10:58 . 2008-07-18 10:58 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-07-18 10:58 . 2008-07-18 10:58 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-07-16 12:56 . 2008-07-16 12:57 <KANSIO> d-------- C:\Program Files\ExpressZIP 2008-07-16 12:56 . 2008-07-16 12:56 6,144 --ahs---- C:\Windows\System32\access.ctl 2008-07-15 13:50 . 2008-07-15 13:50 <KANSIO> d-------- C:\Windows\PCHEALTH 2008-07-15 11:34 . 2008-07-15 11:34 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-15 11:29 . 2008-07-15 11:29 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-07-15 11:28 . 2008-07-15 11:28 988,216 --a------ C:\Windows\System32\winload.exe 2008-07-15 11:28 . 2008-07-15 11:28 927,288 --a------ C:\Windows\System32\winresume.exe 2008-07-15 11:28 . 2008-07-15 11:28 615,992 --a------ C:\Windows\System32\ci.dll 2008-07-15 11:28 . 2008-07-15 11:28 378,368 --a------ C:\Windows\System32\srcore.dll 2008-07-15 11:28 . 2008-07-15 11:28 318,464 --a------ C:\Windows\System32\rstrui.exe 2008-07-15 11:28 . 2008-07-15 11:28 46,592 --a------ C:\Windows\System32\setbcdlocale.dll 2008-07-15 11:28 . 2008-07-15 11:28 40,960 --a------ C:\Windows\System32\srclient.dll 2008-07-15 11:28 . 2008-07-15 11:28 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-07-15 11:28 . 2008-07-15 11:28 14,848 --a------ C:\Windows\System32\srdelayed.exe 2008-07-15 11:27 . 2008-07-15 11:27 2,032,128 --a------ C:\Windows\System32\win32k.sys 2008-07-15 11:26 . 2008-07-15 11:26 295,936 --a------ C:\Windows\System32\gdi32.dll 2008-07-15 11:25 . 2008-07-15 11:25 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-07-15 11:25 . 2008-07-15 11:25 14,848 --a------ C:\Windows\System32\wshrm.dll 2008-07-15 11:23 . 2008-07-15 11:23 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-15 11:23 . 2008-07-15 11:23 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-07-15 11:18 . 2008-07-15 11:18 <KANSIO> d-------- C:\Program Files\MSXML 4.0 2008-07-15 11:18 . 2008-07-15 11:18 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-07-15 11:16 . 2008-07-15 11:16 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-07-15 11:16 . 2008-07-15 11:16 826,880 --a------ C:\Windows\System32\wininet.dll 2008-07-15 02:12 . 2008-07-15 02:12 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight 2008-07-14 12:33 . 2008-07-20 18:52 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Hamachi 2008-07-13 20:10 . 2008-07-17 15:46 <KANSIO> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-07-13 19:38 . 2008-07-15 13:50 <KANSIO> d-------- C:\Program Files\Windows Live 2008-07-13 19:38 . 2008-07-15 13:50 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-13 19:37 . 2008-07-15 13:45 <KANSIO> d-------- C:\Users\All Users\WLInstaller 2008-07-13 19:37 . 2008-07-15 13:45 <KANSIO> d-------- C:\ProgramData\WLInstaller 2008-07-13 19:29 . 2008-07-13 19:29 <KANSIO> d-------- C:\Users\All Users\Avira 2008-07-13 19:29 . 2008-07-13 19:29 <KANSIO> d-------- C:\ProgramData\Avira 2008-07-13 19:29 . 2008-07-13 19:29 <KANSIO> d-------- C:\Program Files\Avira 2008-07-13 19:13 . 2008-07-13 19:13 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Talkback 2008-07-13 18:56 . 2008-07-13 19:15 16 --a------ C:\Windows\System32\coh.cache 2008-07-13 18:53 . 2008-07-13 18:53 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Roxio 2008-07-13 18:53 . 2008-07-13 19:04 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Packard Bell 2008-07-13 18:53 . 2008-07-13 18:53 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\CyberLink 2008-07-13 18:52 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Searches 2008-07-13 18:52 . 2008-07-30 14:32 <KANSIO> dr------- C:\Users\Lauri\Contacts 2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Videos 2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Saved Games 2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Pictures 2008-07-13 18:34 . 2008-07-28 12:36 <KANSIO> dr------- C:\Users\Lauri\Music 2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Links 2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> dr------- C:\Users\Lauri\Downloads 2008-07-13 18:34 . 2008-07-29 19:26 <KANSIO> dr------- C:\Users\Lauri\Documents 2008-07-13 18:34 . 2006-11-02 15:37 <KANSIO> d-------- C:\Users\Lauri\AppData\Roaming\Media Center Programs 2008-07-13 18:34 . 2008-07-13 18:52 <KANSIO> d--h----- C:\Users\Lauri\AppData 2008-07-13 18:34 . 2008-07-28 12:31 <KANSIO> d-------- C:\Users\Lauri 2008-07-13 18:31 . 2008-07-13 18:31 <KANSIO> dr------- C:\Windows\System32\config\systemprofile\Contacts 2008-07-13 16:14 . 2008-07-18 18:50 177,429,440 --a------ C:\Windows\DUMP3024.tmp . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-01 18:29 174 --sha-w C:\Program Files\desktop.ini 2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Mail 2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Journal 2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Defender 2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Collaboration 2008-08-01 18:16 --------- d-----w C:\Program Files\Windows Calendar 2008-07-20 08:27 --------- d-----w C:\Program Files\Reference Assemblies 2008-07-19 07:59 --------- d-----w C:\Program Files\Google 2008-07-15 08:23 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-15 08:23 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-15 08:23 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-15 08:23 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-15 08:23 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-13 16:23 --------- d-----w C:\ProgramData\Sonic 2008-07-13 16:22 --------- d-----w C:\ProgramData\Symantec 2008-07-13 16:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Työpöytä 2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Tiedostot 2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Suosikit 2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Mallit 2008-07-13 15:31 --------- d-sh--w C:\ProgramData\Käynnistä-valikko . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 10:33 227840] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 22:15 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 22:15 8466432] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 22:15 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 19:07 4390912 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2008-07-18 19:04 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2007-09-01 07:18 1836544 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPService] --a------ 2007-06-12 23:36 102400 C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-07-06 22:15 8466432 C:\Windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-07-06 22:15 81920 C:\Windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2007-07-06 22:15 86016 C:\Windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] --a------ 2007-01-11 11:40 232184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-19 10:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys] --a------ 2007-07-19 16:32 1120568 C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] --a------ 2007-02-20 19:20 28672 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-19 10:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2007-02-15 19:07 4390912 C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] --a------ 2008-01-19 10:36 2153472 C:\Windows\System32\oobefldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{E7B348B8-8E16-44CF-B01E-3E2512A257A5}C:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= UDP:C:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{EBD5C045-CB1D-4026-AB48-F7AC48717A47}C:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= TCP:C:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{A4C2F173-11D2-42B6-AFE0-A778BC942CA3}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "UDP Query User{3AAC7C09-5A0D-4D7E-A769-E331C869321A}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "{1B426326-1EF9-4A5D-B272-BC6FF3AFA208}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{9646ED42-2288-4D3E-AA52-0B23F6083D38}"= UDP:C:\Program Files\World of Warcraft\WoW-2.4.2-enGB-downloader.exe:Blizzard Downloader "{650590AF-D3E1-4541-A745-E9458BCFD3B7}"= TCP:C:\Program Files\World of Warcraft\WoW-2.4.2-enGB-downloader.exe:Blizzard Downloader "{592D5DA4-AB38-4ED8-9AEA-A53F94EC9680}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{56451D80-DB61-4F6C-8693-D62A9ADAEEFA}C:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= UDP:C:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld "UDP Query User{057CB7B1-BEFE-4E29-BD36-E84F4C68F337}C:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= TCP:C:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld "{3E9597DC-F2CC-4A74-93AD-53AA80F004AB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{190D0A95-6F7D-4A68-84F6-28A337F4878A}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{45528739-5F4A-4D36-9A30-861EAE6CB75D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{75C71410-29B5-4034-8FEC-425D2376F49D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DisableNotifications"= 1 (0x1) . 'Ajoitetut teht„v„t'-kansion sis„lt” 2008-08-11 C:\Windows\Tasks\Laajennettu takuu.job - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 19:38] 2008-08-11 C:\Windows\Tasks\PBRegbk.job - C:\Program Files\HDReg\HDRegApp.exe [2005-06-21 13:05] 2008-08-11 C:\Windows\Tasks\Recovery DVD Creator.job - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 19:34] 2008-08-11 C:\Windows\Tasks\User_Feed_Synchronization-{AF5175DA-DFF2-45C3-A4EA-076924D5B3C2}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 10:33] . - - - - ORPHANS REMOVED - - - - HKLM-Run-lphccrrj0e349 - C:\Windows\system32\lphccrrj0e349.exe HKLM-Run-SMrhc9rrj0e349 - C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Lauri\AppData\Roaming\Mozilla\Firefox\Profiles\3dqugozu.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-11 21:15:03 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Users\Lauri\AppData\Local\Temp\CabDC0B.tmp 27455 bytes C:\Users\Lauri\AppData\Local\Temp\TarDC0C.tmp 0 bytes scan completed successfully hidden files: 2 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-08-11 21:17:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-11 18:17:36 Pre-Run: 298,929,758,208 tavua vapaana Post-Run: 299,313,618,944 tavua vapaana 289 --- E O F --- 2008-08-11 08:34:57
Tässä Malwarebytes ja viimeisin HJT Malwarebytes' Anti-Malware 1.24 Tietokantaversio: 1042 Windows 6.0.6001 Service Pack 1 21:49:08 11.8.2008 mbam-log-8-11-2008 (21-49-08).txt Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|) Tarkistetut kohteet: 89042 Kulunut aika: 21 minute(s), 56 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 2 Saastuneita rekisteriarvoja: 3 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 2 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc9rrj0e349 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhc9rrj0e349 (Rogue.Multiple) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:51, on 11.8.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\mobsync.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FI&range=AD&phase=8&key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [lphccrrj0e349] C:\Windows\system32\lphccrrj0e349.exe O4 - HKLM\..\Run: [SMrhc9rrj0e349] C:\Program Files\rhc9rrj0e349\rhc9rrj0e349.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6134 bytes C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully. C:\Users\Lauri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
