Todellinen ongelma kone. HiJackThis please

b4naani · Oct 22, 2008

Joo eli täs konees tunnu mikää toimivan.

Ei toimi WU päivitykset vaikka mitä ohjeita kokeillu. Joutunu säätää asetuksia jo regedit:stä

Vähän aikaa sitten kun käynnistin koneen uudestaan, niin yhtäkkiä en päässyt normaalisti koneelle. Tuli vain taustakuva eikä muuta.
Kuitenkin vikasietotilassa pääsin ja palautin --> toimi

Just äske toisel käyttäjäl (joka on järj.valv.), niin hävisi Doc. and Settings, mutta kun meni toiselle niin näkyi, mutta piilotettuna :S

Käskivät Microsoftilla tuohon WU päivityksiin asentamaan SP3 uusiks vikasietotilassa (en tiedä miksi), lisäksi olen asentenut WindowsUpdateAgentin uudestaan heidän tiedostostaan sekä kokeillut WUFix:iä sekä useita muita...

Auttakaa joku kiitos, mikä tässä koneessa on?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:55, on 22.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
F:\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\FSPC\fspc.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Hijacthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DAEMON Tools] "F:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-725345543-839522115-1433172904-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224356410015
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file://C:\Documents and Settings\PEKKA\Local Settings\Temp\OnlineScanner\is2007ols\fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe

--
End of file - 8543 bytes

b4naani · Oct 22, 2008

Ja vielä ComboFixin seloste kun joku sitä varmaan pyytää

F-secure esti jotain hommia loppuvaiheessa

ComboFix 08-10-21.05 - PEKKA 2008-10-22 22:04:28.1 - NTFSx86

Sijainti: C:\Documents and Settings\PEKKA\Työpöytä\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\ODCTOOLS

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-22 to 2008-10-22 )))))))))))))))))
.

2008-10-22 21:04 . 2008-10-22 21:35 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-22 20:51 . 2008-10-22 21:02 <KANSIO> d-------- C:\WINDOWS\system32\oldcatroot2
2008-10-22 20:49 . 2008-10-22 20:53 <KANSIO> d-------- C:\WINDOWS\Sdold
2008-10-22 18:18 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-10-22 18:04 . 2008-10-22 18:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-10-22 13:01 . 2008-07-18 22:08 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-22 11:39 . 2008-10-22 13:02 <KANSIO> d-------- C:\WINDOWS\SD3old
2008-10-22 11:38 . 2008-10-22 13:16 <KANSIO> d-------- C:\WINDOWS\system32\CR3old
2008-10-22 11:18 . 2008-10-22 15:54 <KANSIO> d-------- C:\WINDOWS\Sdold(2)
2008-10-21 14:41 . 2008-10-21 14:41 124,406 --a------ C:\WINDOWS\WindowsUpdate.zip
2008-10-19 20:37 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-19 20:37 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-05 22:12 . 2008-10-05 22:12 2,270 --a------ C:\temp.tmp
2008-10-02 16:28 . 2008-10-02 16:32 <KANSIO> d-------- C:\Documents and Settings\JONI.JONINKONE\Application Data\vlc
2008-09-27 18:21 . 2008-09-27 18:28 <KANSIO> d-------- C:\Documents and Settings\PEKKA\Application Data\DeepBurner
2008-09-27 16:57 . 2008-09-27 16:57 <KANSIO> d-------- C:\Documents and Settings\PEKKA\Application Data\Canneverbe_Limited
2008-09-25 15:14 . 2004-09-14 16:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-24 18:22 . 2008-09-24 18:22 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-09-24 18:22 . 2008-09-24 18:22 <KANSIO> d-------- C:\WINDOWS\l2schemas

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 13:01 --------- d-----w C:\Program Files\F-Secure
2008-10-20 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-06 14:36 --------- d-----w C:\Documents and Settings\JONI.JONINKONE\Application Data\gtk-2.0
2008-10-05 11:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-02 13:32 --------- d-----w C:\Documents and Settings\JONI.JONINKONE\Application Data\vlc
2008-09-27 09:50 --------- d-----w C:\Documents and Settings\JONI.JONINKONE\Application Data\uTorrent
2008-09-27 09:37 --------- d-----w C:\Documents and Settings\PEKKA\Application Data\Xfire
2008-09-27 09:28 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-09-25 13:08 --------- d-----w C:\Program Files\MSN Messenger
2008-09-24 17:35 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd9437.sys
2008-09-16 14:07 --------- d-----w C:\Program Files\Common Files\Real
2008-09-02 17:15 --------- d-----w C:\Documents and Settings\JONI.JONINKONE\Application Data\Notepad++
2008-01-24 14:50 22,328 ----a-w C:\Documents and Settings\JONI.JONINKONE\Application Data\PnkBstrK.sys
2008-01-19 21:03 32 ----a-r C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-18 20:12 22,328 -c--a-w C:\Documents and Settings\PEKKA\Application Data\PnkBstrK.sys
2004-09-10 11:40 75,264 ----a-w C:\Program Files\DECCHECK.exe
2004-09-10 11:40 5,970 ----a-w C:\Program Files\eula.txt
.

------- Sigcheck -------

2004-09-14 16:12 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-14 19:12 14336 6138d30346cf435d2bf32cbc1437f625 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 19:12 14336 6138d30346cf435d2bf32cbc1437f625 C:\WINDOWS\system32\svchost.exe

2005-03-02 21:20 577536 409647243875a2f91bae81cbef248cb6 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 18:50 578560 90f1d04938bae133e2f4d8f7f0fa4fa0 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 18:38 578048 c198eac972598be7e61364f7db3b663d C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-09-14 16:12 577536 44c02bc54d56ed3a685302e91396720a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 21:18 577536 aeefa9d983c986e7a8d6d80ca165b93f C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-14 19:11 579072 9d0a78e87972b880c254241262108232 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 19:11 579072 9d0a78e87972b880c254241262108232 C:\WINDOWS\system32\user32.dll

2004-09-14 16:12 82944 911c48bb2df21e2088c23260dd112e80 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 19:11 82432 17f2addc53069471ea68528e5458ff2e C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 19:11 82432 17f2addc53069471ea68528e5458ff2e C:\WINDOWS\system32\ws2_32.dll

2007-01-04 17:02 665088 2b887eff9f7b7c8ac3d2172bc7e2c46c C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-03-23 12:29 823296 462f189562635461bd5f6917a0bbb3fc C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 11:29 823808 c44d048452288b8e3d0d0c6668fec649 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 17:15 824320 2733e526118d99b6e034d8c4edd4d11e C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 12:50 825344 576cda8ff35c88b4e53acc9247bb4ba6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 02:23 825344 97448c39d6185a4514dda6c6a861a4e6 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 04:42 825344 4551eb7ab420af3db7eabd5a83c8100c C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 15:35 827392 62b193606f56d6ceab6704af6a45774f C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 07:21 827392 e56922cde1cb53087289c41cdabde9f9 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 18:40 827904 30b60fb6a1051e80a1054df25a4f9913 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-09-14 16:12 656384 24965d454199a92ee14f2f0e4374f89c C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2007-01-04 16:55 658944 74cfb2035c5451b2789415f50e166626 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2004-09-14 16:12 656384 24965d454199a92ee14f2f0e4374f89c C:\WINDOWS\$NtUninstallKB928090_0$\wininet.dll
2007-01-04 17:02 665088 2b887eff9f7b7c8ac3d2172bc7e2c46c C:\WINDOWS\ie7\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 16:32 822784 a316582e09c465750ed9061307004e50 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 10:40 822784 d75ec9b36ec9d617906859341be701df C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 17:06 823808 d0435e210cb71a930a5491bc14714d81 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 12:59 824832 5a88886d5958af9309b517897d02260c C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 02:52 824832 658bdbc46e45cd4cd7cd7896b6cf4e88 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 05:14 824832 d0d4908912f67aad4cc6e8b0b1df39c9 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 16:01 826368 a593abdc028e8ef0137ea953f84704b1 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 07:16 826368 77f1c09d0cfc01d1b5740a999374fa33 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-14 19:11 666112 805df36832d972480e4ec8adc5a85c9b C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 19:29 826368 d8d46a9b69c6aedb8bb3b9b59ef56b23 C:\WINDOWS\system32\wininet.dll
2008-06-23 19:29 826368 d8d46a9b69c6aedb8bb3b9b59ef56b23 C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 15:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 13:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 14:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 14:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 13:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 20:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 22:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748_1$\tcpip.sys
2008-04-13 22:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 14:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 14:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\drivers\tcpip.sys

2004-09-14 16:12 502784 5f0714b1447dc0262789c3cc43752418 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 19:12 508416 76b238743be82d4cae1b7c95c898b6b6 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 19:12 508416 76b238743be82d4cae1b7c95c898b6b6 C:\WINDOWS\system32\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 22:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 22:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 21:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 21:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 21:13 2059264 01f49730c2d76aad87c4d2b2dd4e12e2 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 21:45 2061696 8f3bbe9045dfe4d89b24552fcba0e8b2 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 19:08 2061696 8bacc2a67078823acab7c8306f394918 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 19:02 2018304 6f398f69068f83b68b139d54642f2112 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-09-14 16:08 2017792 ec7ca6ab83b9754e560a4867539a251a C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 21:08 2017792 e7eab51c7ab70443b2c63cec3ee1982e C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 21:22 2018304 8c8d6e2c83bbfe84db4266c7c553fcf2 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 18:49 2068224 fb43994013605429b57f7b1040f7c525 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 18:49 2026496 160bd8786076c9f06130ecf74e1851a3 C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 21:13 2181888 6e55b15ee58a0eaaaf20db1f4da39add C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 21:45 2184320 8f8898bc0cb9fd8c6b0a575367a977bd C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 19:08 2184448 7ff07a634379ee2fd2b097fd76c49bfc C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 19:02 2138624 7854a5d7e2efe5b700f028af01671715 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-09-14 16:08 2150912 23e62e3b191b28e18fd9da415de54e26 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 21:08 2138112 84c80a0dc810c6606ee3b59091be58d6 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 21:22 2138624 9a3e8389641c72f6e9fd1cabdf08b5a4 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 18:49 2191360 cb0343f73a320cd0fefebeefd946fc97 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 18:49 2147840 3b208fe3c62f36eee7e4fa110fff404b C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:12 1034240 0c35f47295002f8a06419744e945d670 C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-09-14 16:12 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 19:12 1034240 0c35f47295002f8a06419744e945d670 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-09-14 16:12 108544 c2f8f8343435fc080c2de25a410e09e8 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-14 19:12 109056 e473263067492fc77f7690d4112caf16 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 19:12 109056 e473263067492fc77f7690d4112caf16 C:\WINDOWS\system32\services.exe

2004-09-14 16:12 13312 39726087f99c7775b2ea1f2990709817 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-14 19:12 13312 abe0d5760dafd55390057378cda68bd8 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 19:12 13312 abe0d5760dafd55390057378cda68bd8 C:\WINDOWS\system32\lsass.exe

2004-09-14 16:12 15360 e8e7ce0d379630e7b0015e48fa90499b C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 19:12 15360 b067064d68be516f1b5417a086f0bfe9 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 19:12 15360 b067064d68be516f1b5417a086f0bfe9 C:\WINDOWS\system32\ctfmon.exe

2005-06-11 03:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 02:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-09-14 16:12 57856 977db6827ad7c3eaa1f9e83a22483611 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 19:12 57856 6f9ff25dd729a9cae870e4beea764547 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 19:12 57856 6f9ff25dd729a9cae870e4beea764547 C:\WINDOWS\system32\spoolsv.exe

2004-09-14 16:12 24576 6484e1ecd8be4011d74fe68a761798fd C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 19:12 26112 3a5773b946c1b4f0db1b48a5d8e1d562 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 19:12 26112 3a5773b946c1b4f0db1b48a5d8e1d562 C:\WINDOWS\system32\userinit.exe

2004-09-14 16:12 295424 8af34b80aa02111d3368db236c315281 C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
2008-04-14 19:11 295424 d51d0f4e08f5adb6fad186df01508787 C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
2008-04-14 19:11 295424 d51d0f4e08f5adb6fad186df01508787 C:\WINDOWS\system32\termsrv.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2007-05-25 183208]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-05-25 740208]
"DAEMON Tools"="F:\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-11-17 36864]
InterVideo WinCinema Manager.lnk - D:\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-09-08 98304]
Microsoft Office.lnk - D:\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.MJPG"= pvmjpg20.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Counter Strike\\SteamApps\\mestari_tikku\\counter-strike\\hl.exe"=
"D:\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"=
"D:\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"=
"F:\\Counter Strike\\Steam.exe"=
"F:\\Civilization 4\\Civilization4.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Xfire\\xfire.exe"=
"F:\\Battlefield 2\\BF2VoipServer.exe"=
"F:\\Battlefield 2\\BF2VoipServer_w32ded.exe"=
"F:\\Ventrilo\\ventrilo_srv.exe"=
"F:\\Battlefield 2\\BF2.exe"=
"D:\\DC++\\DCPlusPlus.exe"=
"F:\\The All-Seeing Eye\\eye.exe"=
"F:\\UnrealTournament\\System\\UnrealTournament.exe"=
"F:\\Counter Strike\\SteamApps\\mestari_tikku\\ricochet\\hl.exe"=
"F:\\Counter Strike\\SteamApps\\__lizard__\\counter-strike\\hl.exe"=
"F:\\Counter Strike\\SteamApps\\mestari_tikku\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"F:\\Worms World Party\\wwp.exe"=
"C:\\Documents and Settings\\JONI.JONINKONE\\Application Data\\Microsoft\\Installer\\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}\\python_icon.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Nmap\\WinPcap\\rpcapd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"32459:TCP"= 32459:TCP:UTorrent

.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-PMCS - C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
HKLM-Run-Pinnacle WebUpdater - C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml
HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Documents and Settings\PEKKA\Application Data\Mozilla\Firefox\Profiles\gcmjqq1i.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 22:10:13
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\FSPC\fspc.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-10-22 22:18:05 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-10-22 19:17:56

Ennen ajoa: 7 238 893 568 tavua vapaana
Ajon jälkeen: 7,205,482,496 tavua vapaana

WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect 1 /NoExecute=OptIn

286 --- E O F --- 2008-09-25 12:46:31

Log in or Sign up

Todellinen ongelma kone. HiJackThis please

b4naani Member

b4naani Member

Share This Page

Log in or Sign up

Todellinen ongelma kone. HiJackThis please

b4naani Member

b4naani Member

Share This Page

Useful Searches