HJT LOGI: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:48, on 2008-06-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\progra~1\steam\steam.exe D:\0hjelmat\Daemon Tools\DAEMON Tools Lite\daemon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\0hjelmat\Daemon Tools\DAEMON Tools Lite\daemon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Suorita Nintendo Wi-Fi USB Connector -rekisteröintityökalu.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O18 - Protocol: bw+0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {98638661-C8FC-4587-88C2-7FC2FB6375CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 19556 bytes Ja sitten SDFix Logi: SDFix: Version 1.184 Run by Esa Vesterinen on 2008-06-16 at 20:32 Microsoft Windows XP [versio 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\Esa Vesterinen\Local Settings\temp\ubi11.tmp.exe - Deleted C:\Documents and Settings\Esa Vesterinen\Local Settings\temp\ubi4.tmp.exe - Deleted C:\Documents and Settings\Esa Vesterinen\Local Settings\temp\ubi7D.tmp.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-16 20:36:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="D:\0hjelmat\Daemon Tools\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:ba,f5,5d,db,39,ee,fb,7d,01,63,16,1c,77,74,0d,9f,f0,08,b5,f4,cb,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,0d,e6,b7,cd,ca,2d,ce,67,55,76,ba,17,db,16,07,e8,73,.. "khjeh"=hex:3c,fc,14,6c,d6,66,c6,d6,bd,75,fa,fa,7d,f0,e1,b2,ca,dc,be,58,8c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:30,81,35,28,f9,e3,36,31,72,93,69,03,f7,65,0d,c0,7c,7e,bd,3a,b5,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:0a,a8,e3,c2,58,66,fa,18,87,83,ae,0c,ab,02,c7,b3,71,e5,9c,13,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:0a,a8,e3,c2,58,66,fa,18,87,83,ae,0c,ab,02,c7,b3,71,e5,9c,13,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:0a,a8,e3,c2,58,66,fa,18,87,83,ae,0c,ab,02,c7,b3,71,e5,9c,13,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="D:\0hjelmat\Daemon Tools\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:ba,f5,5d,db,39,ee,fb,7d,01,63,16,1c,77,74,0d,9f,f0,08,b5,f4,cb,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,0d,e6,b7,cd,ca,2d,ce,67,55,76,ba,17,db,16,07,e8,73,.. "khjeh"=hex:3c,fc,14,6c,d6,66,c6,d6,bd,75,fa,fa,7d,f0,e1,b2,ca,dc,be,58,8c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:30,81,35,28,f9,e3,36,31,72,93,69,03,f7,65,0d,c0,7c,7e,bd,3a,b5,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:0a,a8,e3,c2,58,66,fa,18,87,83,ae,0c,ab,02,c7,b3,71,e5,9c,13,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:0a,a8,e3,c2,58,66,fa,18,87,83,ae,0c,ab,02,c7,b3,71,e5,9c,13,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:0a,a8,e3,c2,58,66,fa,18,87,83,ae,0c,ab,02,c7,b3,71,e5,9c,13,01,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Limewire\\LimeWire.exe"="C:\\Program Files\\Limewire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\\Pelit\\Call of duty 4\\iw3mp.exe"="D:\\Pelit\\Call of duty 4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)" "D:\\Pelit\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="D:\\Pelit\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9" "D:\\Pelit\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="D:\\Pelit\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10" "D:\\Pelit\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="D:\\Pelit\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 29 May 2008 56,832 ..SHR --- "C:\WINDOWS\winudspm.exe" Fri 15 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 6 Apr 2008 41,984 ...H. --- "C:\Documents and Settings\Esa Vesterinen\Omat tiedostot\~WRL0102.tmp" Sat 5 Apr 2008 30,208 ...H. --- "C:\Documents and Settings\Esa Vesterinen\Omat tiedostot\~WRL1363.tmp" Mon 15 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\BITF1.tmp" Wed 2 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6076fdc0f7a945970dfd94a53b6d39ee\BIT5.tmp" Thu 18 Oct 2007 192,817 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Esa Vesterinen\Application Data\U3\temp\Launchpad Removal.exe" Finished!
Tässä ois viel combofix logi: ComboFix 08-06-15.4 - Esa Vesterinen 2008-06-16 22:20:36.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1439 [GMT 3:00] Running from: C:\Documents and Settings\Esa Vesterinen\Työpöytä\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-16 to 2008-06-16 ))))))))))))))))) . 2008-06-16 22:16 . 2008-06-16 22:16 <KANSIO> d-------- C:\VundoFix Backups 2008-06-11 22:28 . 2008-06-11 22:28 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-06-11 16:00 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 16:00 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 19:33 . 2008-06-09 19:35 <KANSIO> d-------- C:\Download 2008-06-09 18:43 . 2008-06-09 18:43 <KANSIO> d-------- C:\Program Files\Mass Downloader 2008-06-09 18:41 . 2008-06-09 18:41 <KANSIO> d-------- C:\Documents and Settings\Esa Vesterinen\Application Data\MetaProducts 2008-06-06 16:59 . 2008-06-06 16:59 36 ---h----- C:\WINDOWS\system32\swk.ini 2008-06-06 16:54 . 2008-06-15 17:46 <KANSIO> d-------- C:\Program Files\Webteh 2008-06-06 16:54 . 2008-06-06 16:54 <KANSIO> d-------- C:\Documents and Settings\Esa Vesterinen\Application Data\BSplayer Pro 2008-06-03 17:37 . 2008-06-03 17:37 <KANSIO> d-------- C:\Documents and Settings\Esa Vesterinen\Application Data\InstallShield 2008-06-03 17:09 . 2008-06-03 17:09 <KANSIO> d-------- C:\Documents and Settings\Esa Vesterinen\Application Data\Ubisoft 2008-06-03 17:09 . 2008-06-03 17:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-06-03 16:59 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-06-03 16:59 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-06-03 16:59 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2008-06-03 16:59 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-06-03 16:59 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2008-06-03 16:59 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-06-03 16:59 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-06-03 16:59 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2008-05-30 16:21 . 2008-05-30 16:21 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight 2008-05-30 15:39 . 2008-06-16 20:38 <KANSIO> d-------- C:\SDFix 2008-05-29 20:15 . 2008-05-29 20:15 249,496 --a------ C:\Documents and Settings\Esa Vesterinen\exy.exe 2008-05-29 20:13 . 2008-05-29 20:14 249,496 --a------ C:\sexy.exe 2008-05-29 20:05 . 2008-05-29 20:05 249,496 --a------ C:\jestesr.exe 2008-05-29 20:01 . 2008-05-29 20:01 249,496 --a------ C:\jester.exe 2008-05-29 18:31 . 2008-05-29 18:31 56,832 -r-hs---- C:\WINDOWS\winudspm.exe 2008-05-29 18:31 . 2008-05-29 18:31 40,960 --a------ C:\ddc.exe 2008-05-24 11:52 . 2008-05-24 11:52 <KANSIO> d-------- C:\Program Files\CCleaner 2008-05-23 22:32 . 2008-05-23 23:16 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-23 22:32 . 2008-05-23 22:32 <KANSIO> d-------- C:\Documents and Settings\Esa Vesterinen\Application Data\Malwarebytes 2008-05-23 22:32 . 2008-05-23 22:32 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-23 22:32 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-23 22:32 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-20 21:04 . 2008-05-20 21:04 <KANSIO> d-------- C:\WINDOWS\ERUNT 2008-05-20 14:20 . 2008-05-20 14:20 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-05-17 00:19 . 2008-05-17 00:19 276 --a------ C:\WINDOWS\system32\MRT.INI . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-16 19:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-16 17:38 --------- d-----w C:\Program Files\Steam 2008-06-16 15:44 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-16 15:44 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-06-16 14:41 --------- d-----w C:\Documents and Settings\Esa Vesterinen\Application Data\LimeWire 2008-06-16 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-15 14:46 --------- d-----w C:\Documents and Settings\Esa Vesterinen\Application Data\BSplayer 2008-06-15 14:21 --------- d-----w C:\Documents and Settings\Esa Vesterinen\Application Data\uTorrent 2008-06-15 14:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-09 13:46 98,304 ----a-w C:\WINDOWS\DUMP5b20.tmp 2008-06-02 07:50 --------- d-----w C:\Program Files\Google 2008-06-01 11:39 --------- d-----w C:\Program Files\GIMP-2.0 2008-05-27 15:18 --------- d-----w C:\Program Files\Toribash-3.2 2008-05-23 20:16 --------- d-----w C:\Program Files\MSN Messenger 2008-05-20 11:23 --------- d-----w C:\Program Files\Logitech 2008-05-19 06:29 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-05-19 05:02 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-05-19 04:59 22,328 ----a-w C:\Documents and Settings\Esa Vesterinen\Application Data\PnkBstrK.sys 2008-05-15 11:21 --------- d-----w C:\Documents and Settings\Esa Vesterinen\Application Data\fretsonfire 2008-05-14 08:00 65,536 ----a-w C:\WINDOWS\IFinst27.exe 2008-05-10 09:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-05-10 08:59 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-10 08:59 --------- d-----w C:\Program Files\Circle Developement 2008-05-09 16:17 --------- d-----w C:\Program Files\TGTSoft 2008-05-09 16:09 --------- d-----w C:\Program Files\DFX 2008-05-09 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-03 16:36 --------- d-----w C:\Program Files\Windows Live 2008-04-30 12:22 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-04-29 13:09 --------- d-----w C:\Program Files\LimeWire 2008-04-23 14:58 --------- d-----w C:\Program Files\Mopokorttikoulu 2008-04-23 14:34 --------- d-----w C:\Documents and Settings\Esa Vesterinen\Application Data\U3 2008-04-23 12:04 --------- d-----w C:\Documents and Settings\Esa Vesterinen\Application Data\Ventrilo 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 18:01 --------- d-----w C:\Program Files\Microsoft Games 2008-04-21 17:50 --------- d--h--w C:\Documents and Settings\Esa Vesterinen\Application Data\ijjigame 2008-04-20 07:55 --------- d-----w C:\Program Files\Java 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "Steam"="c:\progra~1\steam\steam.exe" [2008-03-30 20:38 1271032] "DAEMON Tools Lite"="D:\0hjelmat\Daemon Tools\DAEMON Tools Lite\daemon.exe" [2008-01-03 16:54 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 16:34 868352] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11 771704] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 13:28 756248] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248] "Windows UDP Control"="winudspm.exe" [2008-05-29 18:31 56832 C:\WINDOWS\winudspm.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-27 18:18:30 196608] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-26 17:17:47 688128] Microsoft Office Pikahaku.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-09-30 111376] Suorita Nintendo Wi-Fi USB Connector -rekister”intity”kalu.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-11-30 11:25:36 1073152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\apr03.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvp14.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jpr71.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kyB03.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mrL84.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qpr14.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rwQ25.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tqB70.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uac03.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vtm14.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wku68.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xwy82.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Limewire\\LimeWire.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "D:\\Pelit\\Call of duty 4\\iw3mp.exe"= "D:\\Pelit\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "D:\\Pelit\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "D:\\Pelit\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:53] S0 apr03;apr03;C:\WINDOWS\system32\Drivers\Apr03.sys [] S0 gvp14;gvp14;C:\WINDOWS\system32\Drivers\Gvp14.sys [] S0 jpr71;jpr71;C:\WINDOWS\system32\Drivers\Jpr71.sys [] S0 kyB03;kyB03;C:\WINDOWS\system32\Drivers\kyB03.sys [] S0 qpr14;qpr14;C:\WINDOWS\system32\Drivers\Qpr14.sys [] S0 rwQ25;rwQ25;C:\WINDOWS\system32\Drivers\rwQ25.sys [] S0 tqB70;tqB70;C:\WINDOWS\system32\Drivers\tqB70.sys [] S0 uac03;uac03;C:\WINDOWS\system32\Drivers\Uac03.sys [] S0 wku68;wku68;C:\WINDOWS\system32\Drivers\Wku68.sys [] S0 xwy82;xwy82;C:\WINDOWS\system32\Drivers\Xwy82.sys [] S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [] S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys [] S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17fb38fa-f1d7-11dc-a46d-001bfc78e18e}] \shell\autorun\command - G:\LaunchU3.exe -a *Newly Created Service* - COMHOST . 'Ajoitetut tehtävät'-kansion sisältö "2007-10-16 19:00:52 C:\WINDOWS\Tasks\Norton Internet Security - KokoSydeemi - Esa Vesterinen.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeo/SE- /TASK: "2008-06-14 17:00:13 C:\WINDOWS\Tasks\Norton Internet Security - Suorita täyd. järj.tarkistus - Esa Vesterinen.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-16 22:28:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-16 22:35:12 ComboFix-quarantined-files.txt 2008-06-16 19:34:30 Pre-Run: 31,509,811,200 tavua vapaana Post-Run: 31,499,788,288 tavua vapaana 211 --- E O F --- 2008-06-11 19:29:48
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä: Combofix.exe Combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti *
