Eli kone vähän hidastellu viime aikoina, eli löytyskö jotain?
Kiitoksiidia jo etukäteen..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:21, on 19.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Users\Toni\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\pelit\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Lataa FDM:llä - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lataa kaikki FDM:llä - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9474 bytes
HJT-loki putsattavaksi
4
305
Vastaukset
- ----
Poista lisää poista sovelutuksesta
ShoppingReport
Poista kansio vikasiedossa
C:\Program Files\==> ShoppingReport- josjotainon
Ok, fixailin hjt:llä noi pari kohtaa ja poistin sen yhden kansion, tässä sitten combofixin raportti..
ComboFix 08-03-18.1 - Toni 2008-03-20 18:57:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1294 [GMT 2:00]
Running from: C:\Users\Toni\Desktop\Roinaa\Tarpeellinen\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-20 to 2008-03-20 )))))))))))))))))
.
2008-03-19 23:07 . 2008-03-19 23:07 d-------- C:\Program Files\Trend Micro
2008-03-18 18:57 . 2007-07-27 03:07 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-03-18 18:57 . 2007-07-27 04:17 36,864 --a------ C:\Windows\System32\cdd.dll
2008-03-17 18:47 . 2008-03-18 16:58 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-17 15:46 . 2008-03-17 15:46 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-03-17 15:46 . 2008-03-17 15:46 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-03-17 15:20 . 2008-03-17 15:20 d-------- C:\Users\Toni\AppData\Roaming\DAEMON Tools Pro
2008-03-13 15:42 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-13 15:42 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-06 10:15 . 2008-03-06 10:15 286 --a------ C:\Windows\vtmb.ini
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:55 --------- d-----w C:\Users\Toni\AppData\Roaming\Free Download Manager
2008-03-20 16:55 --------- d-----w C:\Users\Toni\AppData\Roaming\AVG7
2008-03-19 17:06 27,744 ----a-w C:\Users\Toni\AppData\Roaming\nvModes.dat
2008-03-19 16:11 --------- d-----w C:\Users\Toni\AppData\Roaming\uTorrent
2008-03-18 20:27 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-18 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 16:52 --------- d-----w C:\Users\Toni\AppData\Roaming\Skype
2008-03-18 16:50 --------- d-----w C:\Users\Toni\AppData\Roaming\skypePM
2008-03-17 13:39 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-14 13:28 --------- d-----w C:\Program Files\Windows Mail
2008-03-14 13:18 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-10 07:55 4,492 ----a-w C:\Users\Toni\AppData\Roaming\wklnhst.dat
2008-03-05 10:37 --------- d-----w C:\Program Files\Warcraft III
2008-02-15 14:53 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 14:53 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 14:48 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 14:48 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 14:48 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 14:48 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 14:48 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 14:48 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 14:48 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 14:48 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 14:48 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 14:48 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 14:48 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-15 14:48 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 14:47 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 14:47 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 14:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 14:47 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 14:47 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 14:47 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 14:44 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 14:44 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 14:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 14:44 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 09:06 --------- d-----w C:\Users\Toni\AppData\Roaming\Hamachi
2008-02-11 08:28 --------- d-----w C:\Program Files\Diablo II
2008-02-07 15:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 15:16 --------- d-----w C:\ProgramData\Symantec
2008-02-07 15:16 --------- d-----w C:\Program Files\Symantec
2008-02-02 17:44 --------- d-----w C:\Program Files\ToniArts
2008-01-25 20:47 --------- d-----w C:\Users\Toni\AppData\Roaming\DAEMON Tools
2008-01-14 11:55 174 --sha-w C:\Program Files\desktop.ini
2008-01-14 11:43 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-14 11:43 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-14 11:43 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-14 11:43 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-14 11:42 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-14 11:42 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-13 17:12 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-01-10 20:54 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-08 15:19 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-08 15:19 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 21:48 360,448 ----a-w C:\Windows\System32\nvuninst.exe
2007-12-30 18:47 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-10 17:08 171448]
"Steam"="d:\pelit\steam.exe" [2007-12-15 15:56 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 14:50 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-02 19:08 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-02 19:08 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-02 19:08 81920]
"nwiz"="nwiz.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-14 13:40 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-14 13:40 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67C1EF2A-B860-4456-BCD1-B25F1B5C5455}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5729045D-9D55-4D83-A466-8D9154487C09}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{61B0293A-B10B-440F-8D17-67169C2AFF18}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{F9AA3A8B-33FF-4595-9D2A-50E5A2D7D466}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{72CCFB5F-F846-4DC7-8E3F-781D842BC764}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{C30C765D-3687-423C-92D8-3B45E32B7BB3}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{59F429A3-20A2-49DC-B088-B326AD078E70}"= UDP:D:\Pelit 2\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{0964BBCA-DD1E-46EE-A903-BA1C0AA32C95}"= TCP:D:\Pelit 2\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{72197B78-9F44-4403-8AAE-0F70CFA59C9E}"= UDP:D:\Pelit 2\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{C28014AF-ED81-48E6-ADFB-080B3046EE93}"= TCP:D:\Pelit 2\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{5412BEF4-FA9D-483A-A171-A9552D737430}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3DC969F9-B816-49C0-9B84-67BB804CD37D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{2240ABD0-241C-4123-8F01-EAF1142AD574}D:\\pelit\\steamapps\\yurrrnerro\\counter-strike source\\hl2.exe"= UDP:D:\pelit\steamapps\yurrrnerro\counter-strike source\hl2.exe:hl2
"UDP Query User{51E87D99-C478-481E-916D-480B849897C5}D:\\pelit\\steamapps\\yurrrnerro\\counter-strike source\\hl2.exe"= TCP:D:\pelit\steamapps\yurrrnerro\counter-strike source\hl2.exe:hl2
"TCP Query User{66431FFA-661F-4E82-A81E-AA064CF58F8E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{42335E2D-9FF6-4B1D-87B8-84E6FB7642CC}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{51E60828-C402-4B01-8068-BB357082A90E}C:\\program files\\diablo ii\\game.exe"= UDP:C:\program files\diablo ii\game.exe:Diablo II
"UDP Query User{7FB6F179-5F7E-4A37-B2C5-9C5FBE1B5B15}C:\\program files\\diablo ii\\game.exe"= TCP:C:\program files\diablo ii\game.exe:Diablo II
"TCP Query User{E041BBB4-4B9B-477B-83AB-A2C9BDD5C2BA}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{B56DC642-39E6-4013-BF3D-2BD62382DC65}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{337B8796-43FC-4FF1-AEAF-195903A5C01E}C:\\users\\toni\\desktop\\roinaa\\tarpeellinen\\blan\\blan.exe"= UDP:C:\users\toni\desktop\roinaa\tarpeellinen\blan\blan.exe:blan.exe
"UDP Query User{6FFB1B4F-BEDB-44CD-B865-468AAC92C7B8}C:\\users\\toni\\desktop\\roinaa\\tarpeellinen\\blan\\blan.exe"= TCP:C:\users\toni\desktop\roinaa\tarpeellinen\blan\blan.exe:blan.exe
"TCP Query User{0D0C04DF-085B-4E4B-8645-95EDE4F477BD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{91480C90-ACF5-4122-B3CC-121C02329942}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DD77C0E0-BF0D-48F2-B7EE-C20D9D6C6B8F}D:\\pelit 2\\empire interactive\\flatout2\\flatout2.exe"= UDP:D:\pelit 2\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{5DC64B87-B6C5-4EC3-A458-56F9C705469E}D:\\pelit 2\\empire interactive\\flatout2\\flatout2.exe"= TCP:D:\pelit 2\empire interactive\flatout2\flatout2.exe:FlatOut2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 02:46]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-18 22:27]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 03:05]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-13 15:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2748ce79-8e43-11dc-9731-806e6f6e6963}]
\shell\AutoRun\command - F:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{904d3c12-cb85-11dc-9185-001b385219ed}]
\shell\AutoRun\command - H:\Setup\rsrc\Autorun.exe
\shell\dinstall\command - H:\Directx\dxsetup.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 18:58:56
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-20 18:59:26
ComboFix-quarantined-files.txt 2008-03-20 16:59:23
.
2008-03-20 16:36:47 --- E O F --- - -----
josjotainon kirjoitti:
Ok, fixailin hjt:llä noi pari kohtaa ja poistin sen yhden kansion, tässä sitten combofixin raportti..
ComboFix 08-03-18.1 - Toni 2008-03-20 18:57:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1294 [GMT 2:00]
Running from: C:\Users\Toni\Desktop\Roinaa\Tarpeellinen\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-20 to 2008-03-20 )))))))))))))))))
.
2008-03-19 23:07 . 2008-03-19 23:07 d-------- C:\Program Files\Trend Micro
2008-03-18 18:57 . 2007-07-27 03:07 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-03-18 18:57 . 2007-07-27 04:17 36,864 --a------ C:\Windows\System32\cdd.dll
2008-03-17 18:47 . 2008-03-18 16:58 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-17 15:46 . 2008-03-17 15:46 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-03-17 15:46 . 2008-03-17 15:46 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-03-17 15:20 . 2008-03-17 15:20 d-------- C:\Users\Toni\AppData\Roaming\DAEMON Tools Pro
2008-03-13 15:42 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-13 15:42 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-06 10:15 . 2008-03-06 10:15 286 --a------ C:\Windows\vtmb.ini
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:55 --------- d-----w C:\Users\Toni\AppData\Roaming\Free Download Manager
2008-03-20 16:55 --------- d-----w C:\Users\Toni\AppData\Roaming\AVG7
2008-03-19 17:06 27,744 ----a-w C:\Users\Toni\AppData\Roaming\nvModes.dat
2008-03-19 16:11 --------- d-----w C:\Users\Toni\AppData\Roaming\uTorrent
2008-03-18 20:27 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-18 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 16:52 --------- d-----w C:\Users\Toni\AppData\Roaming\Skype
2008-03-18 16:50 --------- d-----w C:\Users\Toni\AppData\Roaming\skypePM
2008-03-17 13:39 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-14 13:28 --------- d-----w C:\Program Files\Windows Mail
2008-03-14 13:18 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-10 07:55 4,492 ----a-w C:\Users\Toni\AppData\Roaming\wklnhst.dat
2008-03-05 10:37 --------- d-----w C:\Program Files\Warcraft III
2008-02-15 14:53 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 14:53 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 14:48 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 14:48 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 14:48 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 14:48 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 14:48 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 14:48 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 14:48 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 14:48 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 14:48 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 14:48 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 14:48 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-15 14:48 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 14:47 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 14:47 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 14:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 14:47 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 14:47 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 14:47 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 14:44 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 14:44 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 14:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 14:44 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 09:06 --------- d-----w C:\Users\Toni\AppData\Roaming\Hamachi
2008-02-11 08:28 --------- d-----w C:\Program Files\Diablo II
2008-02-07 15:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 15:16 --------- d-----w C:\ProgramData\Symantec
2008-02-07 15:16 --------- d-----w C:\Program Files\Symantec
2008-02-02 17:44 --------- d-----w C:\Program Files\ToniArts
2008-01-25 20:47 --------- d-----w C:\Users\Toni\AppData\Roaming\DAEMON Tools
2008-01-14 11:55 174 --sha-w C:\Program Files\desktop.ini
2008-01-14 11:43 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-14 11:43 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-14 11:43 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-14 11:43 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-14 11:42 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-14 11:42 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-13 17:12 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-01-10 20:54 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-08 15:19 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-08 15:19 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 21:48 360,448 ----a-w C:\Windows\System32\nvuninst.exe
2007-12-30 18:47 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-10 17:08 171448]
"Steam"="d:\pelit\steam.exe" [2007-12-15 15:56 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 14:50 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-02 19:08 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-02 19:08 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-02 19:08 81920]
"nwiz"="nwiz.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-14 13:40 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-14 13:40 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{67C1EF2A-B860-4456-BCD1-B25F1B5C5455}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5729045D-9D55-4D83-A466-8D9154487C09}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{61B0293A-B10B-440F-8D17-67169C2AFF18}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{F9AA3A8B-33FF-4595-9D2A-50E5A2D7D466}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{72CCFB5F-F846-4DC7-8E3F-781D842BC764}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{C30C765D-3687-423C-92D8-3B45E32B7BB3}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{59F429A3-20A2-49DC-B088-B326AD078E70}"= UDP:D:\Pelit 2\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{0964BBCA-DD1E-46EE-A903-BA1C0AA32C95}"= TCP:D:\Pelit 2\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{72197B78-9F44-4403-8AAE-0F70CFA59C9E}"= UDP:D:\Pelit 2\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{C28014AF-ED81-48E6-ADFB-080B3046EE93}"= TCP:D:\Pelit 2\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{5412BEF4-FA9D-483A-A171-A9552D737430}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3DC969F9-B816-49C0-9B84-67BB804CD37D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{2240ABD0-241C-4123-8F01-EAF1142AD574}D:\\pelit\\steamapps\\yurrrnerro\\counter-strike source\\hl2.exe"= UDP:D:\pelit\steamapps\yurrrnerro\counter-strike source\hl2.exe:hl2
"UDP Query User{51E87D99-C478-481E-916D-480B849897C5}D:\\pelit\\steamapps\\yurrrnerro\\counter-strike source\\hl2.exe"= TCP:D:\pelit\steamapps\yurrrnerro\counter-strike source\hl2.exe:hl2
"TCP Query User{66431FFA-661F-4E82-A81E-AA064CF58F8E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{42335E2D-9FF6-4B1D-87B8-84E6FB7642CC}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{51E60828-C402-4B01-8068-BB357082A90E}C:\\program files\\diablo ii\\game.exe"= UDP:C:\program files\diablo ii\game.exe:Diablo II
"UDP Query User{7FB6F179-5F7E-4A37-B2C5-9C5FBE1B5B15}C:\\program files\\diablo ii\\game.exe"= TCP:C:\program files\diablo ii\game.exe:Diablo II
"TCP Query User{E041BBB4-4B9B-477B-83AB-A2C9BDD5C2BA}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{B56DC642-39E6-4013-BF3D-2BD62382DC65}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{337B8796-43FC-4FF1-AEAF-195903A5C01E}C:\\users\\toni\\desktop\\roinaa\\tarpeellinen\\blan\\blan.exe"= UDP:C:\users\toni\desktop\roinaa\tarpeellinen\blan\blan.exe:blan.exe
"UDP Query User{6FFB1B4F-BEDB-44CD-B865-468AAC92C7B8}C:\\users\\toni\\desktop\\roinaa\\tarpeellinen\\blan\\blan.exe"= TCP:C:\users\toni\desktop\roinaa\tarpeellinen\blan\blan.exe:blan.exe
"TCP Query User{0D0C04DF-085B-4E4B-8645-95EDE4F477BD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{91480C90-ACF5-4122-B3CC-121C02329942}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DD77C0E0-BF0D-48F2-B7EE-C20D9D6C6B8F}D:\\pelit 2\\empire interactive\\flatout2\\flatout2.exe"= UDP:D:\pelit 2\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{5DC64B87-B6C5-4EC3-A458-56F9C705469E}D:\\pelit 2\\empire interactive\\flatout2\\flatout2.exe"= TCP:D:\pelit 2\empire interactive\flatout2\flatout2.exe:FlatOut2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 02:46]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-18 22:27]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 03:05]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-13 15:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2748ce79-8e43-11dc-9731-806e6f6e6963}]
\shell\AutoRun\command - F:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{904d3c12-cb85-11dc-9185-001b385219ed}]
\shell\AutoRun\command - H:\Setup\rsrc\Autorun.exe
\shell\dinstall\command - H:\Directx\dxsetup.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 18:58:56
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-20 18:59:26
ComboFix-quarantined-files.txt 2008-03-20 16:59:23
.
2008-03-20 16:36:47 --- E O F ---hjt:n loki
- josjotainon
----- kirjoitti:
hjt:n loki
hjt:n logi, saamas pitää..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:24, on 20.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Pelit\Steam.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\google\googletoolbar1user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "d:\pelit\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Lataa FDM:llä - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lataa kaikki FDM:llä - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8691 bytes
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Tänään pyörit ajatuksissa enemmän, kun erehdyin lukemaan palstaa
En saisi, silti toivon että sinä vielä palaat ja otetaan oikeasti selvää, hioituuko särmät ja sulaudummeko yhteen. Vuod336764- 376253
- 293454
- 452910
- 342664
- 152348
- 372188
- 162046
Voi ei! Jari Sillanpää heitti keikan Helsingissä - Hämmästyttävä hetki lavalla...
Ex-tangokuningas on parhaillaan konserttikiertueella. Hän esiintyi Savoy teatterissa äitienpäivänä. Sillanpää jakoi kons481907En ole koskaan kokenut
Ennen mitään tällaista rakastumista. Tiedän että kaipaan sinua varmaan loppu elämän. Toivottavasti ei tarvitsisi vain ka191777