|
feikki windows security center varoituksia. Osa ongelmasta hoidettu jo.
|
|
|
Mivo92
Newbie
|
23. joulukuuta 2009 @ 17:34 |
Linkki tähän viestiin
|
Elikkä, tänään aamulla iski jonkinnäköinen virus. Se pisti ruudulle feikki Windows security center ilmoituksia, ja mainoksia "malware defense" ohjelmasta. Pöpö esti minua myös käyttämästä Avira AntiViriä sekä Spybotin S&D:tä. Latasin Avast!:in Antivirus ohjelman suojaamaan konetta, ja tekemään skanneja. Latasin myös Advanced System Caren, joka löysi paljonkin siistittävää koneelta, mutta ei kumpikaan ohjelma poistanut ongelmaa.
Sitten löysin SDfixin, joka poisti väärät security center ilmoitukset, ja malware defense-mainokset. Mutta huomasin että prosesseissa on edelleen iexplore.exe:ä paljon (3-10kpl).
Spybotin S&D ei toimi vieläkään, ja en tiedä miten saisin korjattua tämän ongelman omin tein.
Tässä olis HJT-logi:
Lainaus:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 17:25:44, on 23.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5121 bytes
|
AfterDawn Addict
|
24. joulukuuta 2009 @ 14:43 |
Linkki tähän viestiin
|
Ei täällä ketään enään näy !!!!
Asenna se => Spybot - Search uudelleen.
prosesseissa on edelleen iexplore.exe:ä paljon (3-10kpl).
Yxi kpl avattua sivua kohden (vaikka olis alapalkissa).
Käytä välilehtiä niin niitä ei tule.
--------------------------------------------------------------------------------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
sekä sammuta ne.(fix Chekked) napista.
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
*
* Auttoiko ???
*
(:)
|
|
Mivo92
Newbie
|
25. joulukuuta 2009 @ 12:33 |
Linkki tähän viestiin
|
En saanut spybottia toimimaan vaikka asensin sen uudelleen, ohjelma ei suostu avautumaan.
Ja en käytä IE:tä, sen takia nuo Iexplore.exe:t kummastuttavat prosesseissa. Ja näköjään jokin vaihtaa oletusselaimen Firefoxista IE:hen.
Tein HJT:lla kuten käskit, mutta iexplore.exet pysyivät prosesseissa, ja spybot ei toimi vieläkään.
Avastin antivirus löytää kaksi rootkittiä vähän väliä, aina samat kaksi, deletoin aina kaiken. Rootkit: C:\WINDOWS\system32\Drivers\H8SRTmppamybxrs.sys
System recovery ei myöskään toimi.
Postaan kohta uuden HJT-login, jos joku voisi sitä vilkaista.
Uus logi:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:45:53, on 25.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4816 bytes
Kiitos etukäteen!
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. joulukuuta 2009 @ 12:50
|
AfterDawn Addict
|
25. joulukuuta 2009 @ 19:50 |
Linkki tähän viestiin
|
Kumma, kun et heti alussa kertonut tuota.
Jos tuolla ohjeella ongelma ei lähde, nii tee uusi
Topic niin joku muu katsoo sen.
--------------------------------------------------------------
Tämä tarvitsee ComboFixiä H8SRTmppamybxrs.sys
Lataa se IE:llä työpöydälle ja nimeä se uudelleen
ennen tallennusta vaikka Kompo.exe
Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:
Linkki 1
Linkki 2
Linkki 3
* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi
* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
* Tuplaklikkaa Combofix.exe ja noudata ohjeita.
* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.
* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.
**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.
Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:
Klikkaa Kyllä jatkaaksesi skannausta.
Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:
C:\ComboFix.txt
Uusi HijackThis-loki
Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.
Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje
.
(:)
|
|
Mivo92
Newbie
|
25. joulukuuta 2009 @ 22:17 |
Linkki tähän viestiin
|
Combofix ajettu. Oli muutama ongelma, esim. Avira Antivir, jonka olen poistanut koneelta, oli käynnissä, ja combofix varoitteli tästä. Ja toiseksi, Combofix ei onnistunut asentamaan Palautuskonsolia. Kone kuitenkin toimii nyt, ja ainakin vaikuttaisi siltä että ongelmat ovat hävinneet.
ComboFix:in logi:
Lainaus:
ComboFix 09-12-25.02 - Miro 25.12.2009 21:31:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.1024.737 [GMT 2:00]
Sijainti: c:\documents and settings\Miro\Desktop\Kompo.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\H8SRTmppamybxrs.sys
c:\windows\system32\H8SRTvdlyavpevw.dll
c:\windows\system32\H8SRTwykxtiinoj.dll
c:\windows\system32\H8SRTyrvkbmklol.dat
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat
c:\windows\system32\vyadd.bak1
c:\windows\system32\vyadd.bak2
c:\windows\system32\vyadd.tmp
.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-11-25 to 2009-12-25 )))))))))))))))))
.
2009-12-25 11:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-23 15:21 . 2009-12-23 15:21 -------- dc----w- c:\program files\TrendMicro
2009-12-23 15:00 . 2009-12-23 15:00 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-23 15:00 . 2009-11-22 13:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-23 15:00 . 2009-11-22 13:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-23 15:00 . 2009-12-23 15:00 -------- d-----w- c:\windows\system32\ZoneLabs
2009-12-23 15:00 . 2009-11-22 13:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-23 15:00 . 2009-12-23 15:00 -------- dc----w- c:\program files\Zone Labs
2009-12-23 14:59 . 2009-12-25 19:46 -------- d-----w- c:\windows\Internet Logs
2009-12-23 14:32 . 2009-12-25 10:44 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-12-23 13:42 . 2009-12-23 13:43 -------- dc----w- C:\Kaspersky
2009-12-23 13:27 . 2009-12-23 13:27 -------- dc----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-12-23 11:46 . 2009-12-23 11:46 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-12-23 11:43 . 2009-12-23 11:44 -------- d-----w- c:\windows\ERUNT
2009-12-23 10:12 . 2009-12-23 10:12 -------- dc----w- c:\documents and settings\Miro\Application Data\IObit
2009-12-23 10:12 . 2009-12-23 10:12 -------- dc----w- c:\program files\IObit
2009-12-23 07:30 . 2009-12-23 07:30 -------- dc----w- c:\program files\AVG
2009-12-23 07:30 . 2009-12-23 07:33 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-23 07:25 . 2009-11-30 20:11 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-23 07:25 . 2009-11-30 20:14 149840 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-23 07:25 . 2009-11-30 20:12 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-23 07:25 . 2009-11-30 20:15 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-23 07:25 . 2009-11-30 20:11 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-23 07:25 . 2009-11-30 20:11 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-23 07:25 . 2009-11-30 20:11 27728 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-23 07:25 . 2009-11-30 20:27 38848 ----a-w- c:\windows\system32\avastSS.scr
2009-12-23 07:25 . 2009-11-30 20:26 150624 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-23 07:24 . 2009-12-23 07:24 -------- dc----w- c:\program files\Alwil Software
2009-12-23 07:24 . 2009-12-23 07:24 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2009-11-30 14:23 . 2009-11-30 14:23 -------- dc----w- c:\program files\Combined Community Codec Pack
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 19:47 . 2007-03-07 16:11 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 10:57 . 2009-06-20 07:18 314712 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-25 10:57 . 2009-06-20 07:18 25440 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-12-25 10:57 . 2009-06-20 07:18 15688 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-25 10:57 . 2009-06-20 07:18 168800 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-25 10:57 . 2009-06-20 07:18 349008 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-25 10:57 . 2009-12-25 10:57 17632 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-12-25 10:57 . 2009-06-20 07:18 298336 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-25 10:57 . 2009-06-20 07:18 84320 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-25 10:57 . 2009-06-20 07:18 1630560 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-25 10:57 . 2009-06-20 07:17 246640 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-25 10:57 . 2009-06-20 07:17 40288 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-25 10:57 . 2009-03-04 05:15 68640 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-12-25 10:56 . 2009-03-04 05:15 303976 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-12-25 10:56 . 2009-06-20 07:17 664936 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-25 10:56 . 2009-12-25 10:56 3695616 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-25 10:56 . 2009-06-20 07:17 562552 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-25 10:56 . 2009-06-20 07:17 566632 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-25 10:56 . 2009-06-20 07:17 2353992 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-25 10:56 . 2009-06-20 07:17 640760 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-12-25 10:56 . 2009-06-20 07:17 520024 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-25 10:56 . 2009-06-20 07:17 1028432 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-23 19:11 . 2008-08-08 11:47 -------- dc----w- c:\documents and settings\Miro\Application Data\foobar2000
2009-12-23 15:22 . 2009-12-23 15:22 388096 -c--a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-23 13:38 . 2007-03-14 17:21 -------- dc----w- c:\program files\Common Files\Adobe
2009-12-21 18:23 . 2007-03-07 17:35 -------- dc----w- c:\documents and settings\Miro\Application Data\Azureus
2009-12-21 13:12 . 2009-12-21 13:12 258048 -csh--r- c:\documents and settings\Rosanna\Application Data\ufxw.exe
2009-12-21 13:12 . 2009-12-21 13:12 258048 -csh--r- c:\documents and settings\Rosanna\Application Data\ufxw.exe
2009-12-16 20:47 . 2009-02-24 13:23 -------- dc----w- c:\documents and settings\Rosanna\Application Data\PC Suite
2009-12-16 19:28 . 2008-08-13 12:45 -------- dc----w- c:\documents and settings\Miro\Application Data\FrostWire
2009-12-16 19:09 . 2008-06-17 12:33 -------- dc----w- c:\documents and settings\Miro\Application Data\PC Suite
2009-12-13 12:13 . 2009-08-10 19:56 -------- dc----w- c:\documents and settings\Rosanna\Application Data\gtk-2.0
2009-12-13 11:54 . 2009-08-28 14:22 -------- dc----w- c:\documents and settings\Rosanna\Application Data\Nokia
2009-12-12 22:02 . 2009-12-12 22:02 664 -c--a-w- c:\documents and settings\Jasmin\Local Settings\Application Data\d3d9caps.tmp
2009-12-10 05:18 . 2009-04-01 13:48 1 -c--a-w- c:\documents and settings\Miro\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 08:19 . 2007-10-30 17:12 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-06 08:19 . 2007-10-30 17:12 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-25 09:19 . 2009-05-17 20:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 21:29 . 2009-11-21 21:29 -------- dc----w- c:\documents and settings\Jasmin\Application Data\Nokia Multimedia Player
2009-11-17 12:30 . 2007-04-20 17:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-13 11:31 . 2009-08-14 11:58 -------- dc----w- c:\program files\FrostWire
2009-11-07 19:37 . 2009-11-07 19:37 -------- dc----w- c:\program files\Microsoft
2009-11-07 19:37 . 2008-02-26 18:30 -------- d-----w- c:\program files\Windows Live
2009-11-07 19:37 . 2009-11-07 19:37 -------- dc----w- c:\program files\Windows Live SkyDrive
2009-11-04 04:47 . 2009-07-17 09:28 117760 -c--a-w- c:\documents and settings\Miro\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-01 16:45 . 2007-03-13 18:37 -------- dc----w- c:\documents and settings\Miro\Application Data\gtk-2.0
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 16:22 . 2009-10-27 16:10 -------- dc----w- c:\program files\Common Files\Logitech
2009-10-27 16:22 . 2009-10-27 16:22 -------- dc----w- c:\program files\Logitech
2009-10-21 05:38 . 2008-06-03 23:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2008-06-03 23:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2008-06-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 14:13 . 2009-10-15 12:06 664 -c--a-w- c:\documents and settings\Rosanna\Local Settings\Application Data\d3d9caps.tmp
2009-10-13 17:09 . 2009-07-09 18:17 1 -c--a-w- c:\documents and settings\Rosanna\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-13 10:30 . 2008-06-03 22:59 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-06-03 22:59 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-06-03 22:59 79872 ----a-w- c:\windows\system32\raschap.dll
2007-03-22 19:48 . 2007-03-22 19:48 56 --sh--r- c:\windows\system32\1FD19ED192.sys
2007-03-23 12:17 . 2007-03-22 17:48 88 --sh--r- c:\windows\system32\92D19ED11F.sys
2009-07-15 16:13 . 2007-03-22 17:48 5904 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
HJT:n logi:
Lainaus:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:10:41, on 25.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1644491937-2000478354-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Rosanna')
O4 - HKUS\S-1-5-21-1644491937-2000478354-839522115-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Rosanna')
O4 - HKUS\S-1-5-21-1644491937-2000478354-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Rosanna')
O4 - HKUS\S-1-5-21-1644491937-2000478354-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Rosanna')
O4 - HKUS\S-1-5-21-1644491937-2000478354-839522115-1005\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray (User 'Rosanna')
O4 - HKUS\S-1-5-21-1644491937-2000478354-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jasmin')
O4 - HKUS\S-1-5-21-1644491937-2000478354-839522115-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jaakko')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-21-1644491937-2000478354-839522115-1006 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Jasmin')
O4 - S-1-5-21-1644491937-2000478354-839522115-1006 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Jasmin')
O4 - S-1-5-21-1644491937-2000478354-839522115-1006 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Jasmin')
O4 - S-1-5-21-1644491937-2000478354-839522115-1006 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Jasmin')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1261738766890
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6219 bytes
Toivottavasti kone tällä puhdistui! Kiitos erittäin paljon avusta kalminen, vaikka tietämättömyyteni aiheuttikin pieniä mutkia matkaan.
|
AfterDawn Addict
|
26. joulukuuta 2009 @ 13:00 |
Linkki tähän viestiin
|
|
Vaikea sanoa puhdistuiko, kun et raaskinut
laittaa kokonaista logia Combosta
???
.
(:)
|
|
Mivo92
Newbie
|
26. joulukuuta 2009 @ 13:05 |
Linkki tähän viestiin
|
Joo, sori. Tais puolet jäädä...
Lainaus:
ComboFix 09-12-25.02 - Miro 25.12.2009 21:31:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.1024.737 [GMT 2:00]
Sijainti: c:\documents and settings\Miro\Desktop\Kompo.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\H8SRTmppamybxrs.sys
c:\windows\system32\H8SRTvdlyavpevw.dll
c:\windows\system32\H8SRTwykxtiinoj.dll
c:\windows\system32\H8SRTyrvkbmklol.dat
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat
c:\windows\system32\vyadd.bak1
c:\windows\system32\vyadd.bak2
c:\windows\system32\vyadd.tmp
.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-11-25 to 2009-12-25 )))))))))))))))))
.
2009-12-25 11:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-23 15:21 . 2009-12-23 15:21 -------- dc----w- c:\program files\TrendMicro
2009-12-23 15:00 . 2009-12-23 15:00 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-23 15:00 . 2009-11-22 13:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-23 15:00 . 2009-11-22 13:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-23 15:00 . 2009-12-23 15:00 -------- d-----w- c:\windows\system32\ZoneLabs
2009-12-23 15:00 . 2009-11-22 13:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-23 15:00 . 2009-12-23 15:00 -------- dc----w- c:\program files\Zone Labs
2009-12-23 14:59 . 2009-12-25 19:46 -------- d-----w- c:\windows\Internet Logs
2009-12-23 14:32 . 2009-12-25 10:44 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-12-23 13:42 . 2009-12-23 13:43 -------- dc----w- C:\Kaspersky
2009-12-23 13:27 . 2009-12-23 13:27 -------- dc----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-12-23 11:46 . 2009-12-23 11:46 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-12-23 11:43 . 2009-12-23 11:44 -------- d-----w- c:\windows\ERUNT
2009-12-23 10:12 . 2009-12-23 10:12 -------- dc----w- c:\documents and settings\Miro\Application Data\IObit
2009-12-23 10:12 . 2009-12-23 10:12 -------- dc----w- c:\program files\IObit
2009-12-23 07:30 . 2009-12-23 07:30 -------- dc----w- c:\program files\AVG
2009-12-23 07:30 . 2009-12-23 07:33 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-23 07:25 . 2009-11-30 20:11 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-23 07:25 . 2009-11-30 20:14 149840 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-23 07:25 . 2009-11-30 20:12 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-23 07:25 . 2009-11-30 20:15 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-23 07:25 . 2009-11-30 20:11 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-23 07:25 . 2009-11-30 20:11 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-23 07:25 . 2009-11-30 20:11 27728 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-23 07:25 . 2009-11-30 20:27 38848 ----a-w- c:\windows\system32\avastSS.scr
2009-12-23 07:25 . 2009-11-30 20:26 150624 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-23 07:24 . 2009-12-23 07:24 -------- dc----w- c:\program files\Alwil Software
2009-12-23 07:24 . 2009-12-23 07:24 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2009-11-30 14:23 . 2009-11-30 14:23 -------- dc----w- c:\program files\Combined Community Codec Pack
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 19:47 . 2007-03-07 16:11 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 10:57 . 2009-06-20 07:18 314712 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-25 10:57 . 2009-06-20 07:18 25440 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-12-25 10:57 . 2009-06-20 07:18 15688 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-25 10:57 . 2009-06-20 07:18 168800 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-25 10:57 . 2009-06-20 07:18 349008 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-25 10:57 . 2009-12-25 10:57 17632 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-12-25 10:57 . 2009-06-20 07:18 298336 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-25 10:57 . 2009-06-20 07:18 84320 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-25 10:57 . 2009-06-20 07:18 1630560 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-25 10:57 . 2009-06-20 07:17 246640 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-25 10:57 . 2009-06-20 07:17 40288 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-25 10:57 . 2009-03-04 05:15 68640 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-12-25 10:56 . 2009-03-04 05:15 303976 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-12-25 10:56 . 2009-06-20 07:17 664936 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-25 10:56 . 2009-12-25 10:56 3695616 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-25 10:56 . 2009-06-20 07:17 562552 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-25 10:56 . 2009-06-20 07:17 566632 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-25 10:56 . 2009-06-20 07:17 2353992 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-25 10:56 . 2009-06-20 07:17 640760 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-12-25 10:56 . 2009-06-20 07:17 520024 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-25 10:56 . 2009-06-20 07:17 1028432 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-23 19:11 . 2008-08-08 11:47 -------- dc----w- c:\documents and settings\Miro\Application Data\foobar2000
2009-12-23 15:22 . 2009-12-23 15:22 388096 -c--a-r- c:\documents and settings\Miro\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-23 13:38 . 2007-03-14 17:21 -------- dc----w- c:\program files\Common Files\Adobe
2009-12-21 18:23 . 2007-03-07 17:35 -------- dc----w- c:\documents and settings\Miro\Application Data\Azureus
2009-12-21 13:12 . 2009-12-21 13:12 258048 -csh--r- c:\documents and settings\Rosanna\Application Data\ufxw.exe
2009-12-21 13:12 . 2009-12-21 13:12 258048 -csh--r- c:\documents and settings\Rosanna\Application Data\ufxw.exe
2009-12-16 20:47 . 2009-02-24 13:23 -------- dc----w- c:\documents and settings\Rosanna\Application Data\PC Suite
2009-12-16 19:28 . 2008-08-13 12:45 -------- dc----w- c:\documents and settings\Miro\Application Data\FrostWire
2009-12-16 19:09 . 2008-06-17 12:33 -------- dc----w- c:\documents and settings\Miro\Application Data\PC Suite
2009-12-13 12:13 . 2009-08-10 19:56 -------- dc----w- c:\documents and settings\Rosanna\Application Data\gtk-2.0
2009-12-13 11:54 . 2009-08-28 14:22 -------- dc----w- c:\documents and settings\Rosanna\Application Data\Nokia
2009-12-12 22:02 . 2009-12-12 22:02 664 -c--a-w- c:\documents and settings\Jasmin\Local Settings\Application Data\d3d9caps.tmp
2009-12-10 05:18 . 2009-04-01 13:48 1 -c--a-w- c:\documents and settings\Miro\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 08:19 . 2007-10-30 17:12 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-06 08:19 . 2007-10-30 17:12 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-25 09:19 . 2009-05-17 20:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 21:29 . 2009-11-21 21:29 -------- dc----w- c:\documents and settings\Jasmin\Application Data\Nokia Multimedia Player
2009-11-17 12:30 . 2007-04-20 17:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-13 11:31 . 2009-08-14 11:58 -------- dc----w- c:\program files\FrostWire
2009-11-07 19:37 . 2009-11-07 19:37 -------- dc----w- c:\program files\Microsoft
2009-11-07 19:37 . 2008-02-26 18:30 -------- d-----w- c:\program files\Windows Live
2009-11-07 19:37 . 2009-11-07 19:37 -------- dc----w- c:\program files\Windows Live SkyDrive
2009-11-04 04:47 . 2009-07-17 09:28 117760 -c--a-w- c:\documents and settings\Miro\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-01 16:45 . 2007-03-13 18:37 -------- dc----w- c:\documents and settings\Miro\Application Data\gtk-2.0
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 16:22 . 2009-10-27 16:10 -------- dc----w- c:\program files\Common Files\Logitech
2009-10-27 16:22 . 2009-10-27 16:22 -------- dc----w- c:\program files\Logitech
2009-10-21 05:38 . 2008-06-03 23:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2008-06-03 23:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2008-06-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 14:13 . 2009-10-15 12:06 664 -c--a-w- c:\documents and settings\Rosanna\Local Settings\Application Data\d3d9caps.tmp
2009-10-13 17:09 . 2009-07-09 18:17 1 -c--a-w- c:\documents and settings\Rosanna\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-13 10:30 . 2008-06-03 22:59 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-06-03 22:59 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-06-03 22:59 79872 ----a-w- c:\windows\system32\raschap.dll
2007-03-22 19:48 . 2007-03-22 19:48 56 --sh--r- c:\windows\system32\1FD19ED192.sys
2007-03-23 12:17 . 2007-03-22 17:48 88 --sh--r- c:\windows\system32\92D19ED11F.sys
2009-07-15 16:13 . 2007-03-22 17:48 5904 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2009-11-30 2654512]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Miron\\Azureus\\Azureus.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942_w32ded.exe"=
"c:\\Program Files\\Activision\\Call of Duty 22\\CoD2MP_s.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Red Storm Entertainment\\RavenShield\\system\\ravenshield.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.12.2009 9:25 149840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.12.2009 9:25 19024]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1028432]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.6.2007 13:08 716272]
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
FF - ProfilePath - c:\documents and settings\Miro\Application Data\Mozilla\Firefox\Profiles\w0iundij.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: f:\miro\Picasa\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOXIN KÄYTÄNNÖT ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 21:47
Windows 5.1.2600 Service Pack 3 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1620)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fin.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-12-25 21:59:07 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-12-25 19:59
Ennen ajoa: 8 963 055 616 bytes free
Ajon jälkeen: 9 356 873 728 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 97E48CF03796ECD8B58D19493B6E3BF1
|
AfterDawn Addict
|
26. joulukuuta 2009 @ 14:02 |
Linkki tähän viestiin
|
|
Logit olis puhtaat !!!
*************************************************************
Kirjoita windowsin käynnistävalikon Aloita haku-kenttään ComboFix.exe /u paina OK
*************************************************************
Antti-Viirin Jämät siellä kai kummittelee.
Rekisteriputsi CCleanerilla vois auttaa.
.
(:)
|
|
Mivo92
Newbie
|
26. joulukuuta 2009 @ 14:54 |
Linkki tähän viestiin
|
|
Ei minulla ole käynnistävalikossa "Aloita haku" kohtaa, käytössä siis XP.
putsasin rekisterit CCleanerillä, toivottavasti Antivirin jämät hävisi.
Kiitos avusta!
|
|
Mainos
|
|
|
AfterDawn Addict
|
26. joulukuuta 2009 @ 15:33 |
Linkki tähän viestiin
|
|
SRI
Tuli väärältä riviltä.
******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
*************************************************************
Tärkeintä on tän kansion poisto => C:\QooBox\
.
(:)
|
