|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Kone sekaisin
|
|
|
tni7
Newbie
|
21. kesäkuuta 2008 @ 20:28 |
Linkki tähän viestiin
|
Hei,
Sellasta on nyt käyny, että kone on hidastunut, kuten myös selain ym. ohjelmat.
Selaimesta ei pääse esim. googlen hakuun ym.
tässä hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:46, on 21.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\TurvaPC\GDC.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\TurvaPC\updater.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TurvaPC] C:\Program Files\TurvaPC\GDC.exe
O4 - HKLM\..\Run: [00ff93d9] rundll32.exe "C:\WINDOWS\system32\cewebcoy.dll",b
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BM03cca045] Rundll32.exe "C:\WINDOWS\system32\womvmowp.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 6768 bytes
|
Senior Member
4 tuotearviota
|
22. kesäkuuta 2008 @ 15:21 |
Linkki tähän viestiin
|
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\Program Files\TurvaPC\GDC.exe
C:\WINDOWS\system32\cewebcoy.dll
C:\WINDOWS\system32\womvmowp.dll
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [TurvaPC] C:\Program Files\TurvaPC\GDC.exe
O4 - HKLM\..\Run: [00ff93d9] rundll32.exe "C:\WINDOWS\system32\cewebcoy.dll",b
O4 - HKLM\..\Run: [BM03cca045] Rundll32.exe "C:\WINDOWS\system32\womvmowp.dll",s
Poista alla oleva kansio.
C:\Program Files\TurvaPC
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
|
|
tni7
Newbie
|
22. kesäkuuta 2008 @ 17:00 |
Linkki tähän viestiin
|
Combofix:
ComboFix 08-06-20.4 - juuso 2008-06-22 16:30:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.270 [GMT 3:00]
Running from: C:\Documents and Settings\juuso\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\juuso\Työpöytä\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\womvmowp.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM03cca045.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AcedNXyb.ini
C:\WINDOWS\system32\AcedNXyb.ini2
C:\WINDOWS\system32\ahxgnvus.dll
C:\WINDOWS\system32\antugevv.ini
C:\WINDOWS\system32\byXNdecA.dll
C:\WINDOWS\system32\cwpufxiy.dll
C:\WINDOWS\system32\JTuxyyay.ini
C:\WINDOWS\system32\JTuxyyay.ini2
C:\WINDOWS\system32\qyvnucis.ini
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\xyvgltkm.ini
C:\WINDOWS\system32\yocbewec.ini
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-05-22 to 2008-06-22 )))))))))))))))))
.
2008-06-22 07:45 . 2008-06-22 07:45 101,728 --a------ C:\WINDOWS\system32\hgbnaxec.dll
2008-06-22 07:42 . 2008-06-22 07:42 84,304 --a------ C:\WINDOWS\system32\vvegutna.dll
2008-06-22 07:39 . 2008-06-22 07:39 90,464 --a------ C:\WINDOWS\system32\jlppdpqp.dll
2008-06-21 19:31 . 2008-06-21 19:31 25,472 --a------ C:\WINDOWS\system32\byXRIbAr.dll
2008-06-21 19:23 . 2008-06-21 19:23 <KANSIO> d-------- C:\Program Files\Opera
2008-06-21 15:40 . 2008-06-21 15:40 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 10:30 . 2008-06-20 10:30 79,360 --a------ C:\WINDOWS\system32\sicunvyq.dll
2008-06-19 18:19 . 2008-06-19 18:19 0 --a------ C:\23990098.$$$
2008-06-19 17:50 . 2008-06-19 17:50 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-19 17:50 . 2008-06-19 18:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-19 17:39 . 2008-06-19 17:54 <KANSIO> d-------- C:\Downloads
2008-06-19 17:39 . 2008-06-19 17:39 <KANSIO> d-------- C:\Bases
2008-06-19 17:38 . 2008-06-19 18:20 <KANSIO> d-------- C:\Kaspersky
2008-06-19 17:00 . 2008-06-19 17:00 <KANSIO> d-------- C:\Documents and Settings\juuso\Application Data\TurvaPC
2008-06-19 16:55 . 2008-06-19 16:55 <KANSIO> d-------- C:\Program Files\Common Files\TurvaPC
2008-06-19 16:55 . 2008-06-19 16:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TurvaPC
2008-06-19 16:55 . 2008-06-19 16:55 <KANSIO> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-06-19 16:55 . 2007-02-13 09:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-06-19 16:54 . 2008-06-21 17:45 <KANSIO> d-------- C:\Program Files\TurvaPC
2008-06-18 22:24 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-18 22:24 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-06-18 22:23 . 2008-06-18 22:29 <KANSIO> d-------- C:\Program Files\Trials 2 Second Edition
2008-06-18 22:23 . 2008-06-18 22:23 <KANSIO> d-------- C:\Program Files\OpenAL
2008-06-18 22:23 . 2008-06-18 22:23 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-18 22:23 . 2008-06-18 22:23 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-18 03:51 . 2008-06-18 03:53 <KANSIO> d-------- C:\Documents and Settings\juuso\Application Data\dvdcss
2008-06-11 13:44 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:44 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 03:43 . 2008-06-08 03:43 11,076 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-22 22:31 . 2008-05-22 22:31 <KANSIO> d-------- C:\Program Files\BestGameEver
2008-05-22 22:28 . 2008-05-22 22:28 <KANSIO> d-------- C:\Program Files\D-Tools
2008-05-22 22:28 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-05-22 22:28 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-05-22 22:27 . 2008-05-22 22:27 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-05-22 22:14 . 2008-05-22 22:14 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 13:33 --------- d-----w C:\Program Files\Steam
2008-06-22 13:29 --------- d-----w C:\Documents and Settings\juuso\Application Data\NoNameScript
2008-06-22 13:15 --------- d-----w C:\Program Files\mIRC
2008-06-22 11:55 --------- d-----w C:\Documents and Settings\juuso\Application Data\foobar2000
2008-06-22 01:48 --------- d-----w C:\Documents and Settings\juuso\Application Data\uTorrent
2008-06-21 21:55 --------- d-----w C:\Documents and Settings\juuso\Application Data\LimeWire
2008-06-18 14:06 --------- d-----w C:\Program Files\LimeWire
2008-05-17 19:11 --------- d-----w C:\Program Files\B2BPOKER
2008-05-17 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-12 11:30 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 11:30 --------- d-----w C:\Program Files\Windows Live
2008-05-12 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 14:25 --------- d-----w C:\Documents and Settings\juuso\Application Data\Apple Computer
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 23:07 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-05-03 23:01 --------- d-----w C:\Program Files\Xilisoft
2008-05-03 22:48 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-05-03 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-27 22:34 --------- d-----w C:\Program Files\uTorrent
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-30 20:53 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A52E74-004C-464B-96CC-4DFE5366EA02}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EE4B48C-BFE8-4265-81F5-529E0B2BD591}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB57F3E7-89A4-466C-BD48-82AA9B49FDF0}]
C:\WINDOWS\system32\yayyxuTJ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B833FF05-4DF8-4980-9A88-8549306F9DE9}]
2008-06-21 19:31 25472 --a------ C:\WINDOWS\system32\byXRIbAr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bac1b14d-b7cb-4dc9-ad5a-0aa3453d5c6d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9162FC2-4E60-4D25-90FF-0EDC5C45899B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2C0D62C-9A78-4B7C-9258-0B345E6B08A7}]
2008-06-22 16:36 318336 --a------ C:\WINDOWS\system32\geBsqRiG.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-06-18 01:05 1271032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-06-05 10:48 2113360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 12:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 12:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2005-06-29 12:08 212992]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2005-07-04 08:29 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 12:20 86016]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2005-03-07 13:34 482816]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"BM03cca045"="C:\WINDOWS\system32\ckqalluv.dll" [2008-06-22 16:42 90464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B833FF05-4DF8-4980-9A88-8549306F9DE9}"= C:\WINDOWS\system32\byXRIbAr.dll [2008-06-21 19:31 25472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRIbAr]
byXRIbAr.dll 2008-06-21 19:31 25472 C:\WINDOWS\system32\byXRIbAr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkklkJ]
opnkklkJ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-14 07:04 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geBsqRiG
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\steamapps\\hande10\\counter-strike\\hl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\B2BPOKER\\Club4Aces.com\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Kaspersky\\kavupd.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
*Newly Created Service* - WEBNTACCESS
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-06-16 19:42:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 16:33:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXRIbAr.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-22 16:43:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-22 13:43:03
Pre-Run: 28,644,401,152 tavua vapaana
Post-Run: 28,951,830,528 tavua vapaana
204 --- E O F --- 2008-06-11 12:19:35
Hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:23, on 22.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BM03cca045] Rundll32.exe "C:\WINDOWS\system32\ckqalluv.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 6597 bytes
AMD Sempron 3000+
512mt ddr-muisti
120gt kiintolevy
Ati radeon 9250, 128Mt näyttömuistia
|
Senior Member
4 tuotearviota
|
22. kesäkuuta 2008 @ 17:11 |
Linkki tähän viestiin
|
|
|
|
tni7
Newbie
|
23. kesäkuuta 2008 @ 16:38 |
Linkki tähän viestiin
|
ComboFix 08-06-20.4 - juuso 2008-06-23 16:08:54.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\juuso\Työpöytä\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM03cca045.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\geBsqRiG.dll
C:\WINDOWS\system32\GiRqsBeg.ini
C:\WINDOWS\system32\GiRqsBeg.ini2
C:\WINDOWS\system32\lvahdust.ini
C:\WINDOWS\system32\mcrh.tmp
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-05-23 to 2008-06-23 )))))))))))))))))
.
2008-06-23 15:48 . 2008-06-23 15:48 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-06-23 15:48 . 2008-06-23 15:49 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-22 22:51 . 2008-06-22 22:51 25,472 --a------ C:\WINDOWS\system32\rqRKEWMC.dll
2008-06-22 16:46 . 2008-06-22 16:46 101,728 --a------ C:\WINDOWS\system32\lopjblfd.dll
2008-06-22 16:43 . 2008-06-22 16:46 84,336 --a------ C:\WINDOWS\system32\tsudhavl.dll
2008-06-22 16:42 . 2008-06-22 16:42 90,464 --a------ C:\WINDOWS\system32\ckqalluv.dll
2008-06-22 07:45 . 2008-06-22 07:45 101,728 --a------ C:\WINDOWS\system32\hgbnaxec.dll
2008-06-22 07:42 . 2008-06-22 07:42 84,304 --a------ C:\WINDOWS\system32\vvegutna.dll
2008-06-22 07:39 . 2008-06-22 07:39 90,464 --a------ C:\WINDOWS\system32\jlppdpqp.dll
2008-06-21 19:31 . 2008-06-21 19:31 25,472 --a------ C:\WINDOWS\system32\byXRIbAr.dll
2008-06-21 19:23 . 2008-06-21 19:23 <KANSIO> d-------- C:\Program Files\Opera
2008-06-21 15:40 . 2008-06-23 15:47 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 10:30 . 2008-06-20 10:30 79,360 --a------ C:\WINDOWS\system32\sicunvyq.dll
2008-06-19 18:19 . 2008-06-19 18:19 0 --a------ C:\23990098.$$$
2008-06-19 17:50 . 2008-06-19 17:50 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-19 17:50 . 2008-06-19 18:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-19 17:39 . 2008-06-19 17:54 <KANSIO> d-------- C:\Downloads
2008-06-19 17:39 . 2008-06-19 17:39 <KANSIO> d-------- C:\Bases
2008-06-19 17:38 . 2008-06-19 18:20 <KANSIO> d-------- C:\Kaspersky
2008-06-19 17:00 . 2008-06-19 17:00 <KANSIO> d-------- C:\Documents and Settings\juuso\Application Data\TurvaPC
2008-06-19 16:55 . 2008-06-19 16:55 <KANSIO> d-------- C:\Program Files\Common Files\TurvaPC
2008-06-19 16:55 . 2008-06-19 16:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TurvaPC
2008-06-19 16:55 . 2008-06-19 16:55 <KANSIO> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-06-19 16:55 . 2007-02-13 09:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-06-19 16:54 . 2008-06-21 17:45 <KANSIO> d-------- C:\Program Files\TurvaPC
2008-06-18 22:24 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-18 22:24 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-06-18 22:23 . 2008-06-18 22:29 <KANSIO> d-------- C:\Program Files\Trials 2 Second Edition
2008-06-18 22:23 . 2008-06-18 22:23 <KANSIO> d-------- C:\Program Files\OpenAL
2008-06-18 22:23 . 2008-06-18 22:23 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-18 22:23 . 2008-06-18 22:23 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-18 03:51 . 2008-06-18 03:53 <KANSIO> d-------- C:\Documents and Settings\juuso\Application Data\dvdcss
2008-06-11 13:44 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:44 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 03:43 . 2008-06-08 03:43 11,076 --ah----- C:\WINDOWS\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 13:12 --------- d-----w C:\Program Files\Steam
2008-06-23 13:06 --------- d-----w C:\Documents and Settings\juuso\Application Data\foobar2000
2008-06-23 09:34 --------- d-----w C:\Program Files\mIRC
2008-06-23 09:34 --------- d-----w C:\Documents and Settings\juuso\Application Data\NoNameScript
2008-06-23 01:17 --------- d-----w C:\Documents and Settings\juuso\Application Data\uTorrent
2008-06-22 23:34 --------- d-----w C:\Documents and Settings\juuso\Application Data\LimeWire
2008-06-18 14:06 --------- d-----w C:\Program Files\LimeWire
2008-05-22 19:31 --------- d-----w C:\Program Files\BestGameEver
2008-05-22 19:28 --------- d-----w C:\Program Files\D-Tools
2008-05-22 19:14 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-17 19:11 --------- d-----w C:\Program Files\B2BPOKER
2008-05-17 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-12 11:30 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 11:30 --------- d-----w C:\Program Files\Windows Live
2008-05-12 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 14:25 --------- d-----w C:\Documents and Settings\juuso\Application Data\Apple Computer
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 23:07 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-05-03 23:01 --------- d-----w C:\Program Files\Xilisoft
2008-05-03 22:48 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-05-03 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 22:34 --------- d-----w C:\Program Files\uTorrent
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-30 20:53 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_16.42.48.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 13:33:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 13:11:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-24 16:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-06-23 12:51:48 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 17:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
- 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-06-22 23:18:18 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-23 13:11:44 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6b8.dat
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A82634-9D13-4BE0-851C-B2F944FDABE5}]
2008-06-23 16:15 318256 --a------ C:\WINDOWS\system32\byXpPiJY.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ebf30b9-32b1-4178-8753-f167f48d4fc2}]
2008-06-22 16:46 101728 --a------ C:\WINDOWS\system32\lopjblfd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB57F3E7-89A4-466C-BD48-82AA9B49FDF0}]
C:\WINDOWS\system32\yayyxuTJ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B833FF05-4DF8-4980-9A88-8549306F9DE9}]
2008-06-21 19:31 25472 --a------ C:\WINDOWS\system32\byXRIbAr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2C0D62C-9A78-4B7C-9258-0B345E6B08A7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-06-18 01:05 1271032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-06-05 10:48 2113360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 12:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 12:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2005-06-29 12:08 212992]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2005-07-04 08:29 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 12:20 86016]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2005-03-07 13:34 482816]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"BM03cca045"="C:\WINDOWS\system32\ckqalluv.dll" [2008-06-22 16:42 90464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B833FF05-4DF8-4980-9A88-8549306F9DE9}"= C:\WINDOWS\system32\byXRIbAr.dll [2008-06-21 19:31 25472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRIbAr]
byXRIbAr.dll 2008-06-21 19:31 25472 C:\WINDOWS\system32\byXRIbAr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkklkJ]
opnkklkJ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-14 07:04 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\byXpPiJY
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\steamapps\\hande10\\counter-strike\\hl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\B2BPOKER\\Club4Aces.com\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Kaspersky\\kavupd.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
*Newly Created Service* - WEBNTACCESS
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-06-16 19:42:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 16:12:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\byXpPiJY.dll 318256 bytes executable
C:\WINDOWS\system32\YJiPpXyb.ini 347 bytes
C:\WINDOWS\system32\YJiPpXyb.ini2 347 bytes
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXRIbAr.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\qomqyqyl.dll
-> C:\WINDOWS\system32\ckqalluv.dll
-> C:\WINDOWS\system32\byXpPiJY.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-23 16:22:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 13:22:05
ComboFix2.txt 2008-06-22 13:43:16
Pre-Run: 25,954,140,160 tavua vapaana
Post-Run: 25,975,562,240 tavua vapaana
239 --- E O F --- 2008-06-11 12:19:35
AMD Sempron 3000+
512mt ddr-muisti
120gt kiintolevy
Ati radeon 9250, 128Mt näyttömuistia
|
|
Mainos
|
|
|
Senior Member
4 tuotearviota
|
23. kesäkuuta 2008 @ 17:37 |
Linkki tähän viestiin
|
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\WINDOWS\system32\rqRKEWMC.dll
C:\WINDOWS\system32\lopjblfd.dll
C:\WINDOWS\system32\tsudhavl.dll
C:\WINDOWS\system32\ckqalluv.dll
C:\WINDOWS\system32\hgbnaxec.dll
C:\WINDOWS\system32\vvegutna.dll
C:\WINDOWS\system32\jlppdpqp.dll
C:\WINDOWS\system32\byXRIbAr.dll
C:\WINDOWS\system32\sicunvyq.dll
Folder::
C:\Program Files\TurvaPC
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Documents and Settings\All Users\Application Data\TurvaPC
C:\Documents and Settings\juuso\Application Data\TurvaPC
C:\Program Files\Common Files\TurvaPC
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
|
|
