AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
perjantai 14.11.2025 / 12:50
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > mese virus ongelmia.. kuinka siitä päästään eroon kun tukkii jo koko koneen. logi mukana
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Mese virus ongelmia.. kuinka siitä päästään eroon kun tukkii jo koko koneen. Logi mukana
  Siirry:
 
Kirjoittaja Viesti
AinoW
Junior Member
_ 		23. kesäkuuta 2008 @ 16:02 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Siispä, saatiin koneeseen mesen kautta virus joka nyt tukkii ilmeisesti koko koneen, niin ettei sillä pääse enää nettiinkään kunnolla. Olisiko täällä joku joka osaisi/kerkiäisi auttaamaan?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:44:56, on 23.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/forum_view.cfm/198
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {d2c3c77d-d39c-0f1a-4fa4-012687577df6} - {6fd77578-6210-4af4-a1f0-c93dd77c3c2d} - C:\WINDOWS\system32\bxxqfmgv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0C385DC-A7FF-4E7F-823E-A00F9DF48F51} - C:\WINDOWS\system32\hgGyyxXr.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [0fa84e0f] rundll32.exe "C:\WINDOWS\system32\vowbabri.dll",b
O4 - HKLM\..\Run: [BM0c9b7d93] Rundll32.exe "C:\WINDOWS\system32\ldkavnbu.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZNfox000
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1124800890599
O17 - HKLM\System\CCS\Services\Tcpip\..\{4911FFCD-A504-48B6-B9BB-092748DC57A0}: NameServer = 193.166.80.16,193.166.234.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{D16E6677-03CC-47AE-A383-54CB8AD0265D}: NameServer = 193.166.80.14,193.166.234.15
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qoMccBqQ - qoMccBqQ.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9233 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		23. kesäkuuta 2008 @ 16:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Poista Lisää poista sovelutuksesta

MyWebSearch
SUPERAntiSpyware
Spybot - Search & Destroy

==============

Poista vikasiedossa kansiot

C:\Program Files\MyWebSearch
C:\Program Files\SUPERAntiSpyware
C:\Program Files\Spybot - Search & Destroy

=============

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

================

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\WINDOWS\system32\bxxqfmgv.dll
C:\WINDOWS\system32\hgGyyxXr.dll
C:\WINDOWS\system32\vowbabri.dll
C:\WINDOWS\system32\ldkavnbu.dll
C:\WINDOWS\winudspm.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

================

Scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: {d2c3c77d-d39c-0f1a-4fa4-012687577df6} - {6fd77578-6210-4af4-a1f0-c93dd77c3c2d} - C:\WINDOWS\system32\bxxqfmgv.dll (file missing)
O2 - BHO: (no name) - {A0C385DC-A7FF-4E7F-823E-A00F9DF48F51} - C:\WINDOWS\system32\hgGyyxXr.dll (file missing)
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [0fa84e0f] rundll32.exe "C:\WINDOWS\system32\vowbabri.dll",b
O4 - HKLM\..\Run: [BM0c9b7d93] Rundll32.exe "C:\WINDOWS\system32\ldkavnbu.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/forum_view.cfm/198
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qoMccBqQ - qoMccBqQ.dll (file missing)

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

==============

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.




[ + lainaa]
Voiko tietsikka koskaan toimia?
AinoW
Junior Member
_ 		23. kesäkuuta 2008 @ 20:49 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ComboFix 08-06-20.4 - Elina 2008-06-23 18:45:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.595 [GMT 3:00]
Running from: C:\Documents and Settings\Elina\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\setup.exe
C:\WINDOWS\BM0c9b7d93.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cxvnlypj.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\rXxyyGgh.ini
C:\WINDOWS\system32\rXxyyGgh.ini2
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\ups.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-05-23 to 2008-06-23 )))))))))))))))))
.

2008-06-23 18:54 . 2008-06-23 18:55 25,600 --a------ C:\WINDOWS\system32\awttttQj.dll
2008-06-21 20:09 . 2008-06-21 20:09 <KANSIO> d-------- C:\Program Files\Opera
2008-06-21 16:43 . 2008-06-21 17:16 2,478 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-20 18:22 . 2008-06-20 18:22 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-20 16:56 . 2008-06-20 16:56 79,360 --a------ C:\WINDOWS\system32\vowbabri.dll
2008-06-20 16:56 . 2008-06-23 18:53 1,726 ---hs---- C:\WINDOWS\system32\irbabwov.ini
2008-06-20 16:54 . 2008-06-20 16:54 90,112 --a------ C:\WINDOWS\system32\ldkavnbu.dll
2008-06-18 15:08 . 2008-06-18 15:08 8,784 --a------ C:\wr-0002164.exe
2008-06-12 20:02 . 2008-06-12 20:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 20:02 . 2008-06-12 20:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 20:50 . 2008-06-11 22:00 29,835 --a------ C:\Documents and Settings\Elina\abc.exe
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:44 . 2008-06-10 18:44 29,835 --a------ C:\Documents and Settings\Elina\nick.exe
2008-06-10 18:32 . 2008-06-10 19:20 29,835 --a------ C:\nick.exe
2008-06-09 17:56 . 2008-06-09 17:56 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\TrojanHunter
2008-06-09 17:31 . 2008-06-09 17:31 29,342 --a------ C:\gpf.exe
2008-06-09 16:55 . 2008-06-09 16:55 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-09 16:48 . 2008-06-09 16:49 <KANSIO> d-------- C:\Program Files\Panda Security
2008-06-09 02:47 . 2008-06-09 02:47 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\SUPERAntiSpyware.com
2008-06-09 02:30 . 2008-06-09 02:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 02:17 . 2008-06-09 02:17 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-09 00:20 . 2008-06-09 00:20 29,342 --a------ C:\pfs.exe
2008-06-08 23:10 . 2008-06-09 17:31 29,342 --a------ C:\Documents and Settings\Elina\ps.exe
2008-06-08 22:23 . 2008-06-08 22:23 18,587 --a------ C:\Documents and Settings\Elina\packed.exe
2008-06-08 15:24 . 2008-06-08 21:33 2,231 --a------ C:\is154890.exe
2008-06-06 17:21 . 2008-06-08 21:35 2,231 --a------ C:\hszs.exe
2008-06-06 15:25 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Elina\sz.exe
2008-06-06 15:16 . 2008-06-06 15:19 49,156 --a------ C:\szs.exe
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Elina\stp.exe
2008-06-04 21:59 . 2008-06-04 22:06 86,528 --a------ C:\stp.exe
2008-06-03 23:39 . 2008-06-03 23:41 202,210 --a------ C:\sxy.exe
2008-06-03 21:14 . 2008-06-03 21:14 4,217 --a------ C:\WINDOWS\is154890.exe
2008-06-03 18:59 . 2008-06-03 22:58 52,331 --a------ C:\f.bat
2008-06-03 18:36 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Elina\setupa.exe
2008-06-03 18:09 . 2008-06-03 23:05 86,548 --a------ C:\ssetup.exe
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-05-30 16:55 . 2008-06-04 16:03 3,424 --a------ C:\Documents and Settings\Elina\setup.exe
2008-05-30 01:28 . 2008-05-30 01:28 <KANSIO> d-------- C:\Documents and Settings\J?rjestelm?nvalvoja
2008-05-30 01:14 . 2008-06-20 17:38 <KANSIO> d-------- C:\MSNCleaner
2008-05-29 23:08 . 2008-05-29 23:08 86,340 --a------ C:\profile.com
2008-05-29 20:42 . 2008-05-29 20:42 249,496 --a------ C:\sexy.exe
2008-05-29 20:18 . 2008-05-29 20:18 86,340 --a------ C:\img.com
2008-05-29 19:38 . 2008-05-29 19:38 40,960 --a------ C:\dsdc.exe
2008-05-29 17:03 . 2008-05-29 18:12 56,832 --a------ C:\fa.com
2008-05-29 15:35 . 2008-05-30 02:02 60,132 --a------ C:\ddc.exe
2008-05-29 01:24 . 2008-05-29 01:24 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\Windows Live Writer
2008-05-29 00:05 . 2008-06-23 18:54 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-28 19:27 . 2008-05-28 20:10 56,832 --a------ C:\sxy1.com
2008-05-28 19:23 . 2008-05-28 19:23 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-28 19:23 . 2008-05-29 16:29 3,422 --a------ C:\dci.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 15:55 12,744,736 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-23 15:51 150,356 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-23 15:26 1,320 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-18 23:41 --------- d-----w C:\Documents and Settings\Elina\Application Data\Corel
2008-05-29 12:28 --------- d-----w C:\Program Files\Windows Live
2008-05-29 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-28 19:06 --------- d-----w C:\Program Files\Windows Media Connect
2008-05-28 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 18:20 --------- d-----w C:\Program Files\Winamp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-05 10:38 16,787,031 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2005-09-05 11:52 0 ----a-w C:\Documents and Settings\Elina\Application Data\wklnhst.dat
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6fd77578-6210-4af4-a1f0-c93dd77c3c2d}]
C:\WINDOWS\system32\bxxqfmgv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0C385DC-A7FF-4E7F-823E-A00F9DF48F51}]
C:\WINDOWS\system32\hgGyyxXr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 15:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 15:11 692316]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-31 21:20 282624]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"Windows UDP Control"="winudspm.exe" [2008-05-28 19:23 56832 C:\WINDOWS\winudspm.exe]
"0fa84e0f"="C:\WINDOWS\system32\vowbabri.dll" [2008-06-20 16:56 79360]
"BM0c9b7d93"="C:\WINDOWS\system32\ldkavnbu.dll" [2008-06-20 16:54 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMccBqQ]
qoMccBqQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\mIRC\\mirc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 10:51]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 09:32]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 14:55]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 17:39]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-06-23 15:34:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-25 22:24:19 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2008-06-23 15:00:00 C:\WINDOWS\Tasks\Windows Update -sivusto.job"
- C:\WINDOWS\system32\wupdmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 18:54:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?2?3?6??????? ???B?????????????hLC? ??????

scanning hidden files ...


C:\Documents and Settings\Elina\Local Settings\Application Data\Microsoft\Messenger\sumuinensunnuntai@luukku.com\SharingMetadata\Working\database_125B_6B11_FA8_4EA0\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\vowbabri.dll
-> C:\WINDOWS\system32\ldkavnbu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-23 18:59:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 15:58:55

Pre-Run: 47,084,199,936 tavua vapaana
Post-Run: 47,018,274,816 tavua vapaana

212 --- E O F --- 2008-06-20 15:22:06


--------------------------------
--------------------------------

Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 882

19:56:38 23.6.2008
mbam-log-6-23-2008 (19-56-38).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 102212
Kulunut aika: 37 minute(s), 16 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 13
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 1
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 53

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\ddc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\dsdc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\fa.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\img.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\profile.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\sexy.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\sxy1.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\MSNCleaner\BackUpMSNCleaner\d.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\MSNCleaner\BackUpMSNCleaner\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\winudspm.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ldkavnbu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vowbabri.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\usb323.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP817\A0201048.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP817\A0201049.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP830\A0202887.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP830\A0202930.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP831\A0202995.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP831\A0203011.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP834\A0203497.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP834\A0203499.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP849\A0208663.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP849\A0208677.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP849\A0208724.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP849\A0208725.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP849\A0208726.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP849\A0211729.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP849\A0211730.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP850\A0211763.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP850\A0211764.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP850\A0211807.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP852\A0211892.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP852\A0211901.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP852\A0211928.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP852\A0211932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP852\A0211933.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP852\A0211934.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP852\A0211935.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP852\A0211936.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP852\A0211937.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP854\A0212168.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP854\A0212214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP856\A0212383.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP856\A0212384.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP857\A0212433.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP858\A0212484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP858\A0212485.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP858\A0212486.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\is154890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awttttQj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRLCUM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elina\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.



------------------------------------------
------------------------------------------

SDFix: Version 1.196
Run by Elina on ma 23.06.2008 at 20:15

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Elina\TYPYT~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\GPF.EXE - Deleted
C:\PFS.EXE - Deleted
C:\f.bat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 20:27:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000007c
"TracesSuccessful"=dword:00000009

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\mIRC\\mirc.exe"="C:\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Elina\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 19 Jun 2008 88 ..SHR --- "C:\WINDOWS\system32\6F33A903C3.sys"
Thu 19 Jun 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 11 Sep 2007 2,516 A.SH. --- "C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP848\A0206363.sys"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\BIT2.tmp"

Finished!

-------------------------------
-------------------------------

Toivottavasti meni oikein! Ainenkin firefoxilla näyttää pääsevän taas joka paikkaan. :)


Aino
[ + lainaa]
- Parempi yksi ruuvi löysällä, kuin kymmenen liian tiukalla. -
Hujo
Suspended permanently
_ 		23. kesäkuuta 2008 @ 21:23 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
scannaa uusi combofix loki
ja uusi hjt:n loki
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. kesäkuuta 2008 @ 21:26
AinoW
Junior Member
_ 		23. kesäkuuta 2008 @ 22:57 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:12, on 23.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1124800890599
O17 - HKLM\System\CCS\Services\Tcpip\..\{4911FFCD-A504-48B6-B9BB-092748DC57A0}: NameServer = 193.166.80.16,193.166.234.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{D16E6677-03CC-47AE-A383-54CB8AD0265D}: NameServer = 193.166.80.14,193.166.234.15
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7735 bytes



-------------------------------------------
-------------------------------------------

ComboFix 08-06-20.4 - Elina 2008-06-23 22:38:58.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.602 [GMT 3:00]
Running from: C:\Documents and Settings\Elina\Työpöytä\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ldkavnbu.dll
C:\WINDOWS\system32\vowbabri.dll
C:\WINDOWS\winudspm.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-23 to 2008-06-23 )))))))))))))))))
.

2008-06-23 22:29 . 2004-09-15 11:00 390,656 --a------ C:\WINDOWS\system32\CF4599.exe
2008-06-23 20:09 . 2008-06-23 20:09 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-06-23 20:06 . 2008-06-23 03:15 <KANSIO> d-------- C:\SDFix
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\Malwarebytes
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 19:17 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 19:17 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-23 18:59 . 2008-06-23 18:59 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-23 18:58 . 2008-06-23 18:58 0 --a------ C:\WINDOWS\BM0c9b7d93.xml
2008-06-21 20:09 . 2008-06-21 20:09 <KANSIO> d-------- C:\Program Files\Opera
2008-06-21 16:43 . 2008-06-21 17:16 2,478 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-20 18:22 . 2008-06-20 18:22 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-20 16:56 . 2008-06-23 19:03 1,846 ---hs---- C:\WINDOWS\system32\irbabwov.ini
2008-06-18 15:08 . 2008-06-18 15:08 8,784 --a------ C:\wr-0002164.exe
2008-06-12 20:02 . 2008-06-12 20:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 20:02 . 2008-06-12 20:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 20:50 . 2008-06-11 22:00 29,835 --a------ C:\Documents and Settings\Elina\abc.exe
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:44 . 2008-06-10 18:44 29,835 --a------ C:\Documents and Settings\Elina\nick.exe
2008-06-10 18:32 . 2008-06-10 19:20 29,835 --a------ C:\nick.exe
2008-06-09 17:56 . 2008-06-09 17:56 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\TrojanHunter
2008-06-09 16:55 . 2008-06-09 16:55 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-09 16:48 . 2008-06-09 16:49 <KANSIO> d-------- C:\Program Files\Panda Security
2008-06-09 02:47 . 2008-06-09 02:47 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\SUPERAntiSpyware.com
2008-06-09 02:30 . 2008-06-09 02:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 02:17 . 2008-06-09 02:17 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-08 23:10 . 2008-06-09 17:31 29,342 --a------ C:\Documents and Settings\Elina\ps.exe
2008-06-08 22:23 . 2008-06-08 22:23 18,587 --a------ C:\Documents and Settings\Elina\packed.exe
2008-06-06 17:21 . 2008-06-08 21:35 2,231 --a------ C:\hszs.exe
2008-06-06 15:25 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Elina\sz.exe
2008-06-06 15:16 . 2008-06-06 15:19 49,156 --a------ C:\szs.exe
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Elina\stp.exe
2008-06-04 21:59 . 2008-06-04 22:06 86,528 --a------ C:\stp.exe
2008-06-03 23:39 . 2008-06-03 23:41 202,210 --a------ C:\sxy.exe
2008-06-03 21:14 . 2008-06-03 21:14 4,217 --a------ C:\WINDOWS\is154890.exe
2008-06-03 18:36 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Elina\setupa.exe
2008-06-03 18:09 . 2008-06-03 23:05 86,548 --a------ C:\ssetup.exe
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-30 01:28 . 2008-05-30 01:28 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-05-30 01:14 . 2008-06-20 17:38 <KANSIO> d-------- C:\MSNCleaner
2008-05-29 01:24 . 2008-05-29 01:24 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\Windows Live Writer
2008-05-29 00:05 . 2008-06-23 20:24 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-28 19:23 . 2008-05-29 16:29 3,422 --a------ C:\dci.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 19:43 12,884,000 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-23 17:04 1,485 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-23 17:03 151,004 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-23 16:59 18,192,343 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-18 23:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 23:41 --------- d-----w C:\Documents and Settings\Elina\Application Data\Corel
2008-05-29 12:28 --------- d-----w C:\Program Files\Windows Live
2008-05-29 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-28 19:06 --------- d-----w C:\Program Files\Windows Media Connect
2008-05-28 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 18:20 --------- d-----w C:\Program Files\Winamp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2005-09-05 11:52 0 ----a-w C:\Documents and Settings\Elina\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_18.57.55.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 15:52:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 17:23:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 00:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-23 17:10:22 4,730,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-23 17:10:22 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-23 00:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-23 17:09:53 4,730,880 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-23 17:09:53 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2004-09-15 08:00:00 51,096 ----a-w C:\WINDOWS\system32\command.com
+ 2001-08-18 10:00:00 50,620 ----a-w C:\WINDOWS\system32\command.com
+ 2008-06-23 17:23:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 15:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 15:11 692316]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\mIRC\\mirc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 10:51]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 09:32]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 14:55]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 17:39]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-23 19:34:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-25 22:24:19 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2008-06-23 15:00:00 C:\WINDOWS\Tasks\Windows Update -sivusto.job"
- C:\WINDOWS\system32\wupdmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 22:43:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?2?3?6??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-23 22:45:27
ComboFix-quarantined-files.txt 2008-06-23 19:45:21
ComboFix2.txt 2008-06-23 15:59:09

Pre-Run: 46,949,724,160 tavua vapaana
Post-Run: 46,928,506,880 tavua vapaana

193 --- E O F --- 2008-06-20 15:22:06



-----------------------------------------------
-----------------------------------------------

Aino
[ + lainaa]
- Parempi yksi ruuvi löysällä, kuin kymmenen liian tiukalla. -
Hujo
Suspended permanently
_ 		24. kesäkuuta 2008 @ 02:56 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\Documents and Settings\Elina\ps.exe
C:\WINDOWS\BM0c9b7d93.xml
C:\nick.exe
C:\hszs.exe
C:\Documents and Settings\Elina\sz.exe
C:\szs.exe
C:\WINDOWS\ftp.exe
C:\Documents and Settings\Elina\stp.exe
C:\stp.exe
C:\sxy.exe
C:\WINDOWS\is154890.ex
C:\Documents and Settings\Elina\setupa.exe
C:\ssetup.ex
C:\WINDOWS\sb.exe
C:\dci.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

============

asenna avast uudelleen
[ + lainaa]
Voiko tietsikka koskaan toimia?
AinoW
Junior Member
_ 		24. kesäkuuta 2008 @ 17:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ComboFix 08-06-20.4 - Elina 2008-06-24 16:32:26.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.589 [GMT 3:00]
Running from: C:\Documents and Settings\Elina\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Elina\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ldkavnbu.dll
C:\WINDOWS\system32\vowbabri.dll
C:\WINDOWS\winudspm.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-24 to 2008-06-24 )))))))))))))))))
.

2008-06-23 20:09 . 2008-06-23 20:09 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-06-23 20:06 . 2008-06-23 03:15 <KANSIO> d-------- C:\SDFix
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\Malwarebytes
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 19:17 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 19:17 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-23 18:59 . 2008-06-23 18:59 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-23 18:58 . 2008-06-23 18:58 0 --a------ C:\WINDOWS\BM0c9b7d93.xml
2008-06-21 20:09 . 2008-06-21 20:09 <KANSIO> d-------- C:\Program Files\Opera
2008-06-21 16:43 . 2008-06-21 17:16 2,478 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-20 18:22 . 2008-06-20 18:22 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-20 16:56 . 2008-06-23 19:03 1,846 ---hs---- C:\WINDOWS\system32\irbabwov.ini
2008-06-18 15:08 . 2008-06-18 15:08 8,784 --a------ C:\wr-0002164.exe
2008-06-12 20:02 . 2008-06-12 20:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 20:02 . 2008-06-12 20:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 20:50 . 2008-06-11 22:00 29,835 --a------ C:\Documents and Settings\Elina\abc.exe
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:44 . 2008-06-10 18:44 29,835 --a------ C:\Documents and Settings\Elina\nick.exe
2008-06-10 18:32 . 2008-06-10 19:20 29,835 --a------ C:\nick.exe
2008-06-09 17:56 . 2008-06-09 17:56 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\TrojanHunter
2008-06-09 16:55 . 2008-06-09 16:55 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-09 16:48 . 2008-06-09 16:49 <KANSIO> d-------- C:\Program Files\Panda Security
2008-06-09 02:47 . 2008-06-09 02:47 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\SUPERAntiSpyware.com
2008-06-09 02:30 . 2008-06-09 02:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 02:17 . 2008-06-09 02:17 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-08 23:10 . 2008-06-09 17:31 29,342 --a------ C:\Documents and Settings\Elina\ps.exe
2008-06-08 22:23 . 2008-06-08 22:23 18,587 --a------ C:\Documents and Settings\Elina\packed.exe
2008-06-06 17:21 . 2008-06-08 21:35 2,231 --a------ C:\hszs.exe
2008-06-06 15:25 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Elina\sz.exe
2008-06-06 15:16 . 2008-06-06 15:19 49,156 --a------ C:\szs.exe
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-04 22:00 . 2008-06-04 22:00 86,528 --a------ C:\Documents and Settings\Elina\stp.exe
2008-06-04 21:59 . 2008-06-04 22:06 86,528 --a------ C:\stp.exe
2008-06-03 23:39 . 2008-06-03 23:41 202,210 --a------ C:\sxy.exe
2008-06-03 21:14 . 2008-06-03 21:14 4,217 --a------ C:\WINDOWS\is154890.exe
2008-06-03 18:36 . 2008-06-03 23:24 86,548 --a------ C:\Documents and Settings\Elina\setupa.exe
2008-06-03 18:09 . 2008-06-03 23:05 86,548 --a------ C:\ssetup.exe
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-30 01:28 . 2008-05-30 01:28 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-05-30 01:14 . 2008-06-20 17:38 <KANSIO> d-------- C:\MSNCleaner
2008-05-29 01:24 . 2008-05-29 01:24 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\Windows Live Writer
2008-05-29 00:05 . 2008-06-24 15:11 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-28 19:23 . 2008-05-29 16:29 3,422 --a------ C:\dci.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 13:38 12,988,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-23 23:13 152,588 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-23 17:04 1,485 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-23 16:59 18,192,343 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-18 23:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 23:41 --------- d-----w C:\Documents and Settings\Elina\Application Data\Corel
2008-05-29 12:28 --------- d-----w C:\Program Files\Windows Live
2008-05-29 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-28 19:06 --------- d-----w C:\Program Files\Windows Media Connect
2008-05-28 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 18:20 --------- d-----w C:\Program Files\Winamp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2005-09-05 11:52 0 ----a-w C:\Documents and Settings\Elina\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_18.57.55.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 15:52:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-24 12:09:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 00:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-23 17:10:22 4,730,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-23 17:10:22 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-23 00:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-23 17:09:53 4,730,880 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-23 17:09:53 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2004-09-15 08:00:00 51,096 ----a-w C:\WINDOWS\system32\command.com
+ 2001-08-18 10:00:00 50,620 ----a-w C:\WINDOWS\system32\command.com
+ 2008-06-24 12:10:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 15:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 15:11 692316]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\mIRC\\mirc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 10:51]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 09:32]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 14:55]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 17:39]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-24 13:34:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-25 22:24:19 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2008-06-23 15:00:00 C:\WINDOWS\Tasks\Windows Update -sivusto.job"
- C:\WINDOWS\system32\wupdmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 16:37:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?2?3?6??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-24 16:39:41
ComboFix-quarantined-files.txt 2008-06-24 13:39:34
ComboFix2.txt 2008-06-23 15:59:09

Pre-Run: 46,842,535,936 tavua vapaana
Post-Run: 46,827,175,936 tavua vapaana

193 --- E O F --- 2008-06-20 15:22:06


----------------------------------
----------------------------------

avast asennettu ja pyöritetty se löysi vissiin myös jotain. :)


Aino
[ + lainaa]
- Parempi yksi ruuvi löysällä, kuin kymmenen liian tiukalla. -
Hujo
Suspended permanently
_ 		24. kesäkuuta 2008 @ 19:07 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lainaus, alkuperäisen viestin kirjoitti Hujo:
 Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\Documents and Settings\Elina\ps.exe
C:\WINDOWS\BM0c9b7d93.xml
C:\nick.exe
C:\hszs.exe
C:\Documents and Settings\Elina\sz.exe
C:\szs.exe
C:\WINDOWS\ftp.exe
C:\Documents and Settings\Elina\stp.exe
C:\stp.exe
C:\sxy.exe
C:\WINDOWS\is154890.ex
C:\Documents and Settings\Elina\setupa.exe
C:\ssetup.ex
C:\WINDOWS\sb.exe
C:\dci.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

============

laitas tää uudelleen ja tee se vaikka näin

Nyt tuon punasella merkityn laitat tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Kohde: työpöytä

sittten vasemmasta ylä reunasta tiedosto > tallenna nimellä CFScript.txt

tallenusmuoto kaikki tiedostot

sitten raahaat sen kuvan osoitamalla tavalla

combofix työstää tulee sininen taulu paina numeroa 1 ja enter


[ + lainaa]
Voiko tietsikka koskaan toimia?
AinoW
Junior Member
_ 		24. kesäkuuta 2008 @ 20:01 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ComboFix 08-06-20.4 - Elina 2008-06-24 19:45:27.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.624 [GMT 3:00]
Running from: C:\Documents and Settings\Elina\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Elina\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\dci.exe
C:\Documents and Settings\Elina\ps.exe
C:\Documents and Settings\Elina\setupa.exe
C:\Documents and Settings\Elina\stp.exe
C:\Documents and Settings\Elina\sz.exe
C:\hszs.exe
C:\nick.exe
C:\ssetup.ex
C:\stp.exe
C:\sxy.exe
C:\szs.exe
C:\WINDOWS\BM0c9b7d93.xml
C:\WINDOWS\ftp.exe
C:\WINDOWS\is154890.ex
C:\WINDOWS\sb.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dci.exe
C:\Documents and Settings\Elina\ps.exe
C:\Documents and Settings\Elina\setupa.exe
C:\Documents and Settings\Elina\stp.exe
C:\Documents and Settings\Elina\sz.exe
C:\hszs.exe
C:\nick.exe
C:\stp.exe
C:\sxy.exe
C:\szs.exe
C:\WINDOWS\BM0c9b7d93.xml
C:\WINDOWS\ftp.exe
C:\WINDOWS\sb.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-24 to 2008-06-24 )))))))))))))))))
.

2008-06-23 20:09 . 2008-06-23 20:09 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-06-23 20:06 . 2008-06-23 03:15 <KANSIO> d-------- C:\SDFix
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\Malwarebytes
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 19:17 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 19:17 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-23 18:59 . 2008-06-23 18:59 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-21 20:09 . 2008-06-21 20:09 <KANSIO> d-------- C:\Program Files\Opera
2008-06-21 16:43 . 2008-06-21 17:16 2,478 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-20 18:22 . 2008-06-20 18:22 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-20 16:56 . 2008-06-23 19:03 1,846 ---hs---- C:\WINDOWS\system32\irbabwov.ini
2008-06-18 15:08 . 2008-06-18 15:08 8,784 --a------ C:\wr-0002164.exe
2008-06-12 20:02 . 2008-06-12 20:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 20:02 . 2008-06-12 20:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 20:50 . 2008-06-11 22:00 29,835 --a------ C:\Documents and Settings\Elina\abc.exe
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:44 . 2008-06-10 18:44 29,835 --a------ C:\Documents and Settings\Elina\nick.exe
2008-06-09 17:56 . 2008-06-09 17:56 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\TrojanHunter
2008-06-09 16:55 . 2008-06-09 16:55 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-09 16:48 . 2008-06-09 16:49 <KANSIO> d-------- C:\Program Files\Panda Security
2008-06-09 02:47 . 2008-06-09 02:47 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\SUPERAntiSpyware.com
2008-06-09 02:30 . 2008-06-09 02:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 02:17 . 2008-06-09 02:17 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-08 22:23 . 2008-06-08 22:23 18,587 --a------ C:\Documents and Settings\Elina\packed.exe
2008-06-03 21:14 . 2008-06-03 21:14 4,217 --a------ C:\WINDOWS\is154890.exe
2008-06-03 18:09 . 2008-06-03 23:05 86,548 --a------ C:\ssetup.exe
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-30 01:28 . 2008-05-30 01:28 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-05-30 01:14 . 2008-06-20 17:38 <KANSIO> d-------- C:\MSNCleaner
2008-05-29 01:24 . 2008-05-29 01:24 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\Windows Live Writer
2008-05-29 00:05 . 2008-06-24 17:46 2,148 --a------ C:\WINDOWS\system32\wpa.dbl

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 16:51 13,082,656 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-24 14:44 153,692 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-24 13:46 18,873,887 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-23 17:04 1,485 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-18 23:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 23:41 --------- d-----w C:\Documents and Settings\Elina\Application Data\Corel
2008-05-29 12:28 --------- d-----w C:\Program Files\Windows Live
2008-05-29 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-28 19:06 --------- d-----w C:\Program Files\Windows Media Connect
2008-05-28 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 18:20 --------- d-----w C:\Program Files\Winamp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2005-09-05 11:52 0 ----a-w C:\Documents and Settings\Elina\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_18.57.55.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 15:52:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-24 14:45:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 00:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-23 17:10:22 4,730,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-23 17:10:22 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-23 00:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-23 17:09:53 4,730,880 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-23 17:09:53 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2004-09-15 08:00:00 51,096 ----a-w C:\WINDOWS\system32\command.com
+ 2001-08-18 10:00:00 50,620 ----a-w C:\WINDOWS\system32\command.com
- 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-06-24 14:46:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_674.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 15:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 15:11 692316]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\mIRC\\mirc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 10:51]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 09:32]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 14:55]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 17:39]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-24 16:34:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-25 22:24:19 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2008-06-23 15:00:00 C:\WINDOWS\Tasks\Windows Update -sivusto.job"
- C:\WINDOWS\system32\wupdmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 19:50:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?2?3?6??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-24 19:52:59
ComboFix-quarantined-files.txt 2008-06-24 16:52:52
ComboFix2.txt 2008-06-24 13:39:44
ComboFix3.txt 2008-06-23 15:59:09

Pre-Run: 46,842,707,968 tavua vapaana
Post-Run: 46,862,721,024 tavua vapaana

206 --- E O F --- 2008-06-20 15:22:06



-------------------------------
-------------------------------


Aino
[ + lainaa]
- Parempi yksi ruuvi löysällä, kuin kymmenen liian tiukalla. -
Hujo
Suspended permanently
_ 		26. kesäkuuta 2008 @ 00:53 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\ssetup.exe
C:\WINDOWS\is154890.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

=====

koneella kerion palomuuri ja zonearlam
yksi palomuuri piisaa.
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. kesäkuuta 2008 @ 00:57
AinoW
Junior Member
_ 		26. kesäkuuta 2008 @ 03:00 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ComboFix 08-06-20.4 - Elina 2008-06-26 2:41:50.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.377 [GMT 3:00]
Running from: C:\Documents and Settings\Elina\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Elina\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\ssetup.exe
C:\WINDOWS\is154890.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ssetup.exe
C:\WINDOWS\is154890.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-25 to 2008-06-25 )))))))))))))))))
.

2008-06-23 20:09 . 2008-06-23 20:09 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-06-23 20:06 . 2008-06-23 03:15 <KANSIO> d-------- C:\SDFix
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\Malwarebytes
2008-06-23 19:17 . 2008-06-23 19:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 19:17 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 19:17 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-23 18:59 . 2008-06-23 18:59 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-21 20:09 . 2008-06-21 20:09 <KANSIO> d-------- C:\Program Files\Opera
2008-06-21 16:43 . 2008-06-21 17:16 2,478 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-20 18:22 . 2008-06-20 18:22 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-20 16:56 . 2008-06-23 19:03 1,846 ---hs---- C:\WINDOWS\system32\irbabwov.ini
2008-06-18 15:08 . 2008-06-18 15:08 8,784 --a------ C:\wr-0002164.exe
2008-06-12 20:02 . 2008-06-12 20:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 20:02 . 2008-06-12 20:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 20:50 . 2008-06-11 22:00 29,835 --a------ C:\Documents and Settings\Elina\abc.exe
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:42 . 2008-06-14 20:59 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:44 . 2008-06-10 18:44 29,835 --a------ C:\Documents and Settings\Elina\nick.exe
2008-06-09 17:56 . 2008-06-09 17:56 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\TrojanHunter
2008-06-09 16:55 . 2008-06-09 16:55 <KANSIO> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-09 16:48 . 2008-06-09 16:49 <KANSIO> d-------- C:\Program Files\Panda Security
2008-06-09 02:47 . 2008-06-09 02:47 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 02:30 . 2008-06-23 18:39 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\SUPERAntiSpyware.com
2008-06-09 02:30 . 2008-06-09 02:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 02:17 . 2008-06-09 02:17 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-08 22:23 . 2008-06-08 22:23 18,587 --a------ C:\Documents and Settings\Elina\packed.exe
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-30 01:28 . 2005-08-23 02:22 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-05-30 01:28 . 2008-05-30 01:28 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-05-30 01:14 . 2008-06-20 17:38 <KANSIO> d-------- C:\MSNCleaner
2008-05-29 01:24 . 2008-05-29 01:24 <KANSIO> d-------- C:\Documents and Settings\Elina\Application Data\Windows Live Writer
2008-05-29 00:05 . 2008-06-25 14:36 2,148 --a------ C:\WINDOWS\system32\wpa.dbl

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 23:47 13,434,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-25 01:27 156,596 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-24 13:46 18,873,887 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-23 17:04 1,485 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-18 23:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-18 23:41 --------- d-----w C:\Documents and Settings\Elina\Application Data\Corel
2008-05-29 12:28 --------- d-----w C:\Program Files\Windows Live
2008-05-29 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-28 19:06 --------- d-----w C:\Program Files\Windows Media Connect
2008-05-28 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 18:20 --------- d-----w C:\Program Files\Winamp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2005-09-05 11:52 0 ----a-w C:\Documents and Settings\Elina\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_18.57.55.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 15:52:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-25 11:35:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 00:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-23 17:10:22 4,730,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-23 17:10:22 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-23 00:14:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-23 17:09:53 4,730,880 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-23 17:09:53 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2004-09-15 08:00:00 51,096 ----a-w C:\WINDOWS\system32\command.com
+ 2001-08-18 10:00:00 50,620 ----a-w C:\WINDOWS\system32\command.com
- 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-06-25 11:35:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 15:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 15:11 692316]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 11:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\mIRC\\mirc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 10:51]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 09:32]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 14:55]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 17:39]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-25 23:34:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-25 22:24:19 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2008-06-23 15:00:00 C:\WINDOWS\Tasks\Windows Update -sivusto.job"
- C:\WINDOWS\system32\wupdmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 02:47:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?2?3?6??P???? ???B?????????????hLC? ??????

scanning hidden files ...


C:\Documents and Settings\Elina\Local Settings\Application Data\Mozilla\Firefox\Profiles\n57rpsve.default\Cache\06D99912d01 65536 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-06-26 2:50:27
ComboFix-quarantined-files.txt 2008-06-25 23:50:18
ComboFix2.txt 2008-06-24 16:53:01
ComboFix3.txt 2008-06-24 13:39:44
ComboFix4.txt 2008-06-23 15:59:09

Pre-Run: 46,602,379,264 tavua vapaana
Post-Run: 46,581,260,288 tavua vapaana

182 --- E O F --- 2008-06-20 15:22:06


---------------------------------------------
---------------------------------------------

Onkos kahdesta palomuurista jotain haittaa? :)


Aino
[ + lainaa]
- Parempi yksi ruuvi löysällä, kuin kymmenen liian tiukalla. -
Hujo
Suspended permanently
_ 		26. kesäkuuta 2008 @ 09:52 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ohan siintä

Poista tuo kerio lisää poista sovelutuksesta


Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ?all Files? ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop KPF4
sc delete KPF4


Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

Poista kansio vikasiedossa

C:\Program Files\Kerio

===============

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK


[ + lainaa]
Voiko tietsikka koskaan toimia?
AinoW
Junior Member
_ 		26. kesäkuuta 2008 @ 17:47 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tehty. :)

Mistähän tuo Kerio on mahtanut tulla? En muista sellaista ladanneeni?


Aino
[ + lainaa]
- Parempi yksi ruuvi löysällä, kuin kymmenen liian tiukalla. -
Hujo
Suspended permanently
_ 		26. kesäkuuta 2008 @ 18:13 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
jaa-a

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

=========

sitten uusia viruksia kohti ;)
[ + lainaa]
Voiko tietsikka koskaan toimia?
AinoW
Junior Member
_ 		26. kesäkuuta 2008 @ 20:27 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Nytkö koneen pitäisi olla puhdas? Varmasti? :D


Aino
[ + lainaa]
- Parempi yksi ruuvi löysällä, kuin kymmenen liian tiukalla. -
Hujo
Suspended permanently
_ 		26. kesäkuuta 2008 @ 20:41 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
juu.. jos et oo jo uusia löytänyt :D
[ + lainaa]
Voiko tietsikka koskaan toimia?
Mainos
_ 		__
 
_
AinoW
Junior Member
_ 		27. kesäkuuta 2008 @ 19:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En ainekaan vielä! Kiitos kovasti kun autoit. :)


Aino
[ + lainaa]
- Parempi yksi ruuvi löysällä, kuin kymmenen liian tiukalla. -
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > mese virus ongelmia.. kuinka siitä päästään eroon kun tukkii jo koko koneen. logi mukana
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy