AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
perjantai 14.11.2025 / 14:11
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > viitsisikö joku katsoa,
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Viitsisikö joku katsoa,
  Siirry:
 
Kirjoittaja Viesti
JAMATO
Junior Member
_ 		16. heinäkuuta 2008 @ 21:39 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Juupa jos joku fiksu jaksas kahtoa tuon läpi.

HjT:

ComboFix 08-07-15.4 - Henri 2008-07-16 21:26:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.680 [GMT 3:00]
Running from: C:\Documents and Settings\Henri\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddcYsPij.dll
C:\WINDOWS\system32\ssqQjHxv.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-06-16 to 2008-07-16 )))))))))))))))))
.

2008-07-16 20:51 . 2008-07-16 20:51 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-16 20:51 . 2008-07-16 20:51 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\Malwarebytes
2008-07-16 20:51 . 2008-07-16 20:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-16 20:51 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-16 20:51 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-16 20:35 . 2008-07-16 20:35 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-16 00:58 . 2008-07-16 19:38 <KANSIO> d-------- C:\Program Files\XviD
2008-07-16 00:57 . 2006-02-09 17:19 15,120 --a------ C:\WINDOWS\system32\PDINFO.xpd
2008-07-16 00:56 . 2008-07-16 00:56 <KANSIO> d-------- C:\Program Files\Samsung
2008-07-16 00:56 . 2008-07-16 00:56 <KANSIO> d-------- C:\Program Files\MarkAny
2008-07-15 23:54 . 2008-07-15 23:54 <KANSIO> d-------- C:\Program Files\Adobe Photoshop CS3 Extended + Crack
2008-07-15 23:53 . 2008-07-15 23:53 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-15 23:53 . 2008-07-15 23:53 <KANSIO> d-------- C:\Program Files\Bonjour
2008-07-14 22:18 . 2008-07-14 22:18 1,841,373 ---hs---- C:\WINDOWS\system32\igejxdkf.tmp
2008-07-13 22:59 . 2008-07-16 20:06 110,415 --a------ C:\WINDOWS\BM73e905f3.xml
2008-07-13 22:22 . 2008-07-13 22:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-12 14:35 . 2008-07-12 14:35 <KANSIO> d-------- C:\Guitar
2008-07-12 14:31 . 2008-07-12 14:31 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2008-07-12 02:30 . 2008-07-12 02:38 <KANSIO> d-------- C:\Program Files\DC++
2008-07-12 02:03 . 2008-07-12 02:39 <KANSIO> d-------- C:\Program Files\Quintessential Media Player
2008-07-12 01:07 . 2008-07-12 01:07 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\vlc
2008-07-12 01:04 . 2008-07-12 01:04 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-07-12 00:39 . 2008-07-12 00:39 <KANSIO> d-------- C:\Program Files\uTorrent
2008-07-12 00:39 . 2008-07-16 20:42 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\uTorrent
2008-07-11 21:59 . 2008-07-12 00:24 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-11 21:59 . 2008-07-12 00:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-11 21:58 . 2008-07-11 21:58 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-07-11 21:58 . 2008-07-11 21:58 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-11 21:47 . 2008-07-11 21:47 <KANSIO> d---s---- C:\Documents and Settings\Henri\UserData
2008-07-11 21:42 . 2008-07-11 21:42 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-11 21:42 . 2008-07-11 21:42 <KANSIO> d-------- C:\Program Files\MSN Messenger
2008-07-11 21:42 . 2008-07-12 22:42 <KANSIO> d-------- C:\Documents and Settings\Henri\Contacts
2008-07-11 21:01 . 2008-07-11 21:01 287 --a------ C:\WINDOWS\game.ini
2008-07-11 20:50 . 2008-07-11 20:50 <KANSIO> d-------- C:\Program Files\Activision
2008-07-11 20:48 . 2008-07-11 20:48 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-07-11 20:31 . 2008-07-11 20:32 <KANSIO> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-11 20:31 . 2008-07-11 20:32 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-11 20:29 . 2008-07-11 20:29 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-11 20:28 . 2008-07-11 20:28 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\DAEMON Tools
2008-07-11 20:20 . 2008-07-11 20:20 <KANSIO> d-------- C:\Program Files\C-Media 3D Audio
2008-07-11 20:20 . 2004-01-07 10:14 2,453,504 --a------ C:\WINDOWS\system\cmicnfg.cpl
2008-07-11 20:16 . 2008-07-11 20:16 <KANSIO> d-------- C:\Documents and Settings\Henri\WINDOWS
2008-07-11 20:16 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-07-11 20:15 . 2000-03-29 17:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-11 20:15 . 2008-07-11 20:19 3,015 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-11 20:07 . 2008-07-11 20:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-11 18:40 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-11 18:40 . 2008-07-11 18:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-11 18:39 . 2008-07-11 18:39 7,330,552 --a------ C:\Program Files\Firefox Setup 3.0.exe
2008-07-11 18:36 . 2008-07-11 18:36 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-11 18:34 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-11 18:33 . 2008-07-11 18:35 <KANSIO> d-------- C:\Program Files\ATI Technologies
2008-07-11 18:32 . 2008-07-11 18:32 <KANSIO> d-------- C:\ATI
2008-07-11 18:25 . 2008-07-12 17:17 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-07-11 18:25 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-11 18:18 . 2008-07-11 18:18 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-07-11 18:17 . 2008-07-11 18:18 22,946,227 --a------ C:\Program Files\avast_home_v4.8.1201.zip
2008-07-11 18:09 . 2008-07-16 20:35 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 18:08 . 2008-07-11 18:08 <KANSIO> d-------- C:\WINDOWS\system32\Adobe
2008-07-11 18:08 . 2008-07-11 18:08 <KANSIO> d-------- C:\WINDOWS\Profiles
2008-07-11 18:08 . 2008-07-11 18:08 <KANSIO> d-------- C:\Program Files\D-Link
2008-07-11 18:08 . 2008-07-11 18:34 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2008-07-11 18:08 . 2008-07-16 00:55 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-07-11 18:08 . 2008-07-11 18:08 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\InterTrust
2008-07-11 18:08 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-11 17:05 . 2008-07-11 19:40 <KANSIO> d--h----- C:\Documents and Settings\Henri\Verkkoymp?rist?
2008-07-11 17:05 . 2008-07-16 21:20 <KANSIO> d-------- C:\Documents and Settings\Henri\Ty?p?yt?
2008-07-11 17:05 . 2008-07-11 19:40 <KANSIO> d--h----- C:\Documents and Settings\Henri\Tulostinymp?rist?
2008-07-11 17:05 . 2008-07-11 17:05 <KANSIO> dr------- C:\Documents and Settings\Henri\Suosikit
2008-07-11 17:05 . 2008-07-16 00:52 <KANSIO> dr------- C:\Documents and Settings\Henri\Omat tiedostot
2008-07-11 17:05 . 2008-07-14 00:58 <KANSIO> d--h----- C:\Documents and Settings\Henri\Mallit
2008-07-11 17:05 . 2008-07-16 20:30 <KANSIO> dr------- C:\Documents and Settings\Henri\K?ynnist?-valikko
2008-07-11 17:05 . 2008-07-16 21:26 <KANSIO> d-------- C:\Documents and Settings\Henri
2008-07-11 17:03 . 2008-07-11 17:03 <KANSIO> d---s---- C:\WINDOWS\system32\Microsoft
2008-07-11 17:03 . 2008-07-16 20:31 <KANSIO> d--hs---- C:\Documents and Settings\NetworkService
2008-07-11 17:03 . 2008-07-16 20:31 <KANSIO> d--hs---- C:\Documents and Settings\LocalService
2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> d--h----- C:\WINDOWS\system32\config\systemprofile\Verkkoymp?rist?
2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Ty?p?yt?
2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> d--h----- C:\WINDOWS\system32\config\systemprofile\Tulostinymp?rist?
2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Suosikit
2008-07-11 17:02 . 2008-07-11 16:57 <KANSIO> d--h----- C:\WINDOWS\system32\config\systemprofile\Mallit
2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\K?ynnist?-valikko
2008-07-11 17:01 . 2004-09-15 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-11 17:00 . 2008-07-11 17:00 <KANSIO> d-------- C:\WINDOWS\system32\xircom
2008-07-11 17:00 . 2008-07-11 17:00 <KANSIO> d-------- C:\Program Files\microsoft frontpage

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 20:44 --------- d-----w C:\Program Files\Warcraft III
2008-07-11 22:07 --------- d-----w C:\Documents and Settings\Henri\Application Data\vlc
2008-07-11 17:26 --------- d-----w C:\Program Files\PC Wizard 2008
2008-07-11 16:55 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-07-11 16:55 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-07-11 16:37 --------- d-----w C:\Program Files\directX
2008-07-11 16:36 35,113,704 ----a-w C:\Program Files\directx_9c_redist.exe
2008-07-11 16:30 --------- d-----w C:\Documents and Settings\Henri\Application Data\ATI
2008-07-11 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-07-11 16:18 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2008-07-11 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-07-11 16:01 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-11 16:01 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-11 16:01 19,564,288 ----a-w C:\Program Files\CFP_Setup_3.0.25.378_XP_Vista_x32.exe
2008-07-11 16:01 --------- d-----w C:\Program Files\COMODO
2008-07-11 16:01 --------- d-----w C:\Documents and Settings\Henri\Application Data\Comodo
2008-06-14 17:59 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

------- Sigcheck -------

2004-09-15 15:00 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
2004-09-15 15:00 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\dllcache\svchost.exe
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-08 18:59 683464]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-08 18:59 683464]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-04 18:01 486856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-11 19:01 1655552]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 15:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-11 19:01]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-11 19:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 21:31:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\ComboFix\30create.dat 10456 bytes
C:\ComboFix\CreateC00
C:\ComboFix\CreateC00.bat

scan completed successfully
hidden files: 3

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-07-16 21:35:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 18:34:23

Pre-Run: 138,573,148,160 tavua vapaana
Post-Run: 138,576,953,344 tavua vapaana

206 --- E O F --- 2008-07-12 14:17:49
[ + lainaa]
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > viitsisikö joku katsoa,
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy