virus koneella

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

perjantai 14.11.2025 / 17:43

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > virus koneella

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

virus koneella

Siirry:

Kirjoittaja

Viesti

autsvaara

Junior Member

11. elokuuta 2008 @ 19:37

Linkki tähän viestiin

Moro olis tällainen ongelma:
Käyttis win xp sp 3...kone sammuilee itekseen. Kaikki toimii(ei laiteongelmia,ei ylikuumene,ajurit kunnossa)Ei vikaa missään.Malware ei löydä mitään... Missä vika?????
Tässä myös loki... kiitos jos löydätte jotain....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:17, on 11.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{051D648D-5B6E-4793-AB2B-47B3C8FEF93E}: NameServer = 10.0.0.2,193.229.0.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{051D648D-5B6E-4793-AB2B-47B3C8FEF93E}: NameServer = 10.0.0.2,193.229.0.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{051D648D-5B6E-4793-AB2B-47B3C8FEF93E}: NameServer = 10.0.0.2,193.229.0.40
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10106 bytes

[ + lainaa]

autsvaara

Junior Member

11. elokuuta 2008 @ 21:02

Linkki tähän viestiin

tässä lisää tietoa....

ComboFix 08-08-10.05 - kubla 2008-08-11 20:53:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.1423 [GMT 3:00]
Running from: C:\Documents and Settings\kubla\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msvrc20.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-11 to 2008-08-11 )))))))))))))))))
.

2008-08-11 20:17 . 2008-08-11 20:17 <KANSIO> d-------- C:\Program Files\TVAnts
2008-08-11 20:13 . 2008-08-11 20:13 361,344 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-08-11 19:56 . 2008-08-11 19:56 <KANSIO> d-------- C:\Program Files\Marsu-Fix
2008-08-11 16:02 . 2008-08-11 16:02 <KANSIO> d-------- C:\Program Files\ABIT
2008-08-11 16:02 . 2004-10-13 04:30 23,612 --a------ C:\WINDOWS\system32\FlashMenu.sys
2008-08-10 18:14 . 2008-08-10 18:15 <KANSIO> d-------- C:\Program Files\Hamachi
2008-08-10 18:03 . 2008-08-10 18:41 <KANSIO> d-------- C:\Documents and Settings\kubla\Application Data\Hamachi
2008-08-10 18:02 . 2008-08-10 18:36 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-10 16:38 . 2008-08-10 16:38 <KANSIO> d-------- C:\Program Files\Activision
2008-08-10 16:28 . 2008-08-11 20:10 <KANSIO> d-------- C:\torrentit
2008-08-08 18:04 . 2008-08-11 20:53 <KANSIO> d-------- C:\Documents and Settings\kubla\Tracing
2008-08-08 15:37 . 2008-08-08 15:38 38 --a------ C:\WINDOWS\avisplitter.INI
2008-08-06 16:08 . 2008-08-06 16:08 <KANSIO> d-------- C:\Program Files\Sierra Entertainment
2008-08-05 19:54 . 2008-08-05 19:54 <KANSIO> d-------- C:\WINDOWS\system32\AGEIA
2008-08-05 19:54 . 2008-08-06 15:09 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2008-08-05 10:55 . 2008-08-10 17:38 319 --a------ C:\WINDOWS\game.ini
2008-08-05 10:25 . 2008-08-05 10:25 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-08-04 18:20 . 2008-05-21 08:53 141,824 -ra------ C:\WINDOWS\system32\drivers\AtiHdmi.sys
2008-08-04 18:13 . 2008-07-22 00:14 9,728 --a------ C:\WINDOWS\system32\RtNicProp32.dll
2008-08-04 17:59 . 2008-08-04 17:59 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-08-04 17:56 . 2008-08-11 20:45 <KANSIO> d-------- C:\Program Files\ATI
2008-08-04 00:19 . 2008-08-04 00:19 <KANSIO> d-------- C:\Program Files\AMD
2008-08-02 22:49 . 2008-08-02 22:49 <KANSIO> d-------- C:\Program Files\Common Files\Labtec
2008-08-02 22:48 . 2008-08-02 22:48 <KANSIO> d-------- C:\Program Files\Labtec
2008-08-02 22:48 . 2008-08-02 22:48 <KANSIO> d-------- C:\Program Files\Common Files\LogiShrd
2008-07-29 02:01 . 2008-07-29 02:08 <KANSIO> d-------- C:\Downloads
2008-07-29 01:59 . 2008-07-29 02:27 <KANSIO> d-------- C:\Program Files\BitComet
2008-07-29 01:15 . 2008-07-29 01:15 <KANSIO> d-------- C:\Program Files\Defraggler
2008-07-27 21:15 . 2008-07-27 21:28 <KANSIO> d-------- C:\Program Files\Qtracker
2008-07-24 21:03 . 2008-07-24 21:49 <KANSIO> d-------- C:\Program Files\Soldier of Fortune II - Double Helix
2008-07-24 21:01 . 2008-07-24 21:11 770 --a------ C:\WINDOWS\Sof2.INI
2008-07-24 09:07 . 2008-07-24 09:07 <KANSIO> d-------- C:\Program Files\DiskTrix
2008-07-23 22:54 . 2008-07-23 22:56 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2008-07-23 13:31 . 2008-07-23 13:31 <KANSIO> d-------- C:\LXKZ11
2008-07-23 13:31 . 2001-10-05 16:31 170,496 --a------ C:\WINDOWS\system32\LXCASUI.DLL
2008-07-23 12:07 . 2008-08-11 19:56 159,841 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-07-23 12:01 . 2008-07-23 12:01 <KANSIO> d-------- C:\Program Files\ESET
2008-07-23 12:01 . 2008-07-23 12:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-23 11:07 . 2008-07-23 11:55 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-23 10:45 . 2008-07-23 10:45 <KANSIO> d-------- C:\Program Files\Eidos
2008-07-21 20:36 . 2008-07-21 20:36 <KANSIO> d-------- C:\WINDOWS\Bus Driver
2008-07-21 20:36 . 2008-07-21 20:37 <KANSIO> d-------- C:\Program Files\Bus Driver
2008-07-21 14:56 . 2008-08-08 20:51 957 --a------ C:\WINDOWS\eReg.dat
2008-07-21 11:23 . 2008-07-21 11:23 <KANSIO> d-------- C:\!KillBox
2008-07-20 02:10 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-18 17:58 . 2008-07-18 17:58 <KANSIO> d--h----- C:\Documents and Settings\kubla\Application Data\MAGIX
2008-07-18 17:58 . 2008-07-18 18:04 28 --a------ C:\WINDOWS\Robota.INI
2008-07-18 17:57 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-18 17:53 . 2008-07-18 18:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-07-18 17:52 . 2008-07-18 18:15 <KANSIO> d-------- C:\WINDOWS\system32\MAGIX
2008-07-18 17:52 . 2008-04-15 16:14 700,416 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-07-18 17:52 . 2007-04-27 10:43 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2008-07-18 17:52 . 2008-07-18 18:04 5,937 --a------ C:\WINDOWS\mgxoschk.ini
2008-07-17 21:02 . 2008-07-17 21:03 <KANSIO> d-------- C:\Program Files\Project64 1.6
2008-07-17 02:38 . 2008-07-17 02:38 <KANSIO> d-------- C:\Program Files\Driver-Soft
2008-07-17 02:38 . 2007-09-02 20:56 1,686,016 --a------ C:\WINDOWS\system32\clinetsuitex6.ocx
2008-07-17 01:35 . 2008-07-17 01:35 332,672 --a------ C:\WINDOWS\system32\wgatray.exe.bak
2008-07-17 01:35 . 2008-07-17 01:35 200,064 --a------ C:\WINDOWS\system32\wgalogon.dll.bak
2008-07-15 22:02 . 2008-07-15 22:02 <KANSIO> d-------- C:\fsaua.data
2008-07-15 20:34 . 2008-07-15 20:46 6 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{CDE50BEC-1511-4451-A811-AE0BC70A9E2B}
2008-07-15 20:11 . 2008-07-15 20:11 <KANSIO> d-------- C:\Program Files\Elisa
2008-07-15 20:11 . 2008-07-15 20:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Emotum
2008-07-15 20:11 . 2008-07-15 20:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Elisa
2008-07-15 17:56 . 2008-07-15 17:58 119 --a------ C:\WINDOWS\winzipme.ini
2008-07-15 17:47 . 2008-07-15 17:47 <KANSIO> d-------- C:\Program Files\DSL Speed
2008-07-15 11:59 . 2008-07-15 11:59 <KANSIO> d--h----- C:\Documents and Settings\kubla\Application Data\Media Player Classic
2008-07-15 11:58 . 2008-07-15 11:58 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-15 11:58 . 2008-05-23 01:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-15 11:58 . 2008-07-04 09:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-07-15 11:58 . 2004-01-25 19:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-07-15 11:58 . 2007-09-04 19:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-15 11:58 . 2008-05-23 01:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-07-15 11:58 . 2008-06-12 21:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-15 11:58 . 2007-07-10 19:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-15 11:58 . 2007-10-03 18:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-07-14 00:49 . 2008-07-14 00:49 <KANSIO> d-------- C:\Program Files\Lavalys
2008-07-13 01:09 . 2008-07-13 01:09 <KANSIO> d-------- C:\Program Files\ToniArts
2008-07-13 00:48 . 2008-07-13 00:48 <KANSIO> d-------- C:\Program Files\Sun
2008-07-11 16:28 . 2008-07-11 16:30 <KANSIO> d-------- C:\gspot
2008-07-11 16:23 . 2008-07-11 16:23 <KANSIO> d-------- C:\Program Files\Music NFO Builder
2008-07-11 02:19 . 2008-07-11 02:24 <KANSIO> d-------- C:\Program Files\RegCure
2008-07-11 02:16 . 2008-07-26 17:00 <KANSIO> d-------- C:\Program Files\AutoShutdown
2008-07-11 01:24 . 2008-07-11 01:24 <KANSIO> d-------- C:\Program Files\Hasbro

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 17:53 --------- d-----w C:\Program Files\Steam
2008-08-11 17:42 351,644 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-11 17:42 29,698,848 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-11 17:30 --------- d--h--w C:\Documents and Settings\kubla\Application Data\uTorrent
2008-08-11 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 16:20 2,926,592 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-08-10 15:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-10 15:39 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-10 15:16 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-10 14:39 22,328 ----a-w C:\Documents and Settings\kubla\Application Data\PnkBstrK.sys
2008-08-10 13:27 --------- d-----w C:\Program Files\RevConnect
2008-08-08 19:51 2,190,848 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-08-08 15:20 65,204 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_08_18_12_38_small.dmp.zip
2008-08-08 15:20 63,967 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_08_08_18_12_34_small.dmp.zip
2008-08-08 15:03 --------- d-----w C:\Program Files\Windows Live
2008-08-07 21:53 2,262,016 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-08-06 13:23 241,664 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-08-06 12:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 11:52 2,935,808 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-08-05 21:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-05 21:26 --------- d-----w C:\Program Files\PowerArchiver
2008-08-04 14:55 --------- d-----w C:\Program Files\ATI Technologies
2008-08-04 14:23 2,925,568 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-08-04 14:23 1,907,200 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-07-30 17:07 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 06:23 --------- d--h--w C:\Documents and Settings\kubla\Application Data\MSN6
2008-07-28 19:55 --------- d-----w C:\Program Files\ProPilkki2
2008-07-27 23:42 3,342,336 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-07-27 23:00 --------- d-----w C:\Program Files\EA Sports
2008-07-27 13:53 --------- d-----w C:\Program Files\Nokia
2008-07-27 13:43 --------- d-----w C:\Program Files\Common Files\Nokia
2008-07-27 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-07-27 13:30 --------- d--h--w C:\Documents and Settings\kubla\Application Data\PC Suite
2008-07-26 14:02 --------- d-----w C:\Program Files\Java
2008-07-26 14:01 --------- d-----w C:\Program Files\JLC's Software
2008-07-24 22:39 3,060,224 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-07-24 22:39 1,762,304 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-07-24 06:15 2,716,160 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-07-24 06:15 1,748,480 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-07-23 19:20 109,249 ----a-w C:\Program Files\MSWINSCK.OCX
2008-07-23 16:32 2,877,952 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-07-22 08:30 --------- d-----w C:\Program Files\uTorrent
2008-07-22 06:43 20,122,101 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_22_01_38_18_full.dmp.zip
2008-07-21 22:38 3,025,920 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-07-21 17:44 134,656 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-07-21 17:44 1,657,344 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-07-21 12:27 3,080,192 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-07-20 17:38 3,374,592 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-07-20 17:38 1,615,360 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-07-20 07:52 3,406,848 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-07-18 15:22 --------- d-----w C:\Program Files\Yahoo!
2008-07-16 23:55 3,068,416 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-07-16 23:55 1,508,352 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-07-16 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-16 19:00 --------- d-----w C:\Program Files\AVS4YOU
2008-07-16 15:48 1,378,816 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-07-15 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-15 21:42 3,031,040 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-07-15 21:42 1,382,400 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-07-15 17:42 3,022,848 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-07-15 17:36 3,022,848 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-07-13 16:17 --------- d-----w C:\Program Files\Blitzkrieg 2
2008-07-13 09:30 3,113,984 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-13 09:30 2,574,848 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-07-11 22:27 2,882,048 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-11 22:27 2,341,376 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-11 20:24 3,160,576 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-11 20:24 2,328,064 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-10 23:49 --------- d--h--w C:\Documents and Settings\kubla\Application Data\Atari
2008-07-10 15:38 3,258,368 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-10 15:38 2,110,464 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-10 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\CMUV
2008-07-09 12:51 --------- d-----w C:\Program Files\Frets on Fire
2008-07-09 06:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 06:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-08 21:50 --------- d--h--w C:\Documents and Settings\kubla\Application Data\MailFrontier
2008-07-07 12:16 --------- d-----w C:\Program Files\D-Link
2008-07-07 12:16 --------- d-----w C:\Program Files\ANI
2008-07-06 18:04 --------- d-----w C:\Program Files\PANZERS - Phase1
2008-07-04 20:37 --------- d-----w C:\Program Files\WinUAE
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-08-08 18:11 3739672]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-07-06 21:21 1271032]
"MSMSGS"="C:\Program Files\Messenger\Msmsgs.exe" [2007-04-12 01:43 1661304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-10 21:37 185896]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 16:54 1552384]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 17:34 49152]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 17:48 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 17:58 1060376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 19:12 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:12 15360]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 14:48:42 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 12:06 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2007-04-12 01:43 1661304 C:\Program Files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-18 05:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\ProPilkki2\\ProPilkki2.exe"=
"C:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\SteamApps\\harry7344\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"13695:TCP"= 13695:TCP:BitComet 13695 TCP
"13695:UDP"= 13695:UDP:BitComet 13695 UDP

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\kubla\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 gkmixern;gkmixern;C:\DOCUME~1\kubla\LOCALS~1\Temp\gkmixern.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
.
'Ajoitetut tehtävät'-kansion sisältö

2008-08-11 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-07-11 02:18]

2008-08-07 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-07-11 02:18]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Comrade - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\kubla\Application Data\Mozilla\Firefox\Profiles\7yyx48ph.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://irc-galleria.net/
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 20:57:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-11 21:00:30
ComboFix-quarantined-files.txt 2008-08-11 18:00:25
ComboFix2.txt 2008-06-27 20:48:24
ComboFix3.txt 2008-06-23 21:00:19
ComboFix4.txt 2008-06-23 17:14:41

Pre-Run: 8,362,700,800 tavua vapaana
Post-Run: 8,360,595,456 tavua vapaana

312 --- E O F --- 2008-06-16 00:00:57

[ + lainaa]

pclekuri

Member

2 tuotearviota

11. elokuuta 2008 @ 21:28

Linkki tähän viestiin