Combofix logi

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

lauantai 15.11.2025 / 07:11

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > combofix logi

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Combofix logi

Siirry:

Kirjoittaja

Viesti

Yomito

Junior Member

17. lokakuuta 2008 @ 17:22

Linkki tähän viestiin

ComboFix 08-10-16.08 - Omistaja 2008-10-17 17:12:38.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1510 [GMT 3:00]
Sijainti: D:\Ohjelmat\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\oreans32.sys

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-17 to 2008-10-17 )))))))))))))))))
.

2008-10-14 23:12 . 2008-10-14 23:12 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Ventrilo
2008-10-11 20:46 . 2008-10-11 20:46 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-10-11 20:45 . 2008-10-11 20:45 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-10-11 20:45 . 2008-10-11 20:46 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-07 17:38 . 2006-10-02 13:43 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-10-07 17:38 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-10-07 17:38 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-07 17:33 . 2008-10-07 17:33 <KANSIO> d-------- C:\Program Files\BS.Player ControlBar
2008-10-07 17:33 . 2008-10-07 17:33 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer Pro
2008-10-07 17:33 . 2008-10-07 17:36 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer
2008-10-07 16:56 . 2008-10-07 16:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 01:19 . 2008-10-05 01:19 <KANSIO> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-05 01:19 . 2008-10-05 01:19 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-10-05 01:12 . 2008-10-05 10:19 <KANSIO> d-------- C:\Program Files\NOS
2008-10-05 01:12 . 2008-10-05 10:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-02 16:32 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-02 16:32 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-02 16:32 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-01 14:52 . 2008-10-01 16:23 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-10-01 14:49 . 2008-10-07 16:56 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-01 14:46 . 2008-10-01 14:49 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-01 14:45 . 2008-10-01 14:49 <KANSIO> d-------- C:\Program Files\Windows Live
2008-10-01 14:45 . 2008-10-01 14:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-30 16:07 . 2008-09-30 16:08 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-09-30 16:06 . 2008-09-30 16:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-25 18:02 . 2008-09-25 18:02 <KANSIO> d-------- C:\WINDOWS\Sun
2008-09-23 21:47 . 2008-09-30 21:21 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-09-23 17:30 . 2008-09-23 17:30 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2008-09-23 17:30 . 2008-09-23 17:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-09-23 17:25 . 2008-09-23 20:52 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-09-23 11:36 . 2008-10-05 19:44 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-09-22 17:15 . 2008-09-22 17:15 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\AdobeUM
2008-09-19 16:52 . 2008-09-19 16:52 <KANSIO> d-------- C:\Program Files\Games-Masters.com
2008-09-18 22:31 . 2008-09-18 22:31 <KANSIO> d-------- C:\WINDOWS\system32\Adobe
2008-09-18 06:35 . 2008-09-18 06:35 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-09-18 06:35 . 2003-07-21 06:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-18 06:35 . 2005-01-04 21:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-17 15:11 . 2008-09-17 15:11 <KANSIO> d-------- C:\WINDOWS\RaidTool
2008-09-17 15:11 . 2008-09-17 15:11 <KANSIO> d-------- C:\RaidTool
2008-09-17 15:11 . 2008-09-17 15:10 1,953,792 --a------ C:\WINDOWS\system32\xRaidSetup.exe
2008-09-17 15:11 . 2008-09-17 15:10 143,360 --a------ C:\WINDOWS\system32\xRaidAPI.dll
2008-09-17 15:04 . 2008-09-17 15:04 <KANSIO> d-------- C:\WINDOWS\system32\AGEIA
2008-09-17 15:04 . 2008-10-14 23:11 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-17 15:04 . 2008-09-17 15:04 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2008-09-17 14:03 . 2008-08-15 23:22 198,941 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-17 13:34 . 2008-09-17 13:34 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-09-17 13:34 . 2008-09-17 13:38 <KANSIO> d-------- C:\SDFix
2008-09-17 13:17 . 2008-09-17 13:17 <KANSIO> d-------- C:\Program Files\DNA
2008-09-17 13:17 . 2008-10-17 17:13 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\DNA
2008-09-17 13:17 . 2008-10-07 22:44 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BitTorrent
2008-09-17 13:10 . 2008-09-17 13:12 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 14:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-23 18:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 14:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-22 14:16 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-22 14:16 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-22 14:16 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-22 14:16 --------- d-----w C:\Program Files\Symantec
2008-09-22 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-17 12:10 6,912 ----a-w C:\WINDOWS\system32\drivers\JGOGO.sys
2008-09-17 12:10 46,208 ----a-w C:\WINDOWS\system32\drivers\jraid.sys
2008-09-17 07:41 --------- d-----w C:\Program Files\Norton 360
2008-09-16 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-16 17:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-16 11:47 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Symantec
2008-09-16 09:21 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-16 08:55 --------- d-----w C:\Program Files\Java
2008-09-16 08:54 --------- d-----w C:\Program Files\Common Files\Java
2008-09-15 15:40 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 13:21 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\InstallShield
2008-09-14 12:46 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-09-14 12:21 --------- d-----w C:\Program Files\ASUS
2008-09-14 12:17 --------- d-----w C:\Program Files\Realtek
2008-09-14 12:17 --------- d-----w C:\Program Files\Analog Devices
2008-09-14 12:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:12 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:46 2,138,624 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:46 2,018,304 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-06 04:51 453,152 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-08-01 08:05 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((( snapshot_2008-10-14_13.20.42.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-02-28 16:02:38 2,138,624 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:46:12 2,138,624 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 16:02:46 2,059,904 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:46:15 2,060,032 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 16:02:38 2,018,304 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:46:10 2,018,304 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 16:02:46 2,182,656 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:46:14 2,182,656 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:29:13 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:29:13 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:29:13 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:29:13 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:29:13 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:21:15 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:29:13 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:29:13 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:29:13 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:29:13 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:29:14 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:29:14 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:29:14 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:21:31 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:29:15 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:29:15 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:29:15 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 07:29:16 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:29:15 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:29:15 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:29:15 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:29:15 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:29:15 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:29:16 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:29:16 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:29:16 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:29:16 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:29:13 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 08:12:24 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-06-23 16:29:13 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 08:12:24 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 16:29:13 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 08:12:24 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:29:13 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 08:12:24 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:29:13 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 08:12:24 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:29:13 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 08:12:24 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 09:21:15 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:38:49 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:29:13 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 08:12:24 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:29:13 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 08:12:24 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:29:13 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 08:12:24 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:29:13 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 08:12:24 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:29:14 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:12:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:29:14 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 08:12:25 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:29:14 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 08:12:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 09:21:31 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:29:15 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 08:12:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:29:15 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 08:12:25 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:29:15 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 08:12:25 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-24 07:29:16 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 09:12:28 3,593,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:29:15 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 08:12:26 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:29:15 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 08:12:26 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:29:15 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 08:12:26 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-02-28 16:02:38 2,138,624 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:46:12 2,138,624 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 16:02:46 2,059,904 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:46:15 2,060,032 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:02:38 2,018,304 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:46:10 2,018,304 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:02:46 2,182,656 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 13:46:14 2,182,656 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:29:15 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 08:12:26 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:29:15 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 08:12:26 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2008-06-23 16:29:16 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 08:12:26 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:29:16 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 08:12:26 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:29:16 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 08:12:26 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-20 08:09:41 1,845,504 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-09-15 15:40:30 1,846,272 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2008-06-23 16:29:16 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 08:12:26 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-06-23 16:29:13 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 08:12:24 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:29:13 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 08:12:24 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:29:13 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 08:12:24 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-09-30 13:06:00 102,232 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-15 13:23:45 102,232 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-06-23 16:29:13 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 08:12:24 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:21:15 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:38:49 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:29:13 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 08:12:24 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:29:13 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 08:12:24 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:29:13 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 08:12:24 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:29:13 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 08:12:24 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:29:14 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:12:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:29:14 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 08:12:25 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:29:14 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 08:12:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:29:15 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 08:12:25 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-06-23 16:29:15 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 08:12:25 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:29:15 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 08:12:25 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-24 07:29:16 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 09:12:28 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:29:15 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 08:12:26 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:29:15 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 08:12:26 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:29:15 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 08:12:26 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-06-23 16:29:15 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 08:12:26 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-06-23 16:29:15 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 08:12:26 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-07-27 07:41:40 16,760 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:02 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-23 16:29:16 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 08:12:26 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:29:16 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 08:12:26 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:29:16 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 08:12:26 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-10-17 14:15:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_668.dat
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 11:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 11:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 11:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe" [2007-01-05 597504]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe" [2006-12-29 363008]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-01-11 1423360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-08-15 13570048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-08-15 86016]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2008-09-17 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2008-09-17 1953792]
"WinampAgent"="D:\Ohjelmat\Winamp\winampa.exe" [2008-08-04 36352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-08-15 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Ohjelmat\\Torrent\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Ohjelmat\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

*Newly Created Service* - COMHOST
.
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\sjyz7jnx.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fi/
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 17:17:51
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-10-17 17:19:08 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-10-17 14:19:05
ComboFix2.txt 2008-10-14 10:20:56
ComboFix3.txt 2008-10-06 16:01:19
ComboFix4.txt 2008-10-01 13:24:40
ComboFix5.txt 2008-10-17 14:10:52

Ennen ajoa: 34 089 725 952 tavua vapaana
Ajon jälkeen: 34,124,824,576 tavua vapaana

WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=signature(d7ead7ea)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
signature(d7ead7ea)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

394 --- E O F --- 2008-10-15 09:12:39

[ + lainaa]

kalminen

AfterDawn Addict

17. lokakuuta 2008 @ 18:47

Linkki tähän viestiin

Lähetä HJT:n logi ja
kerro minkälainen ongelma koneella on.
D:

[ + lainaa]

(:)

Yomito

Junior Member

20. lokakuuta 2008 @ 08:40

Linkki tähän viestiin

Kone on taas harvinaisen hitaalla. ja toiseen otteeseen oon joutunu jo formatoimaan. Sitten kannattaako ottaa tuon norton 360 lisäksi mitään muuta virustorjuntaaa?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:29, on 20.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Ohjelmat\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Pelit\Steam.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Ohjelmat\HiJackThis_v2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [WinampAgent] D:\Ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Pelit\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab3.cab
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6960 bytes

[ + lainaa]

Yomito

Junior Member

20. lokakuuta 2008 @ 08:45

Linkki tähän viestiin

Ja sitten viel uus combofix logi:

ComboFix 08-10-19.04 - Omistaja 2008-10-20 8:30:31.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1587 [GMT 3:00]
Sijainti: D:\Ohjelmat\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\oreans32.sys

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-20 to 2008-10-20 )))))))))))))))))
.

2008-10-19 00:33 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-17 17:23 . 2008-10-17 17:23 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Nexon
2008-10-14 23:12 . 2008-10-14 23:12 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Ventrilo
2008-10-11 20:46 . 2008-10-11 20:46 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-10-11 20:45 . 2008-10-11 20:45 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-10-11 20:45 . 2008-10-11 20:46 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-07 17:38 . 2006-10-02 13:43 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-10-07 17:38 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-10-07 17:38 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-07 17:33 . 2008-10-07 17:33 <KANSIO> d-------- C:\Program Files\BS.Player ControlBar
2008-10-07 17:33 . 2008-10-07 17:33 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer Pro
2008-10-07 17:33 . 2008-10-07 17:36 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BSplayer
2008-10-07 16:56 . 2008-10-07 16:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 01:19 . 2008-10-05 01:19 <KANSIO> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-05 01:19 . 2008-10-05 01:19 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-10-05 01:12 . 2008-10-05 10:19 <KANSIO> d-------- C:\Program Files\NOS
2008-10-05 01:12 . 2008-10-05 10:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-02 16:32 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-02 16:32 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-02 16:32 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-01 14:52 . 2008-10-01 16:23 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-10-01 14:49 . 2008-10-07 16:56 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-01 14:46 . 2008-10-01 14:49 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-01 14:45 . 2008-10-01 14:49 <KANSIO> d-------- C:\Program Files\Windows Live
2008-10-01 14:45 . 2008-10-01 14:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-30 16:07 . 2008-10-19 14:36 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-09-30 16:06 . 2008-09-30 16:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-25 18:02 . 2008-09-25 18:02 <KANSIO> d-------- C:\WINDOWS\Sun
2008-09-23 21:47 . 2008-09-30 21:21 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-09-23 17:30 . 2008-09-23 17:30 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2008-09-23 17:30 . 2008-09-23 17:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-09-23 17:25 . 2008-09-23 20:52 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-09-23 11:36 . 2008-10-19 22:57 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-09-22 17:15 . 2008-09-22 17:15 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 05:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-20 05:31 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\DNA
2008-10-14 20:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 19:44 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\BitTorrent
2008-09-23 18:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 14:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-22 14:16 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-22 14:16 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-22 14:16 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-22 14:16 --------- d-----w C:\Program Files\Symantec
2008-09-22 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-19 13:52 --------- d-----w C:\Program Files\Games-Masters.com
2008-09-18 03:35 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-09-17 12:10 6,912 ----a-w C:\WINDOWS\system32\drivers\JGOGO.sys
2008-09-17 12:10 46,208 ----a-w C:\WINDOWS\system32\drivers\jraid.sys
2008-09-17 12:10 143,360 ----a-w C:\WINDOWS\system32\xRaidAPI.dll
2008-09-17 12:10 1,953,792 ----a-w C:\WINDOWS\system32\xRaidSetup.exe
2008-09-17 12:04 --------- d-----w C:\Program Files\AGEIA Technologies
2008-09-17 10:17 --------- d-----w C:\Program Files\DNA
2008-09-17 10:12 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\uTorrent
2008-09-17 07:41 --------- d-----w C:\Program Files\Norton 360
2008-09-16 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-16 17:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-16 11:47 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Symantec
2008-09-16 09:21 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-16 08:55 --------- d-----w C:\Program Files\Java
2008-09-16 08:54 --------- d-----w C:\Program Files\Common Files\Java
2008-09-15 15:40 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 13:21 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\InstallShield
2008-09-14 12:46 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-09-14 12:21 --------- d-----w C:\Program Files\ASUS
2008-09-14 12:17 --------- d-----w C:\Program Files\Realtek
2008-09-14 12:17 --------- d-----w C:\Program Files\Analog Devices
2008-09-14 12:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:12 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:46 2,138,624 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:46 2,018,304 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-06 04:51 453,152 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-08-01 08:05 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((( snapshot_2008-10-17_17.18.54.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-24 00:01:44 780,800 ----a-w C:\WINDOWS\Resources\Themes\Zune\Shell\NormalColor\shellstyle.dll
+ 2004-08-03 20:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
+ 2008-10-20 05:33:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 11:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 11:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 11:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="D:\Pelit\Steam.exe" [2008-10-19 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe" [2007-01-05 597504]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe" [2006-12-29 363008]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-01-11 1423360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-08-15 13570048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-08-15 86016]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2008-09-17 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2008-09-17 1953792]
"WinampAgent"="D:\Ohjelmat\Winamp\winampa.exe" [2008-08-04 36352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-08-15 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Ohjelmat\\Torrent\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Ohjelmat\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

*Newly Created Service* - COMHOST
.
.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\sjyz7jnx.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fi/
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 08:33:37
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-10-20 8:35:17 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-10-20 05:35:13
ComboFix2.txt 2008-10-17 14:19:09
ComboFix3.txt 2008-10-14 10:20:56
ComboFix4.txt 2008-10-06 16:01:19
ComboFix5.txt 2008-10-20 05:30:04

Ennen ajoa: 33 918 427 136 tavua vapaana
Ajon jälkeen: 33,953,808,384 tavua vapaana

201 --- E O F --- 2008-10-15 09:12:39

[ + lainaa]

This is what they told when i joined the darkside:
If u dont join us u wont ever never get these fresh cooked cookies.
I had no choice but to join them
-_-

Mainos

kalminen

AfterDawn Addict

21. lokakuuta 2008 @ 14:54

Linkki tähän viestiin

Ei kannata !!!

Mutta päivitä Winukka:
http://www.microsoft.com/downloads/Search.aspx?displaylang=fi

---------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Logit on kunnossa D:
.

[ + lainaa]

(:)

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > combofix logi


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.