AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
keskiviikko 12.11.2025 / 07:42
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt-logi, active desktop herjailee ja iexplore..
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
hjt-logi, active desktop herjailee ja iexplore..
  Siirry:
 
Kirjoittaja Viesti
Sivu:<12
Palle00
Suspended due to non-functional email address
_ 		18. helmikuuta 2008 @ 17:32 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ComboFix 08-02-17.2 - Pauli 2008-02-18 17:27:19.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.605 [GMT 2:00]
Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-18 to 2008-02-18 )))))))))))))))))
.

2008-02-18 17:23 . 2008-02-18 17:23 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-17 16:25 . 2008-02-17 16:53 <KANSIO> d-------- C:\VundoFix Backups
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
2008-02-17 12:58 . 2008-02-17 12:58 54,272 --a------ C:\kdbfoifg.exe
2008-02-17 12:58 . 2008-02-17 12:58 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 12:58 . 2008-02-18 17:24 21,632 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
2008-02-17 12:58 . 2008-02-17 12:58 2 --a------ C:\1960262883
2008-02-17 12:33 . 2008-02-17 21:54 <KANSIO> d-------- C:\HijackThis
2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\free-downloads.net
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:11 . 2008-02-17 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

C:\Documents and Settings\Pauli\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe [2008-02-02 21:33:58 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-18 17:23 6656 C:\WINDOWS\system32\WLCtrl32.dll

R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-18 17:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
\Shell\AutoRun\command - D:\CD.EXE

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 17:29:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Completion time: 2008-02-18 17:29:48
ComboFix-quarantined-files.txt 2008-02-18 15:29:38
ComboFix2.txt 2008-02-17 20:34:47
ComboFix3.txt 2008-02-17 20:11:10
ComboFix4.txt 2008-02-17 19:25:30
ComboFix5.txt 2008-02-17 18:41:41
.
2008-01-26 07:34:54 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:57, on 18.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\Scanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = ?
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5421 bytes


Ja tässäpä jälleen tutkittavaa..
[ + lainaa]
Hujo
Suspended permanently
_ 		18. helmikuuta 2008 @ 18:34 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\WINDOWS\system32\WLCtrl32.dll
C:\kdbfoifg.exe
C:\1960262883
C:\WINDOWS\system32\marwin32.dll

Folder::
C:\Program Files\free-downloads.net
C:\VundoFix Backups
C:\Program Files\tmp1911796.exe
C:\Program Files\tmp1911765.exe
C:\Program Files\tmp331703.exe
C:\Program Files\tmp5027343.exe
C:\Program Files\tmp5016937.exe
C:\Program Files\tmp5025421.exe
C:\Program Files\tmp5016875.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
[ + lainaa]
Voiko tietsikka koskaan toimia?
Palle00
Suspended due to non-functional email address
_ 		18. helmikuuta 2008 @ 19:20 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ComboFix 08-02-17.2 - Pauli 2008-02-18 19:12:48.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.496 [GMT 2:00]
Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\1960262883
C:\kdbfoifg.exe
C:\WINDOWS\system32\marwin32.dll
C:\WINDOWS\system32\WLCtrl32.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1960262883
C:\kdbfoifg.exe
C:\Program Files\free-downloads.net
C:\Program Files\tmp1911765.exe\
C:\Program Files\tmp1911796.exe\
C:\Program Files\tmp331703.exe\
C:\Program Files\tmp5016875.exe\
C:\Program Files\tmp5016937.exe\
C:\Program Files\tmp5025421.exe\
C:\Program Files\tmp5027343.exe\
C:\WINDOWS\system32\marwin32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\VundoFix Backups
C:\VundoFix Backups\awtspon.dll.bad
C:\VundoFix Backups\fccbaay.dll.bad
C:\VundoFix Backups\geeby.dll.bad
C:\VundoFix Backups\hgdhohdt.dll.bad
C:\VundoFix Backups\jexjtfep.ini.bad
C:\VundoFix Backups\peftjxej.dll.bad
C:\VundoFix Backups\rqrpqrq.dll.bad
C:\VundoFix Backups\ybeeg.ini.bad
C:\VundoFix Backups\ybeeg.ini2.bad

.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-01-18 to 2008-02-18 )))))))))))))))))
.

2008-02-18 18:33 . 2008-02-18 18:33 <KANSIO> d-------- C:\Program Files\ffdshow
2008-02-18 18:33 . 2008-02-15 19:13 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-02-18 18:33 . 2008-02-15 19:13 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-18 18:33 . 2008-02-15 19:13 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-18 18:17 . 2008-02-18 18:17 <KANSIO> d-------- C:\Program Files\TimeAdjuster
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
2008-02-17 12:58 . 2008-02-18 19:16 21,632 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
2008-02-17 12:33 . 2008-02-18 17:30 <KANSIO> d-------- C:\HijackThis
2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:11 . 2008-02-18 18:18 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\K?ynnist?-valikko
2008-01-25 19:57 . 2008-01-25 20:04 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll

R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-18 19:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
\Shell\AutoRun\command - D:\CD.EXE

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 19:16:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-02-18 19:18:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 17:18:08
ComboFix2.txt 2008-02-18 15:29:49
ComboFix3.txt 2008-02-17 20:34:47
ComboFix4.txt 2008-02-17 20:11:10
ComboFix5.txt 2008-02-17 19:25:30
.
2008-01-26 07:34:54 --- E O F ---
[ + lainaa]
Hujo
Suspended permanently
_ 		18. helmikuuta 2008 @ 20:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
Folder::
C:\Program Files\tmp1911796.exe
C:\Program Files\tmp1911765.exe
C:\Program Files\tmp331703.exe
C:\Program Files\tmp5027343.exe
C:\Program Files\tmp5016937.exe
C:\Program Files\tmp5025421.exe
C:\Program Files\tmp5016875.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

kato että tuo ei löydy Prosessit
WLCtrl32.dll

Ctrl+Alt+Del Prosessit välilehti
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. helmikuuta 2008 @ 20:11
Palle00
Suspended due to non-functional email address
_ 		18. helmikuuta 2008 @ 21:02 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei löydy prosesseista wlctrl32.dll

ComboFix 08-02-17.2 - Pauli 2008-02-18 20:57:28.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.566 [GMT 2:00]
Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\tmp1911765.exe\
C:\Program Files\tmp1911796.exe\
C:\Program Files\tmp331703.exe\
C:\Program Files\tmp5016875.exe\
C:\Program Files\tmp5016937.exe\
C:\Program Files\tmp5025421.exe\
C:\Program Files\tmp5027343.exe\

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-18 to 2008-02-18 )))))))))))))))))
.

2008-02-18 18:33 . 2008-02-18 18:33 <KANSIO> d-------- C:\Program Files\ffdshow
2008-02-18 18:33 . 2008-02-15 19:13 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-02-18 18:33 . 2008-02-15 19:13 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-18 18:33 . 2008-02-15 19:13 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-18 18:17 . 2008-02-18 18:17 <KANSIO> d-------- C:\Program Files\TimeAdjuster
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
2008-02-17 12:58 . 2008-02-18 19:16 21,632 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
2008-02-17 12:33 . 2008-02-18 17:30 <KANSIO> d-------- C:\HijackThis
2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:11 . 2008-02-18 18:18 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-01-25 19:57 . 2008-01-25 20:04 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

C:\Documents and Settings\Pauli\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe [2008-02-02 21:33:58 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll

R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-18 19:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
\Shell\AutoRun\command - D:\CD.EXE

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 20:59:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
Completion time: 2008-02-18 21:00:02
ComboFix-quarantined-files.txt 2008-02-18 18:59:52
ComboFix2.txt 2008-02-18 17:18:40
ComboFix3.txt 2008-02-18 15:29:49
ComboFix4.txt 2008-02-17 20:34:47
ComboFix5.txt 2008-02-17 20:11:10
.
2008-01-26 07:34:54 --- E O F ---
[ + lainaa]
Hujo
Suspended permanently
_ 		18. helmikuuta 2008 @ 21:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
aja toi combofix vikasietotilassa
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. helmikuuta 2008 @ 21:17
Palle00
Suspended due to non-functional email address
_ 		18. helmikuuta 2008 @ 21:17 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kun yritän mennä windows update -sivustolle iexplorella niin osoite jää palkkiin ja iexplore sanoo olevansa valmis vaikka ikkuna on tyhjä.. Mistähän moinen mahtaa johtua? Ennen on pelannut ok.
[ + lainaa]
Hujo
Suspended permanently
_ 		18. helmikuuta 2008 @ 21:19 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
laitoin tuohon ylös ohjetta ota sen jälkeen hjt:n loki normaalissa tilassa.
[ + lainaa]
Voiko tietsikka koskaan toimia?
Palle00
Suspended due to non-functional email address
_ 		18. helmikuuta 2008 @ 21:35 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:41, on 18.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\Scanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = ?
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5421 bytes
[ + lainaa]
Hujo
Suspended permanently
_ 		18. helmikuuta 2008 @ 22:01 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
katos onko sulla firfoxsissa aloitus sivu

laita ie selaimeen aloitus sivu

Klikkaa käynnistä > ohjeja tuki > windows updaten
[ + lainaa]
Voiko tietsikka koskaan toimia?
Palle00
Suspended due to non-functional email address
_ 		18. helmikuuta 2008 @ 22:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ComboFix 08-02-17.2 - Pauli 2008-02-18 21:30:19.9 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.814 [GMT 2:00]
Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-18 to 2008-02-18 )))))))))))))))))
.

2008-02-18 21:19 . 2008-02-18 21:29 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-18 18:33 . 2008-02-18 18:33 <KANSIO> d-------- C:\Program Files\ffdshow
2008-02-18 18:33 . 2008-02-15 19:13 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-02-18 18:33 . 2008-02-15 19:13 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-18 18:33 . 2008-02-15 19:13 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-18 18:17 . 2008-02-18 18:17 <KANSIO> d-------- C:\Program Files\TimeAdjuster
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
2008-02-17 12:58 . 2008-02-18 21:24 21,632 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
2008-02-17 12:33 . 2008-02-18 17:30 <KANSIO> d-------- C:\HijackThis
2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
2008-01-26 10:12 . 2008-02-18 21:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:11 . 2008-02-18 18:18 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-09-14 16:12 159232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

C:\Documents and Settings\Pauli\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe [2008-02-02 21:33:58 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-18 21:29 7168 C:\WINDOWS\system32\WLCtrl32.dll

R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-18 21:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
\Shell\AutoRun\command - D:\CD.EXE

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 21:31:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
Completion time: 2008-02-18 21:31:40
ComboFix-quarantined-files.txt 2008-02-18 19:31:32
ComboFix2.txt 2008-02-18 19:00:03
ComboFix3.txt 2008-02-18 17:18:40
ComboFix4.txt 2008-02-18 15:29:49
ComboFix5.txt 2008-02-17 20:34:47
.
2008-01-26 07:34:54 --- E O F ---
[ + lainaa]
Hujo
Suspended permanently
_ 		18. helmikuuta 2008 @ 22:10 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa Look2Me-Destroyer.exe työpöydällesi.
http://www.atribune.org/ccount/click.php?id=7

* Sulje kaikki ikkunat ennen jatkamista.
* Tupla-klikkaa Look2Me-Destroyer.exe ajaaksesi ohjelman.
* Rastita Run this program as a task.
* Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
* Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
* Kun skannaus on valmis, klikkaa Remove L2M valintaa.
* Saat Done Scanning viestin, klikkaa OK.
* Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
* Tietokoneesi sammuttaa itsensä.
* Käynnistä koneesi uudelleen.
* Postita C:\Look2Me-Destroyer.txt tiedoston sisältö uuden HijackThis login kera postiisi.

Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.

Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.

[ + lainaa]
Voiko tietsikka koskaan toimia?
Palle00
Suspended due to non-functional email address
_ 		18. helmikuuta 2008 @ 22:19 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lainaus, alkuperäisen viestin kirjoitti Hujo:
 katos onko sulla firefoxissa aloitus sivu

laita ie selaimeen aloitus sivu

Klikkaa käynnistä > ohjeja tuki > windows updaten
En aivan taida ymmärtää.. Tottahan molemmissa on aloitussivu? Vai ehkä oletusselainta meinaat? IExplorella kun menen osoitteeseen: http://windowsupdate.microsoft.com/
niin mitään ei ilmesty ikkunaan..

"käynnistä > ohjeja tuki > windows updaten" - tyhjä ikkuna näkyy tuollakin..
[ + lainaa]
Palle00
Suspended due to non-functional email address
_ 		18. helmikuuta 2008 @ 22:35 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:19, on 18.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\Scanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5558 bytes







Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 18.2.2008 22:28:03


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded
[ + lainaa]
Hujo
Suspended permanently
_ 		18. helmikuuta 2008 @ 23:08 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ei iessä ainakaan näytä olevan aloitus sivua kun ei tule riviä

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.elisa.net/ esim
[ + lainaa]
Voiko tietsikka koskaan toimia?
Palle00
Suspended due to non-functional email address
_ 		19. helmikuuta 2008 @ 17:04 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
No joo nyt on molemmissa aloitussivu.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/

mutta ei vaan widowsupdateen pääse..
[ + lainaa]
Mainos
_ 		__
 
_
Hujo
Suspended permanently
_ 		20. helmikuuta 2008 @ 04:43 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
otas tuosta
ie7 selain
[ + lainaa]
Voiko tietsikka koskaan toimia?
 
Sivu:<12
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt-logi, active desktop herjailee ja iexplore..
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy