|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
hjt-logi, active desktop herjailee ja iexplore..
|
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 12:39 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:06, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKLM\..\Run: [74d73c4c] rundll32.exe "C:\WINDOWS\system32\peftjxej.dll",b
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O21 - SSODL: PrxUnknown - {20666617-74a6-465f-a442-fc1017227ae7} - C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll
O21 - SSODL: zip - {4674d34e-e91d-422e-b80d-77de635b9fda} - C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5929 bytes
--------------------------------------------------------------------
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 13:09 |
Linkki tähän viestiin
|
http://www.cracks4u.com/?ss=call+of+duty+2+keygen
Call of Duty 2 cd key
Latasin edellä mainitulta sivulta sen alla mainitun tiedoston jonka jälkeen kokeilin paketista avautuvia tiedostoja jotka eivät näyttäneet tekevän mitään, mutta kuitenkin koneen temppuilu antaa viitteitä että jotain on tapahtunut kun vain tietäisi mitä.. Osaako joku auttaa tyhmää?
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 13:59 |
Linkki tähän viestiin
|
"If your anti-virus software is not up to date, you could be open to dangerous infection! UPDATE NOW"
Tämmöistä herjaa Internet Explorer.
Bannerin tiedot:
Osoite:
http://82.98.235.210/go//?
URL:
cmp=nm_banner_gav_meta_kw_picture&nid=&url=C:%5CWINDOWS%5CBricoPacks%5CVista%20Inspirat%202%5CRocketDock&uid=E15A8EA0DC7511DC8EC2FFF862DEFFFF&rid=md5&guid=D3E4EACC453B41659E410546199FB9A0&lid=security&affid=862
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 15:39 |
Linkki tähän viestiin
|
|
Lisäksi pomppaa välillä jonku turva-pc:n kehoitus skannata tietokone viruksilta. Apua tarvis???
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 15:41 |
Linkki tähän viestiin
|
Lataa VundoFix.exe työpöydällesi.
Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
===========
Ei taida oikeen kone tykätä noista vistan kaluista
Xp:ssä
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 17. helmikuuta 2008 @ 15:49
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 17:00 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:41, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {3959795A-193B-4933-A76B-4F2727D2D800} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: {98fbfe27-0410-85d9-e814-ee3a686913e6} - {6e319686-a3ee-418e-9d58-014072efbf89} - C:\WINDOWS\system32\hgdhohdt.dll (file missing)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKLM\..\Run: [74d73c4c] rundll32.exe "C:\WINDOWS\system32\peftjxej.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: PrxUnknown - {20666617-74a6-465f-a442-fc1017227ae7} - C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll
O21 - SSODL: zip - {4674d34e-e91d-422e-b80d-77de635b9fda} - C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 6399 bytes
VundoFix V6.7.8
Checking Java version...
Sun Java not detected
Scan started at 16:25:13 17.2.2008
Listing files found while scanning....
C:\WINDOWS\system32\awtspon.dll
C:\WINDOWS\system32\fccbaay.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\hgdhohdt.dll
C:\WINDOWS\system32\jexjtfep.ini
C:\WINDOWS\system32\peftjxej.dll
C:\WINDOWS\system32\rqrpqrq.dll
C:\windows\system32\ybeeg.ini
C:\windows\system32\ybeeg.ini2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtspon.dll
C:\WINDOWS\system32\awtspon.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\fccbaay.dll
C:\WINDOWS\system32\fccbaay.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geeby.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgdhohdt.dll
C:\WINDOWS\system32\hgdhohdt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jexjtfep.ini
C:\WINDOWS\system32\jexjtfep.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\peftjxej.dll
C:\WINDOWS\system32\peftjxej.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\rqrpqrq.dll
C:\WINDOWS\system32\rqrpqrq.dll Has been deleted!
Attempting to delete C:\windows\system32\ybeeg.ini
C:\windows\system32\ybeeg.ini Has been deleted!
Attempting to delete C:\windows\system32\ybeeg.ini2
C:\windows\system32\ybeeg.ini2 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtspon.dll
C:\WINDOWS\system32\awtspon.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\peftjxej.dll
C:\WINDOWS\system32\peftjxej.dll Has been deleted!
Performing Repairs to the registry.
Done!
Tässäpä olisivat..
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 17:08 |
Linkki tähän viestiin
|
Uudelleen nimeä
C:\HijackThis\HijackThis.exe <-- scanneri.exe
ota vielä uusi hjt:n loki sen jälkeen
Voiko tietsikka koskaan toimia?
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 17:11 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:01, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe
C:\HijackThis\Scanneri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {3959795A-193B-4933-A76B-4F2727D2D800} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: {98fbfe27-0410-85d9-e814-ee3a686913e6} - {6e319686-a3ee-418e-9d58-014072efbf89} - C:\WINDOWS\system32\hgdhohdt.dll (file missing)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKLM\..\Run: [74d73c4c] rundll32.exe "C:\WINDOWS\system32\peftjxej.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: PrxUnknown - {20666617-74a6-465f-a442-fc1017227ae7} - C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll
O21 - SSODL: zip - {4674d34e-e91d-422e-b80d-77de635b9fda} - C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 6481 bytes
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 17:34 |
Linkki tähän viestiin
|
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {3959795A-193B-4933-A76B-4F2727D2D800} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: {98fbfe27-0410-85d9-e814-ee3a686913e6} - {6e319686-a3ee-418e-9d58-014072efbf89} - C:\WINDOWS\system32\hgdhohdt.dll (file missing)
O4 - HKLM\..\Run: [74d73c4c] rundll32.exe "C:\WINDOWS\system32\peftjxej.dll",b
==============
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
========
Laita viimisenä scannaten uusi hjt:n loki
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 17. helmikuuta 2008 @ 17:36
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 17:58 |
Linkki tähän viestiin
|
ComboFix 08-02-17.2 - Pauli 2008-02-17 17:47:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.576 [GMT 2:00]
Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\winbjt32.dll
I:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
-------\runtime
-------\symavc32
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-01-17 to 2008-02-17 )))))))))))))))))
.
2008-02-17 16:25 . 2008-02-17 16:53 <KANSIO> d-------- C:\VundoFix Backups
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
2008-02-17 12:58 . 2008-02-17 12:58 54,272 --a------ C:\kdbfoifg.exe
2008-02-17 12:58 . 2008-02-17 12:58 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 12:58 . 2008-02-17 17:51 21,120 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
2008-02-17 12:58 . 2008-02-17 17:50 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-17 12:58 . 2008-02-17 12:58 2 --a------ C:\1960262883
2008-02-17 12:33 . 2008-02-17 17:43 <KANSIO> d-------- C:\HijackThis
2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\free-downloads.net
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
2008-01-26 10:12 . 2008-02-17 17:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:11 . 2008-02-17 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\K?ynnist?-valikko
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
2008-02-17 12:58 26112 --a------ C:\WINDOWS\system32\marwin32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PrxUnknown"= {20666617-74a6-465f-a442-fc1017227ae7} - C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll [2008-02-16 11:54 14374]
"zip"= {4674d34e-e91d-422e-b80d-77de635b9fda} - C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll [2008-02-16 11:56 38438]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-17 17:50 6656 C:\WINDOWS\system32\WLCtrl32.dll
R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-17 17:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
\Shell\AutoRun\command - D:\CD.EXE
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 17:51:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll
-> C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-02-17 17:54:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 15:53:52
.
2008-01-26 07:34:54 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:34, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\Scanneri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: PrxUnknown - {20666617-74a6-465f-a442-fc1017227ae7} - C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll
O21 - SSODL: zip - {4674d34e-e91d-422e-b80d-77de635b9fda} - C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5900 bytes
Ja näin olkaa hyvä.
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 18:37 |
Linkki tähän viestiin
|
scanna hjt:llä merkkaa paina fix checked
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: PrxUnknown - {20666617-74a6-465f-a442-fc1017227ae7} - C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll
O21 - SSODL: zip - {4674d34e-e91d-422e-b80d-77de635b9fda} - C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll
=================
Katos mitä tuosta sanoo virustotal
Lähetetääni tiedosto Virustotaliin
virustotal
1 Klikkaa Selaa... nappia
2 Selaa sitten siihen tämä tiedosto:
C:\WINDOWS\system32\marwin32.dll
3 Klikkaa Avaa nappia
4 Klikkaa Send nappia
5 Sivusto scannaa tiedostoa hetken, tallenna sitten tulokset jotka saat vaikka muistioon.
Tälläin piilotiedostot näkyville:
* Klikkaa Käynnistä.
* Avaa Oma Tietokone.
* Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
* Valitse Näytä välilehti.
* Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
* Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
* Klikkaa Kyllä varmistaaksesi muutokset.
* Klikkaa OK.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 17. helmikuuta 2008 @ 18:44
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 19:02 |
Linkki tähän viestiin
|
|
Ikarus T3.1.1.20 2008.02.17 Trojan.Win32.BHO.d
Microsoft 1.3204 2008.02.17 Trojan:Win32/Adclicker.AO
Näillä näyttää tärpänneen.. mikä neuvoksi..
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 19:35 |
Linkki tähän viestiin
|
|
Hjt:llä fixsataan pois
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 17. helmikuuta 2008 @ 19:48
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 20:09 |
Linkki tähän viestiin
|
|
Jos siinä oli kaikki niin kiitoksia avusta!
Kone näyttää olevan vakaa.
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 20:24 |
Linkki tähän viestiin
|
|
scannaa uusi combofix loki ja uusi hjt:n loki
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 17. helmikuuta 2008 @ 20:25
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 20:44 |
Linkki tähän viestiin
|
ComboFix 08-02-17.2 - Pauli 2008-02-17 20:37:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.544 [GMT 2:00]
Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-17 to 2008-02-17 )))))))))))))))))
.
2008-02-17 16:25 . 2008-02-17 16:53 <KANSIO> d-------- C:\VundoFix Backups
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
2008-02-17 12:58 . 2008-02-17 12:58 54,272 --a------ C:\kdbfoifg.exe
2008-02-17 12:58 . 2008-02-17 12:58 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 12:58 . 2008-02-17 20:29 21,120 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
2008-02-17 12:58 . 2008-02-17 20:24 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-17 12:58 . 2008-02-17 12:58 2 --a------ C:\1960262883
2008-02-17 12:33 . 2008-02-17 19:53 <KANSIO> d-------- C:\HijackThis
2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\free-downloads.net
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
2008-01-26 10:12 . 2008-02-17 20:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:11 . 2008-02-17 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
C:\Documents and Settings\Pauli\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe [2008-02-02 21:33:58 172032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {4674d34e-e91d-422e-b80d-77de635b9fda} - C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll [2008-02-16 11:56 38438]
"PrxUnknown"= {20666617-74a6-465f-a442-fc1017227ae7} - C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll [2008-02-16 11:54 14374]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-17 20:24 6656 C:\WINDOWS\system32\WLCtrl32.dll
R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-17 20:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
\Shell\AutoRun\command - D:\CD.EXE
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 20:40:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
-> C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll
-> C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll
.
Completion time: 2008-02-17 20:41:40
ComboFix-quarantined-files.txt 2008-02-17 18:41:29
ComboFix2.txt 2008-02-17 15:54:11
.
2008-01-26 07:34:54 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:20, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\Scanneri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = ?
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: zip - {4674d34e-e91d-422e-b80d-77de635b9fda} - C:\WINDOWS\Installer\{4674d34e-e91d-422e-b80d-77de635b9fda}\zip.dll
O21 - SSODL: PrxUnknown - {20666617-74a6-465f-a442-fc1017227ae7} - C:\WINDOWS\Installer\{20666617-74a6-465f-a442-fc1017227ae7}\PrxUnknown.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5730 bytes
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 21:10 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\WINDOWS\system32\WLCtrl32.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"=-
"PrxUnknown"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll-
Tallenna se nimellä CFScript
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
=============
scannaa uusi hjt:n loki
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 17. helmikuuta 2008 @ 21:12
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 21:28 |
Linkki tähän viestiin
|
ComboFix 08-02-17.2 - Pauli 2008-02-17 21:19:58.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.515 [GMT 2:00]
Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\WLCtrl32.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\WLCtrl32.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-01-17 to 2008-02-17 )))))))))))))))))
.
2008-02-17 16:25 . 2008-02-17 16:53 <KANSIO> d-------- C:\VundoFix Backups
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
2008-02-17 12:58 . 2008-02-17 12:58 54,272 --a------ C:\kdbfoifg.exe
2008-02-17 12:58 . 2008-02-17 12:58 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 12:58 . 2008-02-17 20:29 21,120 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
2008-02-17 12:58 . 2008-02-17 12:58 2 --a------ C:\1960262883
2008-02-17 12:33 . 2008-02-17 20:43 <KANSIO> d-------- C:\HijackThis
2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\free-downloads.net
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:11 . 2008-02-17 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\K?ynnist?-valikko
2008-01-25 19:57 . 2008-01-25 20:04 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-17 21:24 6656 C:\WINDOWS\system32\WLCtrl32.dll
R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-17 21:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
\Shell\AutoRun\command - D:\CD.EXE
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 21:23:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\WLCtrl32.dll 6656 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-02-17 21:25:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 19:25:05
ComboFix2.txt 2008-02-17 18:41:41
ComboFix3.txt 2008-02-17 15:54:11
.
2008-01-26 07:34:54 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:26, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\Scanneri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = ?
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5421 bytes
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 21:44 |
Linkki tähän viestiin
|
Lataa Killbox Option^Explicitiltä
Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.
Tallenna työpöydällesi.
Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
Valitse:
Delete on Reboot sitten klikkaa All Files valintaa.
Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):
C:\WINDOWS\system32\WLCtrl32.dll
Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.
Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön.
Käynnistä koneesi itse jos se ei sitä automaattisesti tee.
========
laita uusi hjt:n loki
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 17. helmikuuta 2008 @ 21:48
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 21:54 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:14, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis\Scanneri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = ?
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5421 bytes
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 22:05 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
Tallenna se nimellä CFScript
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
Voiko tietsikka koskaan toimia?
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 22:12 |
Linkki tähän viestiin
|
ComboFix 08-02-17.2 - Pauli 2008-02-17 22:08:10.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.591 [GMT 2:00]
Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-17 to 2008-02-17 )))))))))))))))))
.
2008-02-17 21:24 . 2008-02-17 21:51 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-17 16:25 . 2008-02-17 16:53 <KANSIO> d-------- C:\VundoFix Backups
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
2008-02-17 12:58 . 2008-02-17 12:58 54,272 --a------ C:\kdbfoifg.exe
2008-02-17 12:58 . 2008-02-17 12:58 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 12:58 . 2008-02-17 21:53 21,120 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
2008-02-17 12:58 . 2008-02-17 12:58 2 --a------ C:\1960262883
2008-02-17 12:33 . 2008-02-17 21:54 <KANSIO> d-------- C:\HijackThis
2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\free-downloads.net
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:11 . 2008-02-17 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
C:\Documents and Settings\Pauli\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe [2008-02-02 21:33:58 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-17 21:51 6656 C:\WINDOWS\system32\WLCtrl32.dll
R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-17 21:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
\Shell\AutoRun\command - D:\CD.EXE
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 22:10:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Completion time: 2008-02-17 22:11:09
ComboFix-quarantined-files.txt 2008-02-17 20:10:53
ComboFix2.txt 2008-02-17 19:25:30
ComboFix3.txt 2008-02-17 18:41:41
ComboFix4.txt 2008-02-17 15:54:11
.
2008-01-26 07:34:54 --- E O F ---
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 22:24 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\WINDOWS\system32\WLCtrl32.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
Tallenna se nimellä CFScript
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
Voiko tietsikka koskaan toimia?
|
|
Palle00
Suspended due to non-functional email address
|
17. helmikuuta 2008 @ 22:36 |
Linkki tähän viestiin
|
ComboFix 08-02-17.2 - Pauli 2008-02-17 22:28:51.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.486 [GMT 2:00]
Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\WLCtrl32.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\WLCtrl32.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-01-17 to 2008-02-17 )))))))))))))))))
.
2008-02-17 16:25 . 2008-02-17 16:53 <KANSIO> d-------- C:\VundoFix Backups
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
2008-02-17 12:58 . 2008-02-17 12:58 54,272 --a------ C:\kdbfoifg.exe
2008-02-17 12:58 . 2008-02-17 12:58 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 12:58 . 2008-02-17 22:32 21,120 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
2008-02-17 12:58 . 2008-02-17 12:58 2 --a------ C:\1960262883
2008-02-17 12:33 . 2008-02-17 21:54 <KANSIO> d-------- C:\HijackThis
2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\free-downloads.net
2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:11 . 2008-02-17 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\K?ynnist?-valikko
2008-01-25 19:57 . 2008-01-25 20:04 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll
R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-17 22:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
\Shell\AutoRun\command - D:\CD.EXE
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 22:32:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-02-17 22:34:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 20:34:16
ComboFix2.txt 2008-02-17 20:11:10
ComboFix3.txt 2008-02-17 19:25:30
ComboFix4.txt 2008-02-17 18:41:41
ComboFix5.txt 2008-02-17 15:54:11
.
2008-01-26 07:34:54 --- E O F ---
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
17. helmikuuta 2008 @ 22:41 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
Tallenna se nimellä CFScript
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
===============
Laita vielä hjt:n loki ja combofix loki
Voiko tietsikka koskaan toimia?
|
|
