AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
torstai 13.11.2025 / 22:47
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > logia tarkastukseen
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Logia tarkastukseen
  Siirry:
 
Kirjoittaja Viesti
BeatMasta
Suspended due to non-functional email address
_ 		18. kesäkuuta 2008 @ 00:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
jos joku vois kattoo noi logit ja kertoo onkohan siel mitää kummajaisii.. kiitokset vaivan näöstä!!

Hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:29:49, on 18.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\IObit\Advanced Win\MemCleaner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced Win\MemCleaner.exe /m
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase9563.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 4873 bytes


combofix:

ComboFix 08-06-16.5 - KingBass 2008-06-18 0:07:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.246 [GMT 3:00]
Running from: C:\Documents and Settings\KingBass\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msvrc20.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-17 to 2008-06-17 )))))))))))))))))
.

2008-06-17 21:40 . 2008-06-17 21:40 <KANSIO> d-------- C:\Program Files\MSN Messenger
2008-06-17 20:20 . 2008-06-17 20:29 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-17 02:03 . 2008-06-17 13:03 <KANSIO> d-------- C:\RVAXO
2008-06-17 01:59 . 2008-05-29 21:30 828,824 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-06-17 01:59 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-06-16 16:44 . 2008-06-16 16:44 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\IObit
2008-06-16 12:57 . 2008-06-16 12:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-16 12:55 . 2008-06-16 12:56 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-06-16 02:44 . 2008-06-16 02:44 <KANSIO> d-------- C:\Documents and Settings\KingBass\DoctorWeb
2008-06-16 00:57 . 2008-06-16 02:04 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2008-06-16 00:41 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-16 00:40 . 2008-06-16 00:40 <KANSIO> d-------- C:\Intel
2008-06-14 18:32 . 2008-06-14 18:32 42 --a------ C:\WINDOWS\system32\.dat
2008-06-14 18:32 . 2008-06-14 18:32 25 --a------ C:\WINDOWS\system32\.ini
2008-06-14 18:30 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2008-06-14 17:56 . 2008-06-14 18:26 <KANSIO> d-------- C:\Program Files\Winamp
2008-06-14 17:56 . 2008-06-16 15:22 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\Winamp
2008-06-14 16:43 . 2008-06-14 16:43 <KANSIO> d-------- C:\Program Files\Malwarebytes
2008-06-14 16:43 . 2008-06-14 16:43 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\Malwarebytes
2008-06-14 16:43 . 2008-06-14 16:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 16:43 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 16:43 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-13 22:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 22:15 . 2008-06-13 22:16 <KANSIO> d-------- C:\Program Files\Java
2008-06-13 22:14 . 2008-06-13 22:14 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-13 07:21 . 2008-06-13 07:21 <KANSIO> d-------- C:\WINDOWS\Sun
2008-06-13 00:16 . 2008-06-18 00:04 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 00:16 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-13 00:16 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-13 00:16 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-13 00:16 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-13 00:15 . 2008-06-17 22:39 <KANSIO> d-------- C:\Program Files\Spyware Doctor
2008-06-13 00:15 . 2008-06-13 00:15 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\PC Tools
2008-06-12 17:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-12 17:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-12 17:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-12 03:00 . 2008-06-17 13:21 <KANSIO> d-------- C:\Program Files\PokerStars
2008-06-12 01:32 . 2008-06-12 01:32 <KANSIO> d-------- C:\Program Files\ToniArts
2008-06-12 01:22 . 2008-06-12 01:22 <KANSIO> d-------- C:\Program Files\ASIO4ALL v2
2008-06-12 01:21 . 2008-06-12 01:26 <KANSIO> d-------- C:\Program Files\VstPlugins
2008-06-12 01:21 . 2002-07-08 01:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-06-12 01:21 . 2006-06-20 11:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-06-12 01:20 . 2008-06-12 01:20 <KANSIO> d-------- C:\Program Files\Outsim
2008-06-12 01:17 . 2008-06-12 01:26 <KANSIO> d-------- C:\Program Files\Image-Line
2008-06-12 01:10 . 2008-06-16 23:30 <KANSIO> d-------- C:\Documents and Settings\KingBass\Contacts
2008-06-12 01:09 . 2008-06-17 21:40 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-12 01:04 . 2008-06-17 20:20 <KANSIO> d-------- C:\Program Files\Windows Live
2008-06-12 01:04 . 2008-06-12 01:07 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-12 01:04 . 2008-06-12 01:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-12 01:02 . 2008-06-12 01:02 <KANSIO> d-------- C:\Program Files\uTorrent
2008-06-12 01:02 . 2008-06-17 20:26 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\uTorrent
2008-06-12 01:00 . 2008-06-12 01:00 <KANSIO> d-------- C:\Program Files\CodecComPack
2008-06-12 00:51 . 2008-06-12 00:51 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-06-12 00:49 . 2008-06-12 00:49 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-06-12 00:49 . 2008-06-12 00:50 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-12 00:37 . 2008-06-12 00:37 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-12 00:37 . 2008-06-12 00:37 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-12 00:21 . 2008-06-12 00:21 <KANSIO> d-------- C:\Program Files\IObit
2008-06-12 00:03 . 2008-04-23 07:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-12 00:03 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-12 00:03 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-12 00:03 . 2008-04-23 07:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-12 00:03 . 2008-04-23 07:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-12 00:03 . 2008-04-23 07:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-12 00:03 . 2008-04-23 07:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-12 00:03 . 2008-04-23 07:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-12 00:03 . 2008-04-22 10:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-11 23:33 . 2008-06-11 23:37 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-06-11 23:33 . 2008-04-14 09:12 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-06-11 23:14 . 2008-06-11 23:14 <KANSIO> d-------- C:\Program Files\DAEMON Tools
2008-06-11 23:11 . 2008-06-11 23:11 <KANSIO> d-------- C:\Documents and Settings\KingBass\Application Data\DAEMON Tools
2008-06-11 23:11 . 2008-06-11 23:11 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-11 23:08 . 2006-03-23 20:12 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
2008-06-11 23:06 . 2001-08-18 00:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-11 23:05 . 2008-06-11 23:05 <KANSIO> d-------- C:\Program Files\Intel
2008-06-11 23:04 . 2008-04-14 09:11 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-11 23:02 . 2008-06-17 23:16 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d-------- C:\Program Files\Dell
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d--h----- C:\Documents and Settings\Default User\Verkkoympäristö
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d-------- C:\Documents and Settings\Default User\Työpöytä
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d--h----- C:\Documents and Settings\Default User\Tulostinympäristö
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d-------- C:\Documents and Settings\Default User\Suosikit
2008-06-11 23:02 . 2008-06-11 20:12 <KANSIO> d--h----- C:\Documents and Settings\Default User\Mallit
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> dr------- C:\Documents and Settings\Default User\Käynnistä-valikko
2008-06-11 23:02 . 2008-06-12 01:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Työpöytä
2008-06-11 23:02 . 2008-06-11 20:13 <KANSIO> dr------- C:\Documents and Settings\All Users\Tiedostot
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Suosikit
2008-06-11 23:02 . 2008-06-11 23:02 <KANSIO> d--h----- C:\Documents and Settings\All Users\Mallit
2008-06-11 23:02 . 2008-06-11 23:39 <KANSIO> dr------- C:\Documents and Settings\All Users\Käynnistä-valikko
2008-06-11 23:01 . 2008-06-11 20:19 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-06-11 21:26 . 2008-06-11 21:26 <KANSIO> d--hs---- C:\Documents and Settings\KingBass\UserData
2008-06-11 21:17 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 21:04 . 2008-06-17 20:21 <KANSIO> d-------- C:\Program Files\PowerArchiver
2008-06-11 21:04 . 2008-06-11 21:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-06-11 21:01 . 2008-04-14 18:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 22:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 22:26 --------- d-----w C:\Program Files\VstPlugins
2008-06-11 19:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-11 19:57 --------- d-----w C:\Program Files\Analog Devices
2008-06-11 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-06-11 17:36 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-11 17:36 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-11 17:36 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-06-11 17:36 --------- d-----w C:\Program Files\COMODO
2008-06-11 17:36 --------- d-----w C:\Documents and Settings\KingBass\Application Data\Comodo
2008-06-11 17:31 --------- d-----w C:\Program Files\Broadcom
2008-06-11 17:23 --------- d-----w C:\Program Files\Alwil Software
2008-06-11 17:17 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 06:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 06:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 06:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 06:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 06:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 06:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 06:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 06:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 06:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 06:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 06:09 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 06:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 05:49 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:49 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 05:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 05:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 05:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 05:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 08:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 08:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 08:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 08:40 440,832 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 08:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 08:35 186,368 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 08:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 08:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 07:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 07:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 07:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 07:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 07:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 06:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 06:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 06:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 05:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-11 20:36 1655552]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"SmartRAM"="C:\Program Files\IObit\Advanced Win\MemCleaner.exe" [2007-10-29 16:43 662016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\CODECC~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-11 20:36]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-11 20:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-16 13:30:01 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced Win\AutoCare.exe
"2008-06-16 17:00:28 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced Win\AutoUpdate.ex
- C:\Program Files\IObit\Advanced Win\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 00:11:47
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-06-18 0:13:38
ComboFix-quarantined-files.txt 2008-06-17 21:13:31

Pre-Run: 8,089,915,392 tavua vapaana
Post-Run: 8,083,685,376 tavua vapaana

237 --- E O F --- 2008-06-12 15:28:52
[ + lainaa]
Elämä ilman Beattii on ajan hukkaa!!!
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > logia tarkastukseen
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy