|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Ei voi tarkistaa scannereilla
|
|
|
hytti
Newbie
|
13. elokuuta 2008 @ 16:59 |
Linkki tähän viestiin
|
Hei.
Koneessani jotain häikkää. En voi suorittaa virustarkistusta avastilla, niin että kaikki tiedostot tarkistettaisiin. Avast jökkää kesken scannauksen ja se pitää sammuttaa tehtävienhallinnan kautta. Samoin Ad-Aware:lla ei voi tehdä full scannia, jökkää kesken kaiken, mutta Ad-Awaren smart scan menee loppuun eikä koskaan ole löytänyt "örkkejä".
spybot käy konetta läpi tosi kauan eikä ole löytänyt vikaa. Rekisterin ole puhdistanut säännöllisesti.
Laitan oheen hijackthis lokin.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:14, on 13.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ZyXEL NPS-520 Utility\ServoApp.exe
C:\Program Files\ZyXEL NPS-520 Utility\MFPAgent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=7...gitCheckError=3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\ZyXEL NPS-520 Utility\ServoApp.exe"
O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\ZyXEL NPS-520 Utility\MFPAgent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.microsoft.net
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase5036.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7725 bytes
Sain aikaisemmin apua tässä keskustelussa, joka jäi minulta itseltä kesken, ongelman ratkettua "itsekseen"
http://keskustelu.afterdawn.com/thread_view.cfm/672962
Yritin nyt skannata Malwarebytes'Anti-Malware ohjelmalla mutta myös se lopetti skannuksen kesken.
SDFix sen sijaan onnistui ja sen loki tässä.
SDFix: Version 1.215
Run by Yll?pito on ke 13.08.2008 at 16:34
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Yll?pito\Ty?p?yt?\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 16:37:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"D:\\ASENNUSP\\UTORRENT.EXE"="D:\\ASENNUSP\\UTORRENT.EXE:*:Enabled:æTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Documents and Settings\\abis\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Documents and Settings\\abis\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
Files with Hidden Attributes :
Sun 1 Jun 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Finished!
Teen vielä tuon compofixin ja laitan sen kohta jatkoksi.
Kiitos suuri jos joku osaa auttaa.
|
|
hytti
Newbie
|
13. elokuuta 2008 @ 17:10 |
Linkki tähän viestiin
|
Tässä combofix loki.
ComboFix 08-08-12.01 - Ylläpito 2008-08-13 17:02:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.1534 [GMT 3:00]
Running from: C:\Documents and Settings\Ylläpito\Työpöytä\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jonni\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\Config.ini
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-13 to 2008-08-13 )))))))))))))))))
.
2008-08-13 16:34 . 2008-08-13 16:34 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-13 16:33 . 2008-08-13 16:33 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-08-13 16:12 . 2008-08-13 16:12 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 16:12 . 2008-08-13 16:12 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\Malwarebytes
2008-08-13 16:12 . 2008-08-13 16:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 16:12 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-13 16:12 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-13 15:54 . 2008-08-13 15:56 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-13 08:18 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 08:18 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 19:11 . 2008-08-11 19:11 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\vlc
2008-08-11 19:10 . 2008-08-11 19:10 <KANSIO> d-------- C:\Documents and Settings\abis\Application Data\vlc
2008-08-11 19:06 . 2008-08-11 19:06 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-08-08 13:48 . 2008-08-13 12:30 <KANSIO> d-------- C:\Downloads
2008-08-08 13:48 . 2008-08-08 14:27 <KANSIO> d-------- C:\Bases
2008-08-08 13:47 . 2008-08-08 13:47 <KANSIO> d-------- C:\Kaspersky
2008-08-02 12:46 . 2008-08-02 12:46 <KANSIO> d-------- C:\Documents and Settings\abis\Application Data\GARMIN
2008-08-01 15:11 . 2008-08-01 15:11 <KANSIO> d-------- C:\Documents and Settings\Virpi\Application Data\Comodo
2008-07-22 09:14 . 2003-08-29 12:09 196,608 -ra------ C:\WINDOWS\system32\hpbvnstp.dll
2008-07-22 09:14 . 2003-08-29 12:09 212 -ra------ C:\WINDOWS\system32\hpbvnstp.dat
2008-07-22 08:54 . 2008-07-22 08:54 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\GARMIN
2008-07-22 08:54 . 2008-07-22 08:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GARMIN
2008-07-22 08:44 . 2008-07-22 08:46 46,333 --a------ C:\WINDOWS\hplj1010.hi2
2008-07-22 08:44 . 2008-07-22 08:46 4,089 --a------ C:\WINDOWS\hplj1010.bu2
2008-07-21 13:42 . 2008-07-21 14:35 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2008-07-21 12:59 . 2008-07-21 12:59 <KANSIO> d-------- C:\Program Files\Common Files\Skype
2008-07-21 12:59 . 2008-07-21 13:15 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\Skype
2008-07-19 10:50 . 2008-07-19 10:50 <KANSIO> d-------- C:\Documents and Settings\abis\Application Data\Comodo
2008-07-19 10:33 . 2008-07-19 10:33 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\Comodo
2008-07-19 10:33 . 2008-07-19 10:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-07-19 10:31 . 2008-06-03 19:09 223 --a------ C:\boot.ini.comodofirewall
2008-07-19 10:30 . 2008-07-19 10:30 <KANSIO> d-------- C:\Program Files\Comodo
2008-07-17 11:51 . 2008-07-17 11:51 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-07-17 11:51 . 2008-07-17 11:51 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-07-17 11:50 . 2008-07-17 11:51 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-07-17 11:50 . 2008-07-17 11:51 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-07-17 11:50 . 2008-05-17 13:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-07-17 11:50 . 2008-05-17 13:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-07-17 11:50 . 2008-07-17 11:51 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-07-17 11:35 . 2008-07-17 11:36 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 08:08 --------- d-----w C:\Documents and Settings\abis\Application Data\uTorrent
2008-08-11 16:11 --------- d-----w C:\Documents and Settings\Ylläpito\Application Data\vlc
2008-08-11 16:10 --------- d-----w C:\Documents and Settings\abis\Application Data\vlc
2008-07-22 07:42 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-07-21 10:03 --------- d-----w C:\Documents and Settings\abis\Application Data\Skype
2008-07-21 10:02 --------- d-----w C:\Documents and Settings\abis\Application Data\skypePM
2008-07-21 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-21 09:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 09:48 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-19 07:50 --------- d-----w C:\Documents and Settings\Ylläpito\Application Data\uTorrent
2008-07-18 16:55 --------- d-----w C:\Documents and Settings\Ylläpito\Application Data\U3
2008-07-17 08:08 --------- d-----w C:\Program Files\Skype
2008-07-16 10:32 20,501,962 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_16_13_12_30_full.dmp.zip
2008-07-16 09:47 20,191,409 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_15_14_20_00_full.dmp.zip
2008-07-14 19:22 20,195,386 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_14_15_15_37_full.dmp.zip
2008-07-12 09:24 56 ---ha-w C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 14:36 --------- d-----w C:\Program Files\ZyXEL NPS-520 Utility
2008-06-30 19:18 --------- d-----w C:\Program Files\CDBurnerXP
2008-06-30 18:32 --------- d-----w C:\Documents and Settings\Ylläpito\Application Data\Ahead
2008-06-30 18:25 --------- d-----w C:\Documents and Settings\abis\Application Data\Ahead
2008-06-30 18:08 --------- d-----w C:\Documents and Settings\abis\Application Data\123 Free Solitaire
2008-06-26 18:05 --------- d-----w C:\Documents and Settings\abis\Application Data\Media Player Classic
2008-06-26 08:54 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock(2)(2).dll
2008-06-20 17:47 147,968 ----a-w C:\WINDOWS\system32\dnsapi(2)(2).dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:34 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 08:22 --------- d-----w C:\Documents and Settings\abis\Application Data\Nokia Multimedia Player
2008-06-14 08:19 --------- d-----w C:\Documents and Settings\abis\Application Data\Nokia
2008-06-14 08:18 --------- d-----w C:\Documents and Settings\abis\Application Data\PC Suite
2008-06-01 19:00 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-05-17 11:11 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-04-29 06:36 208896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 17:38 78008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 09:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 10:37 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 19:43 81920]
"Server Application for MFP Server"="C:\Program Files\ZyXEL NPS-520 Utility\ServoApp.exe" [2006-09-14 17:46 417792]
"MFP Server Agent"="C:\Program Files\ZyXEL NPS-520 Utility\MFPAgent.exe" [2006-10-31 18:38 1675264]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-07-19 10:30 1115728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 19:43 8466432]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16:52 16861184 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]
C:\Documents and Settings\Yll?pito\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 19:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-28 19:43 8466432 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Documents and Settings\\abis\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13621:UDP"= 13621:UDP:MFP Bot Utility
"13878:UDP"= 13878:UDP:MFP Agent
"14135:UDP"= 14135:UDP:MFP Driver
"14135:TCP"= 14135:TCP:MFP Driver
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R2 ALIWEHCD;MFP Server Enhanced Controller;C:\WINDOWS\system32\Drivers\mfpec.sys [2006-09-12 14:33]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]
R3 WUSBVBus;MFP Server Detector;C:\WINDOWS\system32\DRIVERS\mfpvbus.sys [2006-08-03 16:52]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87c6deac-2508-11dd-a571-0019dbcfc59c}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ylläpito\Application Data\Mozilla\Firefox\Profiles\mb5ukbnc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://iltasanomat.fi/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 17:03:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-13 17:04:25
ComboFix-quarantined-files.txt 2008-08-13 14:04:23
Pre-Run: 167,760,445,440 tavua vapaana
Post-Run: 167,889,600,512 tavua vapaana
196 --- E O F --- 2008-08-13 12:56:44
|
|
