|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
HJT,kone/netti hidastui
|
|
|
miikke
Junior Member
|
24. lokakuuta 2008 @ 22:14 |
Linkki tähän viestiin
|
Moikka.Asentelin koneelle winoke ohjelman ja sitten alkoi ongelmat.Kone hidastui ja nettikin pelaa tosi hitaasti.Palomuuri(zonealarm)näyttää että resulssien hallinta kuuntelee portteja tcp 1233 ja 17110 ja tavaraa tuntuu liikkuvan netissä vaikka esim.selain ei ole avattu.Malwarebytes,avg ja avast ei löytänyt mitään pöpöjä(?)Kerran aukesi itsekseen sivu www.c5edo.com :(
Joten tässä logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:52, on 24.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iltasanomat.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///D:/setup/RiffLick.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1190715846062
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1197667823671
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\davclnt32.dll
O20 - Winlogon Notify: f4129534488 - C:\WINDOWS\System32\davclnt32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8381 bytes
Kiitos
|
|
miikke
Junior Member
|
25. lokakuuta 2008 @ 13:38 |
Linkki tähän viestiin
|
|
Korjaus edelliseen.Eli aukeava sivu on www.c5.zedo.Pop up ohjelma?
|
AfterDawn Addict
|
25. lokakuuta 2008 @ 15:09 |
Linkki tähän viestiin
|
c5.zedo.com on saastuttava sivu !!!
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
------------------------------------------------------------------
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\WINDOWS\System32\davclnt32.dll
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
-----------------------------------------------------------------
Poista ne rivit jotka on jäljellä:
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\davclnt32.dll
O20 - Winlogon Notify: f4129534488 - C:\WINDOWS\System32\davclnt32.dll
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
*
(:)
|
|
miikke
Junior Member
|
25. lokakuuta 2008 @ 22:42 |
Linkki tähän viestiin
|
Tässä näitä lokeja.Kuinkas se resurssienhallinta.Pitääkö koko ajan lähettää/hakee netistä?Ilmeisesti olen sen karaoke ohjelman yhteydessä klikannut ok kun palomuuri on kysynyt saako mennä nettiin?
Kiitos
hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:56, on 25.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iltasanomat.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///D:/setup/RiffLick.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1190715846062
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1197667823671
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D4D0E31-8D1B-46C8-B541-4309C76AF279}: NameServer = 195.197.54.100 195.74.0.47
O20 - AppInit_DLLs: C:\WINDOWS\System32\davclnt32.dll
O20 - Winlogon Notify: f4129534488 - C:\WINDOWS\System32\davclnt32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7633 bytes
combofix:
ComboFix 08-10-24.02 - Omistaja 2008-10-25 21:52:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1615 [GMT 3:00]
Sijainti: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: C:\Documents and Settings\Omistaja\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\CFScript.txt
* Uusi palautuspiste luotu
VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-25 to 2008-10-25 )))))))))))))))))
.
2008-10-25 20:37 . 2008-10-25 20:37 317,952 --ahs---- C:\WINDOWS\system32\10.tmp
2008-10-25 17:19 . 2008-10-25 17:19 0 --a------ C:\WINDOWS\system32\3061.tmp
2008-10-25 15:34 . 2008-10-25 15:34 0 --a------ C:\WINDOWS\system32\3E.tmp
2008-10-25 13:39 . 2008-10-25 13:39 317,952 --ahs---- C:\WINDOWS\system32\106C.tmp
2008-10-25 12:39 . 2008-10-25 12:39 317,952 --ahs---- C:\WINDOWS\system32\1066.tmp
2008-10-25 11:52 . 2008-10-25 11:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-25 11:39 . 2008-10-25 11:39 317,952 --ahs---- C:\WINDOWS\system32\103C.tmp
2008-10-25 11:09 . 2008-10-25 11:09 0 --a------ C:\WINDOWS\system32\7.tmp
2008-10-24 21:32 . 2008-10-24 21:32 317,952 --ahs---- C:\WINDOWS\system32\28.tmp
2008-10-24 20:32 . 2008-10-24 20:32 317,952 --ahs---- C:\WINDOWS\system32\13.tmp
2008-10-24 17:17 . 2008-10-24 17:17 4,139 --a------ C:\WINDOWS\GnuHashes.ini
2008-10-24 17:09 . 2008-10-24 17:09 <KANSIO> d--hs---- C:\WINDOWS\system32\GroupPolicyManifest
2008-10-24 17:09 . 2008-10-24 17:09 131,072 --a------ C:\WINDOWS\system32\davclnt32.dll
2008-10-24 17:09 . 2008-10-24 17:09 1,203 --ahs---- C:\WINDOWS\system32\GroupPolicy000.dat
2008-10-24 16:56 . 2005-05-01 20:01 65,536 --a------ C:\WINDOWS\system32\FastQT.dll
2008-10-24 16:22 . 2008-10-24 16:32 <KANSIO> d-------- C:\Program Files\K Media Center
2008-10-24 16:18 . 2008-10-24 16:24 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-24 16:18 . 2008-10-24 16:32 <KANSIO> d-------- C:\Program Files\Advanced Karaoke Player
2008-10-23 14:00 . 2008-10-23 14:01 <KANSIO> d-------- C:\Program Files\OkyflyPC
2008-10-22 16:48 . 2008-10-22 16:49 <KANSIO> d-------- C:\Program Files\LimeWire
2008-10-18 14:20 . 2008-10-18 14:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-10-18 09:16 . 2008-10-18 09:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-10-13 15:09 . 2008-10-13 15:09 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Grisoft
2008-10-13 15:09 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-10-12 17:37 . 2007-08-24 19:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-10-12 17:37 . 2007-08-24 19:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-10-12 17:36 . 2008-10-12 17:37 <KANSIO> d-------- C:\Program Files\Mobile Partner
2008-10-11 17:13 . 2008-10-11 17:13 268 --ah----- C:\sqmdata01.sqm
2008-10-11 17:13 . 2008-10-11 17:13 244 --ah----- C:\sqmnoopt01.sqm
2008-09-30 17:13 . 2008-09-30 17:13 2,291,734 --a------ C:\WINDOWS\system32\TmpA11286250
2008-09-30 10:02 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-30 10:02 . 2003-02-21 06:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-29 18:27 . 2008-09-29 18:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Structure
2008-09-28 13:53 . 2008-10-18 09:15 <KANSIO> d-------- C:\Program Files\TVUPlayer
2008-09-26 08:51 . 2008-09-26 08:58 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 18:55 13,889,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-25 18:35 168,032 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-25 14:45 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Digidesign
2008-10-25 09:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 09:48 --------- d-----w C:\Program Files\SpywareBlaster
2008-10-25 09:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 16:36 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-10-24 12:52 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\uTorrent
2008-10-23 16:49 1,641,984 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-10-23 16:49 1,489,408 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-10-23 11:37 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 13:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 13:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-20 15:30 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-10-19 16:12 182,784 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-10-19 16:12 1,620,992 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-10-18 13:13 1,615,872 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-10-18 13:13 1,546,240 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-10-16 12:42 1,585,664 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-10-16 12:42 1,124,352 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-10-14 13:10 --------- d-----w C:\Program Files\VstPlugins
2008-10-13 13:51 65,536 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-10-12 13:03 1,531,392 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-10-10 13:59 757,248 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-10-10 13:59 1,539,072 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-10-07 19:20 358,912 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-10-07 19:20 1,516,544 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-10-04 17:49 270,848 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-10-03 13:40 587,264 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-10-01 16:34 1,816,064 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-10-01 16:34 1,481,728 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-09-30 14:15 --------- d-----w C:\Program Files\Nomad Factory
2008-09-29 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-29 16:47 --------- d-----w C:\Program Files\IK Multimedia
2008-09-29 15:30 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\PACE Anti-Piracy
2008-09-29 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-09-29 15:27 --------- d-----w C:\Program Files\Digidesign
2008-09-28 17:08 346,624 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-09-27 11:10 68,608 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-09-27 05:34 2,670,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-09-24 10:18 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-09-24 10:07 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-24 10:07 --------- d-----w C:\Program Files\Common Files\Real
2008-09-24 09:49 --------- d-----w C:\Program Files\Zone Labs
2008-09-24 09:44 --------- d-----w C:\Program Files\Sunbelt Software
2008-09-19 13:29 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-09-19 12:33 --------- d-----w C:\Program Files\Common Files\Agnitum Shared
2008-09-19 07:47 --------- d-----w C:\Program Files\VideoLAN
2008-09-16 14:05 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-15 16:45 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Windows Search
2008-09-11 08:08 94,208 ----a-w C:\Documents and Settings\Omistaja\Application Data\ezplay.sys
2008-09-11 08:08 47,360 ----a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys
2008-09-11 08:08 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Vso
2008-09-11 08:06 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2008-09-11 07:52 94,208 ----a-w C:\WINDOWS\system32\drivers\ezplay.sys
2008-09-11 07:52 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-10 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 13:31 --------- d-----w C:\Program Files\TimewARP 2600 Lite
2008-08-29 10:24 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-28 09:11 --------- d-----w C:\Program Files\CCleaner
2008-08-27 18:37 --------- d-----w C:\Program Files\Groove Monkee
2008-08-27 18:35 --------- d-----w C:\Program Files\DivX
2008-08-27 18:33 --------- d-----w C:\Program Files\Creative
2008-08-27 05:39 --------- d-----w C:\Program Files\Java
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-20 07:59 604 ---ha-w C:\Program Files\STLL Notifier
2007-11-28 12:49 10 ----a-w C:\Program Files\.autoreg
2007-10-16 11:18 16,768 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-10-01 12:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]
"Mobile Partner"="C:\Program Files\Mobile Partner\Mobile Partner.exe" [2008-01-29 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784]
"BigDog305"="C:\WINDOWS\VM305_STI.EXE" [2005-08-05 61440]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f4129534488]
2008-10-24 17:09 131072 C:\WINDOWS\system32\davclnt32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\System32\davclnt32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.l3acm"= l3codecp.acm
"wave1"= Digi32.dll
"midi1"= mbx2midu.dll
"MIDI2"= diomidi.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Realtek RTL8187 Wireless Network Driver and Utility\\RtWLan.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 16384]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-11-22 300544]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 97808]
S3 MBX2DFU;MBX2DFU;C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys [2007-10-31 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINDOWS\system32\drivers\mbx2midk.sys [2007-10-31 21904]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-08-04 176128]
S3 vsc32;Virtual Sound Canvas 3.2;C:\WINDOWS\system32\DRIVERS\vsc.sys [ ]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-05 391615]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12df08d3-80b1-11dd-b7ef-8c6744403b91}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12df0cc1-80b1-11dd-b7ef-8c6744403b91}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2b72c5-0c5c-11dd-8364-0019215d184a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2b72c8-0c5c-11dd-8364-0019215d184a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3345e37a-986a-11dd-bfb1-d653e5e611e7}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7147536-80be-11dd-b7f0-920584b69d3b}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99ec1f6-6e00-11dd-b791-0015af0e70e9}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99ec5db-6e00-11dd-b791-df4ced8320a5}]
\Shell\AutoRun\command - E:\AutoRun.exe
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-10 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-07-02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-10-25 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CE58B8FB-9E4A-4770-96E6-BBE9B991E9B9}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 21:54:48
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
PROSESSI: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\davclnt32.dll
.
Valmistumisajankohta: 2008-10-25 21:56:32
ComboFix-quarantined-files.txt 2008-10-25 18:56:17
ComboFix2.txt 2008-10-25 18:45:15
Ennen ajoa: 11 103 117 312 tavua vapaana
Ajon jälkeen: 11,084,566,528 tavua vapaana
230 --- E O F --- 2008-09-26 06:23:52
malware:
Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1319
Windows 5.1.2600 Service Pack 2
25.10.2008 21:06:31
mbam-log-2008-10-25 (21-06-31).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 213565
Kulunut aika: 1 hour(s), 15 minute(s), 55 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 1
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
C:\Program Files\ScanSpyware v3.8 (Rogue.ScanSpyware) -> Quarantined and deleted successfully.
Saastuneita tiedostoja:
C:\Program Files\ScanSpyware v3.8\ssdb101108.db (Rogue.ScanSpyware) -> Quarantined and deleted successfully.
|
|
miikke
Junior Member
|
26. lokakuuta 2008 @ 10:47 |
Linkki tähän viestiin
|
|
Kirjoittelen tämän toiselta koneelta kun tuo kone jossa ongelmat on tahkuilee edelleen huolella.Menee netissä milloin millekkin sivuille ja on tosi hidas toimimaan muutenkin kuin vaan netissä
|
|
jjaannee
Newbie
|
26. lokakuuta 2008 @ 12:10 |
Linkki tähän viestiin
|
|
Mulla oli sama vika pari päivää sitten. Autto ku poistin Zonealarmin ja vaihoin sygateen ja C:\WINDOWS\system32\ZoneLabs\vsmon.exe poistin nuo kaikki vsmon.exe filut vikasietotilassa, niitä löyty parista paikkaa.
Oli myös tullut joku Bonjour kansio C:\Program files\Bonjour jonka sai poistettua vikasietotilassa.
Heti kun sain nuo tehtyä suoritinkäyttö laski noin 50% ja netti sivut aukeavat paljon nopeampaa.
|
|
miikke
Junior Member
|
26. lokakuuta 2008 @ 14:07 |
Linkki tähän viestiin
|
Ilmeisesti oon jotain sössiny kun noi 020-appinit.... ja 020 winlogon... ei häipyny noitten toimenpiteiden jälkeen.Nyt tein kolmannen kerran ja nyt nekin häipy sieltä.Mutta edelleen menee ihme sivuille:(
Tässä lokit uudelleen
hijack:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:18, on 26.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iltasanomat.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///D:/setup/RiffLick.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1190715846062
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1197667823671
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7725 bytes
ComboFix 08-10-24.02 - Omistaja 2008-10-26 12:42:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1669 [GMT 2:00]
Sijainti: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: C:\Documents and Settings\Omistaja\Omat tiedostot1\tekstit\CFScript.txt
* Uusi palautuspiste luotu
VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
FILE ::
C:\WINDOWS\System32\davcint32.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-26 to 2008-10-26 )))))))))))))))))
.
2008-10-26 12:33 . 2008-10-26 12:33 0 --a------ C:\WINDOWS\system32\1608.tmp
2008-10-26 12:23 . 2008-10-26 12:23 0 --a------ C:\WINDOWS\system32\1189.tmp
2008-10-26 12:16 . 2008-10-26 12:16 0 --a------ C:\WINDOWS\system32\1186.tmp
2008-10-26 11:40 . 2008-10-26 11:40 0 --a------ C:\WINDOWS\system32\9.tmp
2008-10-25 19:37 . 2008-10-25 19:37 317,952 --ahs---- C:\WINDOWS\system32\10.tmp
2008-10-25 16:19 . 2008-10-25 16:19 0 --a------ C:\WINDOWS\system32\3061.tmp
2008-10-25 14:34 . 2008-10-25 14:34 0 --a------ C:\WINDOWS\system32\3E.tmp
2008-10-25 12:39 . 2008-10-25 12:39 317,952 --ahs---- C:\WINDOWS\system32\106C.tmp
2008-10-25 11:39 . 2008-10-25 11:39 317,952 --ahs---- C:\WINDOWS\system32\1066.tmp
2008-10-25 10:52 . 2008-10-25 10:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-25 10:39 . 2008-10-25 10:39 317,952 --ahs---- C:\WINDOWS\system32\103C.tmp
2008-10-25 10:09 . 2008-10-25 10:09 0 --a------ C:\WINDOWS\system32\7.tmp
2008-10-24 20:32 . 2008-10-24 20:32 317,952 --ahs---- C:\WINDOWS\system32\28.tmp
2008-10-24 19:32 . 2008-10-24 19:32 317,952 --ahs---- C:\WINDOWS\system32\13.tmp
2008-10-24 16:17 . 2008-10-26 08:39 4,148 --a------ C:\WINDOWS\GnuHashes.ini
2008-10-24 16:09 . 2008-10-24 16:09 <KANSIO> d--hs---- C:\WINDOWS\system32\GroupPolicyManifest
2008-10-24 16:09 . 2008-10-24 16:09 131,072 --a------ C:\WINDOWS\system32\davclnt32.dll
2008-10-24 16:09 . 2008-10-24 16:09 1,203 --ahs---- C:\WINDOWS\system32\GroupPolicy000.dat
2008-10-24 15:56 . 2005-05-01 19:01 65,536 --a------ C:\WINDOWS\system32\FastQT.dll
2008-10-24 15:22 . 2008-10-24 15:32 <KANSIO> d-------- C:\Program Files\K Media Center
2008-10-24 15:18 . 2008-10-24 15:24 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-24 15:18 . 2008-10-24 15:32 <KANSIO> d-------- C:\Program Files\Advanced Karaoke Player
2008-10-23 13:00 . 2008-10-23 13:01 <KANSIO> d-------- C:\Program Files\OkyflyPC
2008-10-22 15:48 . 2008-10-22 15:49 <KANSIO> d-------- C:\Program Files\LimeWire
2008-10-18 13:20 . 2008-10-18 13:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-10-18 08:16 . 2008-10-18 08:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-10-13 14:09 . 2008-10-13 14:09 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Grisoft
2008-10-13 14:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-10-12 16:37 . 2007-08-24 18:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-10-12 16:37 . 2007-08-24 18:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-10-12 16:36 . 2008-10-12 16:37 <KANSIO> d-------- C:\Program Files\Mobile Partner
2008-10-11 16:13 . 2008-10-11 16:13 268 --ah----- C:\sqmdata01.sqm
2008-10-11 16:13 . 2008-10-11 16:13 244 --ah----- C:\sqmnoopt01.sqm
2008-09-30 16:13 . 2008-09-30 16:13 2,291,734 --a------ C:\WINDOWS\system32\TmpA11286250
2008-09-30 09:02 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-30 09:02 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-29 17:27 . 2008-09-29 17:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Structure
2008-09-28 12:53 . 2008-10-18 08:15 <KANSIO> d-------- C:\Program Files\TVUPlayer
2008-09-26 07:51 . 2008-09-26 07:58 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 10:47 14,223,392 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-26 10:33 172,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-25 14:45 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Digidesign
2008-10-25 09:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 09:48 --------- d-----w C:\Program Files\SpywareBlaster
2008-10-25 09:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 16:36 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-10-23 16:49 1,641,984 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-10-23 16:49 1,489,408 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-10-23 11:37 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 13:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 13:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-20 15:30 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-10-19 16:12 182,784 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-10-19 16:12 1,620,992 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-10-18 13:13 1,615,872 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-10-18 13:13 1,546,240 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-10-16 12:42 1,585,664 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-10-16 12:42 1,124,352 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-10-14 13:10 --------- d-----w C:\Program Files\VstPlugins
2008-10-13 13:51 65,536 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-10-12 13:03 1,531,392 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-10-10 13:59 757,248 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-10-10 13:59 1,539,072 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-10-07 19:20 358,912 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-10-07 19:20 1,516,544 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-10-04 17:49 270,848 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-10-03 13:40 587,264 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-10-01 16:34 1,816,064 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-10-01 16:34 1,481,728 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-09-30 14:15 --------- d-----w C:\Program Files\Nomad Factory
2008-09-29 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-29 16:47 --------- d-----w C:\Program Files\IK Multimedia
2008-09-29 15:30 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\PACE Anti-Piracy
2008-09-29 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-09-29 15:27 --------- d-----w C:\Program Files\Digidesign
2008-09-28 17:08 346,624 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-09-27 11:10 68,608 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-09-27 05:34 2,670,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-09-24 10:18 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-09-24 10:07 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-24 10:07 --------- d-----w C:\Program Files\Common Files\Real
2008-09-24 09:49 --------- d-----w C:\Program Files\Zone Labs
2008-09-24 09:44 --------- d-----w C:\Program Files\Sunbelt Software
2008-09-19 13:29 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-09-19 12:33 --------- d-----w C:\Program Files\Common Files\Agnitum Shared
2008-09-19 07:47 --------- d-----w C:\Program Files\VideoLAN
2008-09-16 14:05 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-15 16:45 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Windows Search
2008-09-11 08:08 94,208 ----a-w C:\Documents and Settings\Omistaja\Application Data\ezplay.sys
2008-09-11 08:08 47,360 ----a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys
2008-09-11 08:08 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Vso
2008-09-11 08:06 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2008-09-11 07:52 94,208 ----a-w C:\WINDOWS\system32\drivers\ezplay.sys
2008-09-11 07:52 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-10 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 13:31 --------- d-----w C:\Program Files\TimewARP 2600 Lite
2008-08-29 10:24 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-28 09:11 --------- d-----w C:\Program Files\CCleaner
2008-08-27 18:37 --------- d-----w C:\Program Files\Groove Monkee
2008-08-27 18:35 --------- d-----w C:\Program Files\DivX
2008-08-27 18:33 --------- d-----w C:\Program Files\Creative
2008-08-27 05:39 --------- d-----w C:\Program Files\Java
2008-07-20 07:59 604 ---ha-w C:\Program Files\STLL Notifier
2007-11-28 12:49 10 ----a-w C:\Program Files\.autoreg
2007-10-16 11:18 16,768 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-10-01 12:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( snapshot_2008-10-26_12.23.14,20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-26 10:34:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5bc.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]
"Mobile Partner"="C:\Program Files\Mobile Partner\Mobile Partner.exe" [2008-01-29 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
"BigDog305"="C:\WINDOWS\VM305_STI.EXE" [2005-08-05 61440]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f4129534488]
2008-10-24 16:09 131072 C:\WINDOWS\system32\davclnt32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\System32\davclnt32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.l3acm"= l3codecp.acm
"wave1"= Digi32.dll
"midi1"= mbx2midu.dll
"MIDI2"= diomidi.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Realtek RTL8187 Wireless Network Driver and Utility\\RtWLan.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 16384]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-11-22 300544]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 97808]
S3 MBX2DFU;MBX2DFU;C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys [2007-10-31 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINDOWS\system32\drivers\mbx2midk.sys [2007-10-31 21904]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-08-03 176128]
S3 vsc32;Virtual Sound Canvas 3.2;C:\WINDOWS\system32\DRIVERS\vsc.sys [ ]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-05 391615]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12df08d3-80b1-11dd-b7ef-8c6744403b91}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12df0cc1-80b1-11dd-b7ef-8c6744403b91}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2b72c5-0c5c-11dd-8364-0019215d184a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2b72c8-0c5c-11dd-8364-0019215d184a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3345e37a-986a-11dd-bfb1-d653e5e611e7}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3345e706-986a-11dd-bfb1-d653e5e611e7}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7147536-80be-11dd-b7f0-920584b69d3b}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99ec1f6-6e00-11dd-b791-0015af0e70e9}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99ec5db-6e00-11dd-b791-df4ced8320a5}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-10-10 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-07-02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CE58B8FB-9E4A-4770-96E6-BBE9B991E9B9}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 12:46:39
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
PROSESSI: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\davclnt32.dll
PROSESSI: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\System32\davclnt32.dll
PROSESSI: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\davclnt32.dll
.
Valmistumisajankohta: 2008-10-26 12:50:19
ComboFix-quarantined-files.txt 2008-10-26 10:50:13
ComboFix2.txt 2008-10-26 10:23:43
ComboFix3.txt 2008-10-25 18:56:33
ComboFix4.txt 2008-10-25 18:45:15
Ennen ajoa: 10 946 863 104 tavua vapaana
Ajon jälkeen: 10,931,228,672 tavua vapaana
243 --- E O F --- 2008-09-26 06:23:52
malware:Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1321
Windows 5.1.2600 Service Pack 2
26.10.2008 12:11:23
mbam-log-2008-10-26 (12-11-23).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 213773
Kulunut aika: 1 hour(s), 10 minute(s), 2 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)
combofix:
|
AfterDawn Addict
|
26. lokakuuta 2008 @ 15:37 |
Linkki tähän viestiin
|
Älä tee tämän Fixin aikana muuta kuin mitä ehdotan jookos !!!
Mene ZoneAlarmin hallintapaneeliin.
- Sieltä Program Controll =>
- Programs
Poista kaikki ohjelmat. (terveellistä silloin tällöin)
- Hiirellä ylärivi actiiviseksi
Rullat alariville ja Sifti pohjassa klikkaat alinta riviä
Hiiren oikealla napilla => Remove
--------------------------------------------
Täältä sun kone vuotaa:
* Vanha HOSTS tiedosto poistetaan. Käynnistä kone vikasietotilaan => OHJE
Tämä C:\WINDOWS\system32\drivers\etc\HOSTS tiedosto pois
* Käynnistä koneesi normaalitilaan.
* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.
Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)
Houstiin päivitykset: Täältä
Mitä HOSTS tekee: Opas Täällä
-----------------------------------------------------
* Asenna SpywareBlaster!
SpywareBlaster estää haittaohjelmien asentumista koneelle.
Lataa: TÄÄLTÄ
Opas: TÄÄLTÄ
------------------------------------------------
Lataa Atribunen ATF Cleaner
Ohjeet;
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.[list]Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi[list]Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi[list]Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
-----------------------------------------------------
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\System32\davclnt32.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f4129534488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
----------------------------------------------
Poista ne rivit jotka on jäljellä:
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///D:/setup/RiffLick.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
*
(:)
|
|
miikke
Junior Member
|
26. lokakuuta 2008 @ 16:56 |
Linkki tähän viestiin
|
Koitin olla sohlaamatta.Spywareblaster olikin jo valmiina mulla koneella.Kohtia O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL Ei voinut ruksia,kun niitä ei ilmestynyt hijack scannin jälkeen.
Tässä hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:24, on 26.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\VM305_STI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iltasanomat.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1190715846062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1197667823671
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6340 bytes
Tässä combofix:
ComboFix 08-10-25.01 - Omistaja 2008-10-26 15:22:58.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1668 [GMT 2:00]
Sijainti: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: C:\Documents and Settings\Omistaja\Omat tiedostot1\tekstit\CFScript.doc
* Uusi palautuspiste luotu
VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-26 to 2008-10-26 )))))))))))))))))
.
2008-10-26 14:28 . 2008-10-26 15:26 241,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-26 14:28 . 2008-10-26 15:00 2,804 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-26 14:25 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-10-26 14:24 . 2008-10-26 14:24 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-10-26 13:17 . 2008-10-26 13:17 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\FastStone
2008-10-26 12:33 . 2008-10-26 12:33 0 --a------ C:\WINDOWS\system32\1608.tmp
2008-10-26 12:23 . 2008-10-26 12:23 0 --a------ C:\WINDOWS\system32\1189.tmp
2008-10-26 12:16 . 2008-10-26 12:16 0 --a------ C:\WINDOWS\system32\1186.tmp
2008-10-26 11:40 . 2008-10-26 11:40 0 --a------ C:\WINDOWS\system32\9.tmp
2008-10-25 19:37 . 2008-10-25 19:37 317,952 --ahs---- C:\WINDOWS\system32\10.tmp
2008-10-25 16:19 . 2008-10-25 16:19 0 --a------ C:\WINDOWS\system32\3061.tmp
2008-10-25 14:34 . 2008-10-25 14:34 0 --a------ C:\WINDOWS\system32\3E.tmp
2008-10-25 12:39 . 2008-10-25 12:39 317,952 --ahs---- C:\WINDOWS\system32\106C.tmp
2008-10-25 11:39 . 2008-10-25 11:39 317,952 --ahs---- C:\WINDOWS\system32\1066.tmp
2008-10-25 10:52 . 2008-10-25 10:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-25 10:39 . 2008-10-25 10:39 317,952 --ahs---- C:\WINDOWS\system32\103C.tmp
2008-10-25 10:09 . 2008-10-25 10:09 0 --a------ C:\WINDOWS\system32\7.tmp
2008-10-24 20:32 . 2008-10-24 20:32 317,952 --ahs---- C:\WINDOWS\system32\28.tmp
2008-10-24 19:32 . 2008-10-24 19:32 317,952 --ahs---- C:\WINDOWS\system32\13.tmp
2008-10-24 16:17 . 2008-10-26 08:39 4,148 --a------ C:\WINDOWS\GnuHashes.ini
2008-10-24 16:09 . 2008-10-24 16:09 <KANSIO> d--hs---- C:\WINDOWS\system32\GroupPolicyManifest
2008-10-24 16:09 . 2008-10-24 16:09 131,072 --a------ C:\WINDOWS\system32\davclnt32.dll
2008-10-24 16:09 . 2008-10-24 16:09 1,203 --ahs---- C:\WINDOWS\system32\GroupPolicy000.dat
2008-10-24 15:56 . 2005-05-01 19:01 65,536 --a------ C:\WINDOWS\system32\FastQT.dll
2008-10-24 15:22 . 2008-10-24 15:32 <KANSIO> d-------- C:\Program Files\K Media Center
2008-10-24 15:18 . 2008-10-24 15:24 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-24 15:18 . 2008-10-24 15:32 <KANSIO> d-------- C:\Program Files\Advanced Karaoke Player
2008-10-23 13:00 . 2008-10-23 13:01 <KANSIO> d-------- C:\Program Files\OkyflyPC
2008-10-22 15:48 . 2008-10-22 15:49 <KANSIO> d-------- C:\Program Files\LimeWire
2008-10-18 13:20 . 2008-10-18 13:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-10-18 08:16 . 2008-10-18 08:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-10-13 14:09 . 2008-10-13 14:09 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Grisoft
2008-10-13 14:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-10-12 16:37 . 2007-08-24 18:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-10-12 16:37 . 2007-08-24 18:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-10-12 16:36 . 2008-10-12 16:37 <KANSIO> d-------- C:\Program Files\Mobile Partner
2008-10-11 16:13 . 2008-10-11 16:13 268 --ah----- C:\sqmdata01.sqm
2008-10-11 16:13 . 2008-10-11 16:13 244 --ah----- C:\sqmnoopt01.sqm
2008-09-30 16:13 . 2008-09-30 16:13 2,291,734 --a------ C:\WINDOWS\system32\TmpA11286250
2008-09-30 09:02 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-30 09:02 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-29 17:27 . 2008-09-29 17:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Structure
2008-09-28 12:53 . 2008-10-18 08:15 <KANSIO> d-------- C:\Program Files\TVUPlayer
2008-09-26 07:51 . 2008-09-26 07:58 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 12:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 12:37 --------- d-----w C:\Program Files\SpywareBlaster
2008-10-25 14:45 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Digidesign
2008-10-25 09:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 16:36 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-10-23 11:37 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 13:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 13:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-14 13:10 --------- d-----w C:\Program Files\VstPlugins
2008-09-30 14:15 --------- d-----w C:\Program Files\Nomad Factory
2008-09-29 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-29 16:47 --------- d-----w C:\Program Files\IK Multimedia
2008-09-29 15:30 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\PACE Anti-Piracy
2008-09-29 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-09-29 15:27 --------- d-----w C:\Program Files\Digidesign
2008-09-24 10:18 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-09-24 10:07 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-24 10:07 --------- d-----w C:\Program Files\Common Files\Real
2008-09-24 09:44 --------- d-----w C:\Program Files\Sunbelt Software
2008-09-19 12:33 --------- d-----w C:\Program Files\Common Files\Agnitum Shared
2008-09-19 07:47 --------- d-----w C:\Program Files\VideoLAN
2008-09-16 14:05 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-15 16:45 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Windows Search
2008-09-11 08:08 94,208 ----a-w C:\Documents and Settings\Omistaja\Application Data\ezplay.sys
2008-09-11 08:08 47,360 ----a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys
2008-09-11 08:08 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Vso
2008-09-11 08:06 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2008-09-11 07:52 94,208 ----a-w C:\WINDOWS\system32\drivers\ezplay.sys
2008-09-11 07:52 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-10 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 13:31 --------- d-----w C:\Program Files\TimewARP 2600 Lite
2008-08-29 10:24 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-28 09:11 --------- d-----w C:\Program Files\CCleaner
2008-08-27 18:37 --------- d-----w C:\Program Files\Groove Monkee
2008-08-27 18:35 --------- d-----w C:\Program Files\DivX
2008-08-27 18:33 --------- d-----w C:\Program Files\Creative
2008-08-27 05:39 --------- d-----w C:\Program Files\Java
2008-07-20 07:59 604 ---ha-w C:\Program Files\STLL Notifier
2007-11-28 12:49 10 ----a-w C:\Program Files\.autoreg
2007-10-16 11:18 16,768 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-10-01 12:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( snapshot_2008-10-26_12.23.14,20 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-19 12:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-07-19 13:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2008-07-09 06:05:08 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
+ 2008-07-09 07:05:08 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2008-07-09 06:05:10 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2008-07-09 07:05:10 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
- 2008-07-09 06:05:22 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-07-09 07:05:22 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
- 2008-07-09 06:05:10 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2008-07-09 07:05:10 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
- 2008-07-09 06:05:10 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2008-07-09 07:05:10 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
- 2008-07-09 06:05:10 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2008-07-09 07:05:10 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
- 2008-07-09 06:05:10 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2008-07-09 07:05:10 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
- 2008-07-09 06:05:12 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2008-07-09 07:05:12 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
- 2008-07-09 06:05:12 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-07-09 07:05:12 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
- 2008-07-09 06:05:12 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2008-07-09 07:05:12 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2008-07-09 06:05:12 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2008-07-09 07:05:12 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
- 2008-07-09 06:05:12 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-07-09 07:05:12 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
- 2008-09-24 09:52:12 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-10-26 12:27:07 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2008-07-09 06:05:06 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2008-07-09 07:05:06 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
- 2007-05-30 21:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2007-05-30 22:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
- 2006-06-30 11:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2006-06-30 12:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
- 2007-05-30 21:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-30 22:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
- 2007-05-30 21:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 22:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
- 2007-05-30 21:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 22:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
- 2007-05-30 21:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 22:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
- 2007-05-30 21:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-05-30 22:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
- 2006-09-19 20:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2006-09-19 21:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
- 2007-12-03 11:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2007-12-03 12:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
- 2006-12-19 15:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2006-12-19 16:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
- 2007-05-30 21:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 22:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
- 2007-05-30 21:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 22:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
- 2007-05-30 21:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 22:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
- 2007-05-30 21:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-05-30 22:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
- 2007-12-03 11:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2007-12-03 12:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
- 2006-12-19 15:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2006-12-19 16:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
- 2008-07-09 06:05:06 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2008-07-09 07:05:06 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
- 2004-01-30 09:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2004-01-30 10:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
- 2008-07-09 06:05:08 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2008-07-09 07:05:08 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
- 2008-07-09 06:05:08 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2008-07-09 07:05:08 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
- 2008-07-09 06:05:08 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2008-07-09 07:05:08 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
- 2008-07-09 06:05:24 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-07-09 07:05:24 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
- 2008-09-24 10:11:37 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-10-26 12:51:16 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
- 2008-07-09 06:05:24 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-07-09 07:05:24 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
- 2008-07-09 06:05:24 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-07-09 07:05:24 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
- 2008-07-09 06:05:24 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-07-09 07:05:24 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
- 2008-07-09 06:06:26 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-07-09 07:06:26 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
- 2008-07-09 06:06:26 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-07-09 07:06:26 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
- 2008-02-27 00:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 01:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
- 2008-02-27 00:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2008-02-27 01:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
- 2008-07-09 06:05:08 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2008-07-09 07:05:08 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
- 2008-01-21 05:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2008-02-27 00:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2008-02-27 01:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
- 2008-02-27 00:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2008-02-27 01:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
- 2008-07-09 06:05:10 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2008-07-09 07:05:10 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
- 2008-07-09 06:06:26 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-07-09 07:06:26 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
- 2008-07-09 06:06:30 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2008-07-09 07:06:30 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
- 2006-09-04 17:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2006-09-04 18:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
- 2007-10-11 13:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-10-11 14:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
- 2008-07-09 06:05:18 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2008-07-09 07:05:18 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
- 2007-01-11 14:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-01-11 15:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
- 2008-07-09 06:05:10 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2008-07-09 07:05:10 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
- 2008-07-09 06:05:10 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2008-07-09 07:05:10 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
- 2008-07-09 06:05:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-07-09 07:05:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- 2008-07-09 06:05:10 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2008-07-09 07:05:10 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
- 2008-07-09 06:05:12 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2008-07-09 07:05:12 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
- 2008-07-09 06:05:12 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2008-07-09 07:05:12 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
- 2008-01-21 05:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
- 2008-07-09 06:05:12 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2008-07-09 07:05:12 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
- 2008-07-09 06:05:12 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2008-07-09 07:05:12 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
- 2008-07-09 06:05:14 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2008-07-09 07:05:14 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
- 2008-07-09 06:05:14 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2008-07-09 07:05:14 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
- 2008-07-09 06:05:16 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
+ 2008-07-09 07:05:16 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
+ 2008-10-26 13:07:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]
"Mobile Partner"="C:\Program Files\Mobile Partner\Mobile Partner.exe" [2008-01-29 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
"BigDog305"="C:\WINDOWS\VM305_STI.EXE" [2005-08-05 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f4129534488]
2008-10-24 16:09 131072 C:\WINDOWS\system32\davclnt32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\System32\davclnt32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.l3acm"= l3codecp.acm
"wave1"= Digi32.dll
"midi1"= mbx2midu.dll
"MIDI2"= diomidi.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Realtek RTL8187 Wireless Network Driver and Utility\\RtWLan.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 16384]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-11-22 300544]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 97808]
S3 MBX2DFU;MBX2DFU;C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys [2007-10-31 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINDOWS\system32\drivers\mbx2midk.sys [2007-10-31 21904]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-08-03 176128]
S3 vsc32;Virtual Sound Canvas 3.2;C:\WINDOWS\system32\DRIVERS\vsc.sys [ ]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-05 391615]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12df08d3-80b1-11dd-b7ef-8c6744403b91}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12df0cc1-80b1-11dd-b7ef-8c6744403b91}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2b72c5-0c5c-11dd-8364-0019215d184a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2b72c8-0c5c-11dd-8364-0019215d184a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3345e37a-986a-11dd-bfb1-d653e5e611e7}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7147536-80be-11dd-b7f0-920584b69d3b}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99ec1f6-6e00-11dd-b791-0015af0e70e9}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99ec5db-6e00-11dd-b791-df4ced8320a5}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-10-10 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-07-02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CE58B8FB-9E4A-4770-96E6-BBE9B991E9B9}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 15:26:18
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
PROSESSI: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\davclnt32.dll
PROSESSI: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\System32\davclnt32.dll
PROSESSI: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\davclnt32.dll
.
Valmistumisajankohta: 2008-10-26 15:29:55
ComboFix-quarantined-files.txt 2008-10-26 13:29:49
ComboFix2.txt 2008-10-26 10:50:20
ComboFix3.txt 2008-10-26 10:23:43
ComboFix4.txt 2008-10-25 18:56:33
ComboFix5.txt 2008-10-26 13:21:57
Ennen ajoa: 11 595 784 192 tavua vapaana
Ajon jälkeen: 11,580,665,856 tavua vapaana
357 --- E O F --- 2008-09-26 06:23:52
|
AfterDawn Addict
|
26. lokakuuta 2008 @ 18:36 |
Linkki tähän viestiin
|
|
Tee ComboFixin raahaus uudelleen se ei toiminut (ei *.DOC)
Notepadilla *.txt
=>
(:)
|
|
miikke
Junior Member
|
26. lokakuuta 2008 @ 21:34 |
Linkki tähän viestiin
|
Tässäpä uudelleen
ComboFix 08-10-25.01 - Omistaja 2008-10-26 20:07:32.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1652 [GMT 2:00]
Sijainti: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: C:\Documents and Settings\Omistaja\Omat tiedostot1\tekstit\CFScript.txt
* Uusi palautuspiste luotu
VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
FILE ::
C:\WINDOWS\System32\davclnt32.dll
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Omistaja\LOCALS~1\Temp\tmp2.tmp
C:\WINDOWS\System32\davclnt32.dll
.
---- Previous Run -------
.
C:\DOCUME~1\Omistaja\LOCALS~1\Temp\tmp2.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\System32\davclnt32.dll
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-26 to 2008-10-26 )))))))))))))))))
.
2008-10-26 14:28 . 2008-10-26 20:12 585,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-26 14:28 . 2008-10-26 20:12 6,260 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-26 14:25 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-10-26 14:24 . 2008-10-26 14:24 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-10-26 13:17 . 2008-10-26 13:17 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\FastStone
2008-10-26 12:33 . 2008-10-26 12:33 0 --a------ C:\WINDOWS\system32\1608.tmp
2008-10-26 12:23 . 2008-10-26 12:23 0 --a------ C:\WINDOWS\system32\1189.tmp
2008-10-26 12:16 . 2008-10-26 12:16 0 --a------ C:\WINDOWS\system32\1186.tmp
2008-10-26 11:40 . 2008-10-26 11:40 0 --a------ C:\WINDOWS\system32\9.tmp
2008-10-25 19:37 . 2008-10-25 19:37 317,952 --ahs---- C:\WINDOWS\system32\10.tmp
2008-10-25 16:19 . 2008-10-25 16:19 0 --a------ C:\WINDOWS\system32\3061.tmp
2008-10-25 14:34 . 2008-10-25 14:34 0 --a------ C:\WINDOWS\system32\3E.tmp
2008-10-25 12:39 . 2008-10-25 12:39 317,952 --ahs---- C:\WINDOWS\system32\106C.tmp
2008-10-25 11:39 . 2008-10-25 11:39 317,952 --ahs---- C:\WINDOWS\system32\1066.tmp
2008-10-25 10:52 . 2008-10-25 10:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-25 10:39 . 2008-10-25 10:39 317,952 --ahs---- C:\WINDOWS\system32\103C.tmp
2008-10-25 10:09 . 2008-10-25 10:09 0 --a------ C:\WINDOWS\system32\7.tmp
2008-10-24 20:32 . 2008-10-24 20:32 317,952 --ahs---- C:\WINDOWS\system32\28.tmp
2008-10-24 19:32 . 2008-10-24 19:32 317,952 --ahs---- C:\WINDOWS\system32\13.tmp
2008-10-24 16:17 . 2008-10-26 08:39 4,148 --a------ C:\WINDOWS\GnuHashes.ini
2008-10-24 16:09 . 2008-10-24 16:09 <KANSIO> d--hs---- C:\WINDOWS\system32\GroupPolicyManifest
2008-10-24 16:09 . 2008-10-24 16:09 1,203 --ahs---- C:\WINDOWS\system32\GroupPolicy000.dat
2008-10-24 15:56 . 2005-05-01 19:01 65,536 --a------ C:\WINDOWS\system32\FastQT.dll
2008-10-24 15:22 . 2008-10-24 15:32 <KANSIO> d-------- C:\Program Files\K Media Center
2008-10-24 15:18 . 2008-10-24 15:24 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-24 15:18 . 2008-10-24 15:32 <KANSIO> d-------- C:\Program Files\Advanced Karaoke Player
2008-10-23 13:00 . 2008-10-23 13:01 <KANSIO> d-------- C:\Program Files\OkyflyPC
2008-10-22 15:48 . 2008-10-22 15:49 <KANSIO> d-------- C:\Program Files\LimeWire
2008-10-18 13:20 . 2008-10-18 13:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-10-18 08:16 . 2008-10-18 08:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-10-13 14:09 . 2008-10-13 14:09 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Grisoft
2008-10-13 14:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-10-12 16:37 . 2007-08-24 18:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-10-12 16:37 . 2007-08-24 18:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-10-12 16:36 . 2008-10-12 16:37 <KANSIO> d-------- C:\Program Files\Mobile Partner
2008-10-11 16:13 . 2008-10-11 16:13 268 --ah----- C:\sqmdata01.sqm
2008-10-11 16:13 . 2008-10-11 16:13 244 --ah----- C:\sqmnoopt01.sqm
2008-09-30 16:13 . 2008-09-30 16:13 2,291,734 --a------ C:\WINDOWS\system32\TmpA11286250
2008-09-30 09:02 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-30 09:02 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-29 17:27 . 2008-09-29 17:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Structure
2008-09-28 12:53 . 2008-10-18 08:15 <KANSIO> d-------- C:\Program Files\TVUPlayer
2008-09-26 07:51 . 2008-10-26 17:30 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 18:13 661,795 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-26 14:36 71,680 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-10-26 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-26 12:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 12:37 --------- d-----w C:\Program Files\SpywareBlaster
2008-10-25 14:45 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Digidesign
2008-10-25 09:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 16:36 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-10-23 11:37 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 13:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 13:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-14 13:10 --------- d-----w C:\Program Files\VstPlugins
2008-09-30 14:15 --------- d-----w C:\Program Files\Nomad Factory
2008-09-29 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-29 16:47 --------- d-----w C:\Program Files\IK Multimedia
2008-09-29 15:30 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\PACE Anti-Piracy
2008-09-29 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-09-29 15:27 --------- d-----w C:\Program Files\Digidesign
2008-09-24 10:18 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-09-24 10:07 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-24 10:07 --------- d-----w C:\Program Files\Common Files\Real
2008-09-24 09:44 --------- d-----w C:\Program Files\Sunbelt Software
2008-09-19 12:33 --------- d-----w C:\Program Files\Common Files\Agnitum Shared
2008-09-19 07:47 --------- d-----w C:\Program Files\VideoLAN
2008-09-16 14:05 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-15 16:45 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Windows Search
2008-09-11 08:08 94,208 ----a-w C:\Documents and Settings\Omistaja\Application Data\ezplay.sys
2008-09-11 08:08 47,360 ----a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys
2008-09-11 08:08 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Vso
2008-09-11 08:06 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2008-09-11 07:52 94,208 ----a-w C:\WINDOWS\system32\drivers\ezplay.sys
2008-09-11 07:52 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-09 13:31 --------- d-----w C:\Program Files\TimewARP 2600 Lite
2008-08-29 10:24 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 09:11 --------- d-----w C:\Program Files\CCleaner
2008-08-27 18:37 --------- d-----w C:\Program Files\Groove Monkee
2008-08-27 18:35 --------- d-----w C:\Program Files\DivX
2008-08-27 18:33 --------- d-----w C:\Program Files\Creative
2008-08-27 05:39 --------- d-----w C:\Program Files\Java
2008-07-20 07:59 604 ---ha-w C:\Program Files\STLL Notifier
2007-11-28 12:49 10 ----a-w C:\Program Files\.autoreg
2007-10-16 11:18 16,768 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-10-01 12:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( snapshot_2008-10-26_15.29.27,78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-10 12:41:55 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-26 14:36:30 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-09-10 12:41:57 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-26 14:36:31 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-10 12:41:55 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-10-26 14:36:30 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-09-10 12:41:55 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-26 14:36:31 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-09-10 12:41:57 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-26 14:36:31 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-10 12:41:57 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-26 14:36:31 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-09-10 12:41:59 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-26 14:36:31 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-10 12:41:56 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-26 14:36:31 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-09-10 12:41:56 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-26 14:36:31 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-09-10 12:41:57 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-26 14:36:31 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-09-10 12:41:58 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-26 14:36:31 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-09-10 12:41:55 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-26 14:36:30 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2006-08-17 12:28:30 332,288 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-15 17:00:03 332,800 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-08-17 12:28:30 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 17:00:03 332,800 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-26 18:13:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]
"Mobile Partner"="C:\Program Files\Mobile Partner\Mobile Partner.exe" [2008-01-29 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
"BigDog305"="C:\WINDOWS\VM305_STI.EXE" [2005-08-05 61440]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.l3acm"= l3codecp.acm
"wave1"= Digi32.dll
"midi1"= mbx2midu.dll
"MIDI2"= diomidi.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Realtek RTL8187 Wireless Network Driver and Utility\\RtWLan.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 16384]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-11-22 300544]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 97808]
S3 MBX2DFU;MBX2DFU;C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys [2007-10-31 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINDOWS\system32\drivers\mbx2midk.sys [2007-10-31 21904]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-08-03 176128]
S3 vsc32;Virtual Sound Canvas 3.2;C:\WINDOWS\system32\DRIVERS\vsc.sys [ ]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-05 391615]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12df08d3-80b1-11dd-b7ef-8c6744403b91}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12df0cc1-80b1-11dd-b7ef-8c6744403b91}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2b72c5-0c5c-11dd-8364-0019215d184a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2b72c8-0c5c-11dd-8364-0019215d184a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3345e37a-986a-11dd-bfb1-d653e5e611e7}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7147536-80be-11dd-b7f0-920584b69d3b}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99ec1f6-6e00-11dd-b791-0015af0e70e9}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99ec5db-6e00-11dd-b791-df4ced8320a5}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
'Ajoitetut tehtävät'-kansion sisältö
2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CE58B8FB-9E4A-4770-96E6-BBE9B991E9B9}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 20:15:02
Windows 5.1.2600 Service Pack 2 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-10-26 20:23:27 - kone käynnistettiin uudelleen [Omistaja]
ComboFix-quarantined-files.txt 2008-10-26 18:23:21
ComboFix2.txt 2008-10-26 13:29:57
ComboFix3.txt 2008-10-26 10:50:20
ComboFix4.txt 2008-10-26 10:23:43
ComboFix5.txt 2008-10-26 16:40:10
Ennen ajoa: 11,492,143,104 tavua vapaana
Ajon jälkeen: 11,553,476,608 tavua vapaana
269 --- E O F --- 2008-10-26 14:36:35
|
AfterDawn Addict
|
26. lokakuuta 2008 @ 22:08 |
Linkki tähän viestiin
|
Hienoa nyt toimi !!!
******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
*************************************************************
Skannaa koneesi Kaspersky Online Skannerilla
* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases[*]Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
. Joko kone alkaa rauhoittumaan ???
.
(:)
|
|
miikke
Junior Member
|
27. lokakuuta 2008 @ 11:23 |
Linkki tähän viestiin
|
Tässäpä taas tietoo.Lisää vissiin pöpöjä :( Oliko tarkoitus ajaa vielä kerran se combofix?Koska kun teen tämän:Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
se kysyy suoritetaanko ohjelma.Ja kaspersky vissiin vaan näyttää pöpöt muttei poista niitä?
Ei enää menny sinne zedo sivuille mutta vähän vielä hitaalta tuntuu
hijack:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:59, on 27.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iltasanomat.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1190715846062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1197667823671
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D4D0E31-8D1B-46C8-B541-4309C76AF279}: NameServer = 195.197.54.100 195.74.0.47
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6239 bytes
kaspersky:--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 26, 2008 22:32:15
Records in database: 1349188
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
G:\
Scan statistics:
Files scanned: 193368
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:21:59
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\davclnt32.dll.vir Infected: Trojan-Downloader.Win32.Agent.alqz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\_davclnt32_.dll.zip Infected: Trojan-Downloader.Win32.Agent.alqz 2
The selected area was scanned.
|
AfterDawn Addict
|
27. lokakuuta 2008 @ 14:59 |
Linkki tähän viestiin
|
|
Et sitten tehnyt tätä => ComboFix.exe /u
Poista käsin kansio:
C:\Qoobox\
Mobile Partner ja Still-kuva hommelit
saattaa hidastella.
.
(:)
|
|
miikke
Junior Member
|
28. lokakuuta 2008 @ 08:36 |
Linkki tähän viestiin
|
|
Ensinnäkin kiitokset mr.Kalmiselle.Hyvä hermoinen mies kun jaksaa meidän puupäiden kanssa painia :)Tein nyt sen ComboFix.exe /u ja poistin C:\Qoobox\ .Kone pelittää hyvin.Työniloa
|
|
Mainos
|
|
|
AfterDawn Addict
|
28. lokakuuta 2008 @ 14:53 |
Linkki tähän viestiin
|
|
Oikein Hyvä D:
(:)
|
|
