Voisko joku tsekata tän HiJackThis lokin?:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:05, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [202794f7] rundll32.exe "C:\WINDOWS\system32\acbgagxk.dll",b
O4 - HKLM\..\Run: [BM2314a76b] Rundll32.exe "C:\WINDOWS\system32\hsyihyun.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 6966 bytes
?Kone täynnä viruksia yms.?
21
435
Vastaukset
- Fix.fix
näyttää olevan kaikkien hyvä ystävä msn virus
höystettynä vundoolla..
sitten SweetIM tuokaan ei ole mikään maailman paras ohjelma - Fix.fix
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
[url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][color=red]combofix1[/color][/url]
[url=http://subs.geekstogo.com/ComboFix.exe][color=red]combofix2[/color][/url]
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.- joku kuka ei vaan osaa
ComboFix 08-06-07.3 - Maarit 2008-06-08 12:30:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1521 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
C:\WINDOWS\BM2314a76b.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\service.exe
C:\WINDOWS\system32\aauettye.ini
C:\WINDOWS\system32\awtuuSLc.dll
C:\WINDOWS\system32\eakaqcys.dll
C:\WINDOWS\system32\FLSAdfhk.ini
C:\WINDOWS\system32\FLSAdfhk.ini2
C:\WINDOWS\system32\hrjwysfd.ini
C:\WINDOWS\system32\kxgagbca.ini
C:\WINDOWS\system32\tuvuRIxV.dll
C:\WINDOWS\system32\unmxtmdt.ini
C:\WINDOWS\system32\urqPgeEw.dll
C:\WINDOWS\system32\vtUKArOi.dll
C:\WINDOWS\ups.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-08 to 2008-06-08 )))))))))))))))))
.
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Maarit\sz.exe
2008-06-06 14:58 . 2008-06-06 20:46 49,156 --a------ C:\sz.exe
2008-06-06 14:56 . 2008-06-06 14:56 2,232 --a------ C:\sex2.exe
2008-06-06 14:55 . 2008-06-06 14:55 2,232 --a------ C:\sex22.exe
2008-05-30 22:48 . 2008-05-30 22:48 d-------- C:\Program Files\Trend Micro
2008-05-30 22:12 . 2008-05-30 22:12 60,132 --a------ C:\dcsi.exe
2008-05-30 20:59 . 2008-05-30 22:48 60,132 --a------ C:\dci.exe
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
"Windows svchost"="ups.exe" [2004-09-14 17:12 18432 C:\WINDOWS\system32\ups.exe]
"BM2314a76b"="C:\WINDOWS\system32\hsyihyun.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 12:33:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-08 12:36:15 - machine was rebooted [Maarit]
ComboFix-quarantined-files.txt 2008-06-08 09:36:11
Pre-Run: 144,333,975,552 tavua vapaana
Post-Run: 144,262,180,864 tavua vapaana
210 --- E O F --- 2008-05-30 15:44:33 - FixFix
joku kuka ei vaan osaa kirjoitti:
ComboFix 08-06-07.3 - Maarit 2008-06-08 12:30:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1521 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
C:\WINDOWS\BM2314a76b.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\service.exe
C:\WINDOWS\system32\aauettye.ini
C:\WINDOWS\system32\awtuuSLc.dll
C:\WINDOWS\system32\eakaqcys.dll
C:\WINDOWS\system32\FLSAdfhk.ini
C:\WINDOWS\system32\FLSAdfhk.ini2
C:\WINDOWS\system32\hrjwysfd.ini
C:\WINDOWS\system32\kxgagbca.ini
C:\WINDOWS\system32\tuvuRIxV.dll
C:\WINDOWS\system32\unmxtmdt.ini
C:\WINDOWS\system32\urqPgeEw.dll
C:\WINDOWS\system32\vtUKArOi.dll
C:\WINDOWS\ups.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-08 to 2008-06-08 )))))))))))))))))
.
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Maarit\sz.exe
2008-06-06 14:58 . 2008-06-06 20:46 49,156 --a------ C:\sz.exe
2008-06-06 14:56 . 2008-06-06 14:56 2,232 --a------ C:\sex2.exe
2008-06-06 14:55 . 2008-06-06 14:55 2,232 --a------ C:\sex22.exe
2008-05-30 22:48 . 2008-05-30 22:48 d-------- C:\Program Files\Trend Micro
2008-05-30 22:12 . 2008-05-30 22:12 60,132 --a------ C:\dcsi.exe
2008-05-30 20:59 . 2008-05-30 22:48 60,132 --a------ C:\dci.exe
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
"Windows svchost"="ups.exe" [2004-09-14 17:12 18432 C:\WINDOWS\system32\ups.exe]
"BM2314a76b"="C:\WINDOWS\system32\hsyihyun.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 12:33:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-08 12:36:15 - machine was rebooted [Maarit]
ComboFix-quarantined-files.txt 2008-06-08 09:36:11
Pre-Run: 144,333,975,552 tavua vapaana
Post-Run: 144,262,180,864 tavua vapaana
210 --- E O F --- 2008-05-30 15:44:33Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\sz.exe
C:\sex2.exe
C:\sex22.exe
C:\dcsi.exe
C:\dci.exe
C:\WINDOWS\system32\acbgagxk.dll
C:\WINDOWS\system32\hsyihyun.dll
Folder::
C:\Program Files\Macrogaming
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
*******
scannaa hjt:llä merkkaa paina Fix checked
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [202794f7] rundll32.exe "C:\WINDOWS\system32\acbgagxk.dll",b
O4 - HKLM\..\Run: [BM2314a76b] Rundll32.exe "C:\WINDOWS\system32\hsyihyun.dll",s
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
*********** - joku kuka ei vaan osaa
FixFix kirjoitti:
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\sz.exe
C:\sex2.exe
C:\sex22.exe
C:\dcsi.exe
C:\dci.exe
C:\WINDOWS\system32\acbgagxk.dll
C:\WINDOWS\system32\hsyihyun.dll
Folder::
C:\Program Files\Macrogaming
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
*******
scannaa hjt:llä merkkaa paina Fix checked
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [202794f7] rundll32.exe "C:\WINDOWS\system32\acbgagxk.dll",b
O4 - HKLM\..\Run: [BM2314a76b] Rundll32.exe "C:\WINDOWS\system32\hsyihyun.dll",s
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
***********ComboFix 08-06-07.3 - Maarit 2008-06-08 14:46:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1549 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maarit\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\dci.exe
C:\dcsi.exe
C:\sex2.exe
C:\sex22.exe
C:\sz.exe
C:\WINDOWS\system32\acbgagxk.dll
C:\WINDOWS\system32\hsyihyun.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\dci.exe
C:\dcsi.exe
C:\sex2.exe
C:\sex22.exe
C:\sz.exe
C:\WINDOWS\system32\sysogg.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Maarit\sz.exe
2008-05-30 22:48 . 2008-05-30 22:48 d-------- C:\Program Files\Trend Micro
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16 295,424 ----a-w C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16 150,016 ----a-w C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25 1,984 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:32:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-08 11:02:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-08 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-08 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
"Windows svchost"="ups.exe" [2004-09-14 17:12 18432 C:\WINDOWS\system32\ups.exe]
"BM2314a76b"="C:\WINDOWS\system32\hsyihyun.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 14:47:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-08 14:48:35
ComboFix-quarantined-files.txt 2008-06-08 11:48:31
ComboFix2.txt 2008-06-08 09:36:16
Pre-Run: 144,226,816,000 tavua vapaana
Post-Run: 144,217,296,896 tavua vapaana
204 --- E O F --- 2008-05-30 15:44:33 - FixFix
joku kuka ei vaan osaa kirjoitti:
ComboFix 08-06-07.3 - Maarit 2008-06-08 14:46:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1549 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maarit\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\dci.exe
C:\dcsi.exe
C:\sex2.exe
C:\sex22.exe
C:\sz.exe
C:\WINDOWS\system32\acbgagxk.dll
C:\WINDOWS\system32\hsyihyun.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\dci.exe
C:\dcsi.exe
C:\sex2.exe
C:\sex22.exe
C:\sz.exe
C:\WINDOWS\system32\sysogg.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Maarit\sz.exe
2008-05-30 22:48 . 2008-05-30 22:48 d-------- C:\Program Files\Trend Micro
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16 295,424 ----a-w C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16 150,016 ----a-w C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25 1,984 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:32:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-08 11:02:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-08 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-08 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
"Windows svchost"="ups.exe" [2004-09-14 17:12 18432 C:\WINDOWS\system32\ups.exe]
"BM2314a76b"="C:\WINDOWS\system32\hsyihyun.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 14:47:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-08 14:48:35
ComboFix-quarantined-files.txt 2008-06-08 11:48:31
ComboFix2.txt 2008-06-08 09:36:16
Pre-Run: 144,226,816,000 tavua vapaana
Post-Run: 144,217,296,896 tavua vapaana
204 --- E O F --- 2008-05-30 15:44:33Kun ottaa tekijät huomioon ;D
Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi. - joku kuka ei vaan osaa
FixFix kirjoitti:
Kun ottaa tekijät huomioon ;D
Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi.Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 839
15:56:12 8.6.2008
mbam-log-6-8-2008 (15-56-12).txt
Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 113857
Kulunut aika: 32 minute(s), 4 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 22
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\dci.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\dcsi.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\setup.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\service.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtuuSLc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvuRIxV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPgeEw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUKArOi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP129\A0030659.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP134\A0031855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP134\A0031856.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033071.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033073.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033103.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP144\A0034101.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP144\A0034102.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
E:\XMoto\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
PS. Kiitos avusta - FixFix
joku kuka ei vaan osaa kirjoitti:
Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 839
15:56:12 8.6.2008
mbam-log-6-8-2008 (15-56-12).txt
Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 113857
Kulunut aika: 32 minute(s), 4 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 22
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\dci.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\dcsi.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\setup.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\service.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtuuSLc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvuRIxV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqPgeEw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUKArOi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP129\A0030659.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP134\A0031855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP134\A0031856.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033071.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033073.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP143\A0033103.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP144\A0034101.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP144\A0034102.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
E:\XMoto\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
PS. Kiitos avustasontoo
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
*********
scannaa uusi combofix loki - joku kuka ei vaan osaa
FixFix kirjoitti:
sontoo
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK
*********
scannaa uusi combofix lokiComboFix 08-06-07.3 - Maarit 2008-06-08 17:02:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1035.18.1537 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Maarit\sz.exe
2008-05-30 22:48 . 2008-05-30 22:48 d-------- C:\Program Files\Trend Micro
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16 295,424 ----a-w C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16 150,016 ----a-w C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25 1,984 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:32:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-08 13:58:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-08 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-08 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 17:03:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-08 17:04:16
ComboFix-quarantined-files.txt 2008-06-08 14:04:11
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16
Pre-Run: 144,691,019,776 tavua vapaana
Post-Run: 144,684,883,968 tavua vapaana
185 --- E O F --- 2008-05-30 15:44:33 - FixFix
joku kuka ei vaan osaa kirjoitti:
ComboFix 08-06-07.3 - Maarit 2008-06-08 17:02:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1035.18.1537 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-06 20:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Maarit\sz.exe
2008-05-30 22:48 . 2008-05-30 22:48 d-------- C:\Program Files\Trend Micro
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-07 08:47 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16 295,424 ----a-w C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16 150,016 ----a-w C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25 1,984 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:32:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-08 13:58:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-08 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-08 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 17:03:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-08 17:04:16
ComboFix-quarantined-files.txt 2008-06-08 14:04:11
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16
Pre-Run: 144,691,019,776 tavua vapaana
Post-Run: 144,684,883,968 tavua vapaana
185 --- E O F --- 2008-05-30 15:44:33jokos se kuoli
scannaa uusi hjt.n loki - joku kuka ei vaan osaa
FixFix kirjoitti:
jokos se kuoli
scannaa uusi hjt.n lokiLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:16, on 8.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7282 bytes - FixFix
joku kuka ei vaan osaa kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:16, on 8.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7282 byteslokista puhas
Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi. - joku kuka ei vaan osaa
FixFix kirjoitti:
lokista puhas
Lataa Malwarebytes' Anti-Malware työpöydällesi.
http://www.besttechie.net/tools/mbam-setup.exe
• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
• Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
• Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
• Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi.Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 841
0:48:00 9.6.2008
mbam-log-6-9-2008 (00-48-00).txt
Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 113359
Kulunut aika: 30 minute(s), 0 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty) - FixFix
joku kuka ei vaan osaa kirjoitti:
Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 841
0:48:00 9.6.2008
mbam-log-6-9-2008 (00-48-00).txt
Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
Tarkistetut kohteet: 113359
Kulunut aika: 30 minute(s), 0 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)loki
- joku kuka ei vaan osaa
FixFix kirjoitti:
loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:11, on 9.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7228 bytes
ComboFix 08-06-07.3 - Maarit 2008-06-09 13:27:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1486 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.
2008-06-09 13:25 . 2008-06-09 13:25 d-------- C:\Program Files\Trend Micro
2008-06-09 00:15 . 2008-06-09 13:23 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 22:43 . 2008-06-08 22:43 d--h----- C:\WINDOWS\PIF
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-08 22:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Maarit\sz.exe
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 10:29 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16 295,424 ----a-w C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16 150,016 ----a-w C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25 1,984 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 15:56:15 201,323 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
2008-06-09 07:21:10 202,262 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
- 2008-06-08 09:32:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-09 07:19:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-09 07:25:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-09 07:25:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 13:29:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-09 13:30:20
ComboFix-quarantined-files.txt 2008-06-09 10:30:17
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16
Pre-Run: 144,630,288,384 tavua vapaana
Post-Run: 144,646,443,008 tavua vapaana
189 --- E O F --- 2008-05-30 15:44:33 - FixFix
joku kuka ei vaan osaa kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:11, on 9.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7228 bytes
ComboFix 08-06-07.3 - Maarit 2008-06-09 13:27:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1486 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.
2008-06-09 13:25 . 2008-06-09 13:25 d-------- C:\Program Files\Trend Micro
2008-06-09 00:15 . 2008-06-09 13:23 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 22:43 . 2008-06-08 22:43 d--h----- C:\WINDOWS\PIF
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-08 22:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Maarit\sz.exe
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 10:29 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16 295,424 ----a-w C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16 150,016 ----a-w C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25 1,984 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 15:56:15 201,323 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
2008-06-09 07:21:10 202,262 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
- 2008-06-08 09:32:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-09 07:19:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-09 07:25:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-09 07:25:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 13:29:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-09 13:30:20
ComboFix-quarantined-files.txt 2008-06-09 10:30:17
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16
Pre-Run: 144,630,288,384 tavua vapaana
Post-Run: 144,646,443,008 tavua vapaana
189 --- E O F --- 2008-05-30 15:44:33jos jotain olis piilossa...
Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää. - joku kuka ei vaan osaa
FixFix kirjoitti:
jos jotain olis piilossa...
Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.SmitFraudFix v2.323
Scan done at 13:38:44,48, ma 09.06.2008
Run from C:\Documents and Settings\Maarit\Työpöytä\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Maarit\Suosikit
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: (ZD1211B)IEEE 802.11 b g USB Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{603E5175-41B7-4818-A359-E339F98D531B}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{603E5175-41B7-4818-A359-E339F98D531B}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End - FixFix
joku kuka ei vaan osaa kirjoitti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:11, on 9.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7228 bytes
ComboFix 08-06-07.3 - Maarit 2008-06-09 13:27:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1486 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.
2008-06-09 13:25 . 2008-06-09 13:25 d-------- C:\Program Files\Trend Micro
2008-06-09 00:15 . 2008-06-09 13:23 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 22:43 . 2008-06-08 22:43 d--h----- C:\WINDOWS\PIF
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-08 22:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-06 15:03 . 2008-06-06 20:39 49,156 --a------ C:\Documents and Settings\Maarit\sz.exe
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 10:29 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16 295,424 ----a-w C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16 150,016 ----a-w C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 13:25 1,984 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 15:56:15 201,323 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
2008-06-09 07:21:10 202,262 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
- 2008-06-08 09:32:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-09 07:19:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-09 07:25:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-09 07:25:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 13:29:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-09 13:30:20
ComboFix-quarantined-files.txt 2008-06-09 10:30:17
ComboFix2.txt 2008-06-08 11:48:36
ComboFix3.txt 2008-06-08 09:36:16
Pre-Run: 144,630,288,384 tavua vapaana
Post-Run: 144,646,443,008 tavua vapaana
189 --- E O F --- 2008-05-30 15:44:33kanssa
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\Documents and Settings\Maarit\sz.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. - joku kuka ei vaan osaa
FixFix kirjoitti:
kanssa
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
[quote]
File::
C:\Documents and Settings\Maarit\sz.exe
[/quote]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.ComboFix 08-06-07.3 - Maarit 2008-06-09 13:47:45.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1474 [GMT 3:00]
Running from: C:\Documents and Settings\Maarit\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maarit\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Documents and Settings\Maarit\sz.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Maarit\sz.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 )))))))))))))))))
.
2008-06-09 13:25 . 2008-06-09 13:25 d-------- C:\Program Files\Trend Micro
2008-06-09 00:15 . 2008-06-09 13:23 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 22:43 . 2008-06-08 22:43 d--h----- C:\WINDOWS\PIF
2008-06-08 00:10 . 2008-06-08 00:15 d-------- C:\Program Files\Windows Live
2008-06-07 18:55 . 2008-06-07 18:59 d-------- C:\WINDOWS\.silabclient_store_32
2008-06-07 10:35 . 2008-06-07 10:35 d-------- C:\Documents and Settings\Maarit\Application Data\Uniblue
2008-06-07 10:29 . 2008-06-08 00:07 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-06 20:39 . 2008-06-08 22:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 20:39 . 2008-06-06 20:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-30 18:12 . 2008-05-30 18:12 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-05-30 18:12 . 2006-08-24 13:44 477,696 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2008-05-30 18:12 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-05-30 18:12 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-05-30 18:12 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-05-30 18:12 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-05-30 18:12 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-05-30 18:12 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-05-30 18:12 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-05-30 18:12 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-05-30 18:12 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2008-05-29 22:48 . 2008-05-29 22:48 d-------- C:\Documents and Settings\Maarit\Application Data\FLV Extract
2008-05-09 13:30 . 2008-05-09 13:30 d-------- C:\Documents and Settings\Maarit\Application Data\Atari
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-09 13:16 . 2008-05-09 13:16 d-------- C:\Documents and Settings\Maarit\Application Data\Leadertech
2008-05-09 13:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 10:48 --------- d-----w C:\Documents and Settings\Maarit\Application Data\uTorrent
2008-06-09 10:38 1,852 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-08 09:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 22:13 --------- d-----w C:\Documents and Settings\Maarit\Application Data\LimeWire
2008-06-06 13:36 --------- d-----w C:\Program Files\McAfee
2008-05-30 20:28 --------- d-----w C:\Documents and Settings\Maarit\Application Data\mIRC
2008-05-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-30 15:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 11:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 11:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-01 21:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-29 20:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-28 13:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Publish Providers
2008-04-28 13:51 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony
2008-04-28 13:41 --------- d-----w C:\Program Files\Sony
2008-04-28 13:37 --------- d-----w C:\Program Files\Vstplugins
2008-04-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-04-28 13:01 --------- d-----w C:\Program Files\MSBuild
2008-04-28 12:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-28 12:52 --------- d-----w C:\Documents and Settings\Maarit\Application Data\Sony Setup
2008-04-09 09:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-03 16:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 23:16 295,424 ----a-w C:\WINDOWS\system32\bwmedia1.dll
2008-03-30 23:16 150,016 ----a-w C:\WINDOWS\system32\bwmedia.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 21:30 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_12.35.59.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 15:56:15 201,323 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
2008-06-09 07:21:10 202,262 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
- 2008-06-08 09:32:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
2008-06-09 07:19:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-09 07:25:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-08 06:12:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
2008-06-09 07:25:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 10:05 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 17:12 15360]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-05-30 18:12:03 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"E:\\mIRC\\mirc.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\AoE2\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17352:TCP"= 17352:TCP:BitComet 17352 TCP
"17352:UDP"= 17352:UDP:BitComet 17352 UDP
"23002:TCP"= 23002:TCP:BitComet 23002 TCP
"23002:UDP"= 23002:UDP:BitComet 23002 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"25054:TCP"= 25054:TCP:BitComet 25054 TCP
"25054:UDP"= 25054:UDP:BitComet 25054 UDP
"26941:TCP"= 26941:TCP:BitComet 26941 TCP
"26941:UDP"= 26941:UDP:BitComet 26941 UDP
"8116:TCP"= 8116:TCP:BitComet 8116 TCP
"8116:UDP"= 8116:UDP:BitComet 8116 UDP
"16695:TCP"= 16695:TCP:BitComet 16695 TCP
"16695:UDP"= 16695:UDP:BitComet 16695 UDP
"21915:TCP"= 21915:TCP:BitComet 21915 TCP
"21915:UDP"= 21915:UDP:BitComet 21915 UDP
"19569:TCP"= 19569:TCP:BitComet 19569 TCP
"19569:UDP"= 19569:UDP:BitComet 19569 UDP
"18330:TCP"= 18330:TCP:BitComet 18330 TCP
"18330:UDP"= 18330:UDP:BitComet 18330 UDP
"16413:TCP"= 16413:TCP:BitComet 16413 TCP
"16413:UDP"= 16413:UDP:BitComet 16413 UDP
"24682:TCP"= 24682:TCP:BitComet 24682 TCP
"24682:UDP"= 24682:UDP:BitComet 24682 UDP
"22552:TCP"= 22552:TCP:BitComet 22552 TCP
"22552:UDP"= 22552:UDP:BitComet 22552 UDP
"23893:TCP"= 23893:TCP:BitComet 23893 TCP
"23893:UDP"= 23893:UDP:BitComet 23893 UDP
"19507:TCP"= 19507:TCP:BitComet 19507 TCP
"19507:UDP"= 19507:UDP:BitComet 19507 UDP
"10568:TCP"= 10568:TCP:BitComet 10568 TCP
"10568:UDP"= 10568:UDP:BitComet 10568 UDP
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 15:53]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys []
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 13:48:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Completion time: 2008-06-09 13:49:27
ComboFix-quarantined-files.txt 2008-06-09 10:49:10
ComboFix2.txt 2008-06-09 10:30:21
ComboFix3.txt 2008-06-08 11:48:36
ComboFix4.txt 2008-06-08 09:36:16
Pre-Run: 144,624,619,520 tavua vapaana
Post-Run: 144,615,800,832 tavua vapaana
195 --- E O F --- 2008-05-30 15:44:33 - FixFix
joku kuka ei vaan osaa kirjoitti:
SmitFraudFix v2.323
Scan done at 13:38:44,48, ma 09.06.2008
Run from C:\Documents and Settings\Maarit\Työpöytä\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Maarit\Suosikit
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: (ZD1211B)IEEE 802.11 b g USB Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{603E5175-41B7-4818-A359-E339F98D531B}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{603E5175-41B7-4818-A359-E339F98D531B}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» Endmites kone toimii
- tonsa92
FixFix kirjoitti:
mites kone toimii
ei hidastele ja ei käynnistäessä herjaa enää mitää, hyvin. kiitos avusta
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Tällä kertaa Marinia kadehtii Minäminä Päivärinta
Kokoomuksen tyhjäntoimittelija itkeä tuhertaa, kun kansainvälinen superstaramme ei leiki hänen kanssaan. Oikean puoluee4251859Miksi jollain jää "talvi päälle"
Huvittaa kastoa ullkona jotain vahempaa äijää joka pukeutuu edelleen kun olisi +5 astetta lämmittä vaikka on helle keli1971532- 1091421
Miksi koulut pakottavat
Lapset uimaan sekaryhmänä? Murrosikäiset tunnetusti häpeilevät vartalossa tapahtuvia muutoksia. Tulee turhia poissaoloja1731396- 451056
Suomen Pallolitto: Tasoryhmät lasten jalkapallossa - Erätauko-tilaisuus ma 20.5.2024
Tasoryhmät lasten ja nuorten jalkapallossa herättävät paljon keskustelua. Mitä tasoryhmät ovat ja mikä on niiden tarkoit0990- 63966
Mitä et hyväksy miehessä/naisessa josta olet kiinnostunut?
Itse en halua, että miehellä olisi lapsia!120938Susanne Päivärinta kirjassaan: Sannalla nousi valta päähän, Big Time!
Päivärinta toteaa ettei ole nähnyt kenenkään muuttuvan niin totaalisesti kuin Marinin, eikä siis todellakaan parempaan s91921Se katse silloin
Oli hetki, jolloin katseemme kohtasivat. Oli talvi vielä. Kerta toisensa jälkeen palaan tuohon jaettuun katseeseen. Tunt32896