Avast varoittaa hyökkäyksestä

Olisiko koneessa virus kun avastilta tulee monta kertaa päivässä tälläinen?


Hjt logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:30, on 19.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Comodo\Firewall\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\anysee\anysee-E30Plus\anysee_T.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [anysee_TR] F:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech tuoterekisteröinti.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218907550203
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - F:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5078 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

=================

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=============

Tuo ip osoite viittaa elisaan

 

ComboFix 08-08-18.05 - Mikko 2008-08-19 17:58:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1360 [GMT 3:00]
Running from: F:\temp\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))
.

2008-08-18 12:57 . 2008-08-18 12:57 268 --ah----- C:\sqmdata11.sqm
2008-08-18 12:57 . 2008-08-18 12:57 244 --ah----- C:\sqmnoopt11.sqm
2008-08-17 21:47 . 2008-08-17 21:47 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-17 19:49 . 2008-08-17 19:49 268 --ah----- C:\sqmdata10.sqm
2008-08-17 19:49 . 2008-08-17 19:49 244 --ah----- C:\sqmnoopt10.sqm
2008-08-17 19:36 . 2008-08-17 19:36 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-08-17 19:36 . 2008-08-17 19:36 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-08-17 19:29 . 2008-08-17 19:29 268 --ah----- C:\sqmdata09.sqm
2008-08-17 19:29 . 2008-08-17 19:29 244 --ah----- C:\sqmnoopt09.sqm
2008-08-17 17:54 . 2008-08-19 16:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 16:28 . 2008-08-17 16:28 268 --ah----- C:\sqmdata08.sqm
2008-08-17 16:28 . 2008-08-17 16:28 244 --ah----- C:\sqmnoopt08.sqm
2008-08-17 16:23 . 2008-08-17 16:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-08-17 16:20 . 2008-08-17 16:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-08-17 16:10 . 2008-08-17 16:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-08-17 16:10 . 2008-08-17 16:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-08-17 16:04 . 2008-08-17 16:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-08-17 16:04 . 2008-08-17 16:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-17 14:14 . 2008-08-17 14:14 <DIR> d-------- C:\Program Files\Bonjour
2008-08-17 14:07 . 2008-08-17 14:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-17 14:06 . 2008-08-17 14:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-17 13:43 . 2008-08-17 13:43 <DIR> d-------- C:\Documents and Settings\Mikko\Application Data\Leadertech
2008-08-17 13:43 . 2008-08-17 13:43 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-17 13:43 . 2008-08-17 13:43 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-08-17 13:42 . 2008-08-17 13:42 <DIR> d-------- C:\Program Files\Logitech
2008-08-17 13:42 . 2008-08-17 13:43 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-08-17 13:42 . 2008-08-17 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-08-17 13:36 . 2008-08-17 13:36 268 --ah----- C:\sqmdata07.sqm
2008-08-17 13:36 . 2008-08-17 13:36 244 --ah----- C:\sqmnoopt07.sqm
2008-08-17 13:14 . 2008-08-17 13:14 268 --ah----- C:\sqmdata06.sqm
2008-08-17 13:14 . 2008-08-17 13:14 244 --ah----- C:\sqmnoopt06.sqm
2008-08-17 13:08 . 2008-08-17 13:08 <DIR> d-------- C:\Program Files\CyberLink
2008-08-17 13:08 . 2004-07-12 22:05 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-08-17 13:05 . 2008-08-17 13:05 268 --ah----- C:\sqmdata05.sqm
2008-08-17 13:05 . 2008-08-17 13:05 244 --ah----- C:\sqmnoopt05.sqm
2008-08-17 12:04 . 2008-08-17 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-17 11:50 . 2008-08-17 11:51 <DIR> d-------- C:\Program Files\NCH Software
2008-08-17 11:50 . 2008-08-17 11:50 <DIR> d-------- C:\Documents and Settings\Mikko\Application Data\NCH Software
2008-08-17 11:50 . 2008-08-17 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-08-17 10:47 . 2008-08-17 10:47 268 --ah----- C:\sqmdata04.sqm
2008-08-17 10:47 . 2008-08-17 10:47 244 --ah----- C:\sqmnoopt04.sqm
2008-08-17 10:40 . 2008-08-17 19:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-17 10:39 . 2008-08-17 10:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-17 10:39 . 2008-08-17 19:33 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-17 10:37 . 2008-08-17 10:37 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-17 10:19 . 2008-08-17 10:19 268 --ah----- C:\sqmdata03.sqm
2008-08-17 10:19 . 2008-08-17 10:19 244 --ah----- C:\sqmnoopt03.sqm
2008-08-17 00:53 . 2008-08-17 18:59 60,416 --a------ C:\WINDOWS\system32\antiwpa.dll
2008-08-17 00:53 . 2005-09-18 01:32 5,376 --a------ C:\WINDOWS\system32\antiwpa.dllA1CB6F
2008-08-17 00:45 . 2008-08-17 00:45 268 --ah----- C:\sqmdata02.sqm
2008-08-17 00:45 . 2008-08-17 00:45 244 --ah----- C:\sqmnoopt02.sqm
2008-08-17 00:39 . 2008-08-18 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-17 00:39 . 2008-08-17 00:39 268 --ah----- C:\sqmdata01.sqm
2008-08-17 00:39 . 2008-08-17 00:39 244 --ah----- C:\sqmnoopt01.sqm
2008-08-17 00:37 . 2008-03-30 09:06 332,672 --a------ C:\WINDOWS\system32\wgatray.exe.bak
2008-08-17 00:37 . 2008-03-30 09:06 200,064 --a------ C:\WINDOWS\system32\wgalogon.dll.bak
2008-08-16 21:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-16 21:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-16 20:41 . 2008-08-16 20:41 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-08-16 20:41 . 2008-08-16 20:41 268 --ah----- C:\sqmdata00.sqm
2008-08-16 20:41 . 2008-08-16 20:41 244 --ah----- C:\sqmnoopt00.sqm
2008-08-16 20:37 . 2008-08-18 19:20 <DIR> d-------- C:\Documents and Settings\Mikko\Contacts
2008-08-16 20:36 . 2008-08-16 20:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-16 20:35 . 2008-08-16 20:36 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-16 20:34 . 2008-08-16 20:36 <DIR> d-------- C:\Program Files\Windows Live
2008-08-16 20:34 . 2008-08-16 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 20:24 . 2008-06-13 14:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-16 20:24 . 2008-06-13 14:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-16 19:49 . 2008-08-17 10:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-16 19:49 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-16 19:48 . 2008-06-23 19:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-16 19:48 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-16 19:48 . 2007-03-08 08:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-16 19:48 . 2008-06-23 19:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-16 19:48 . 2008-06-23 19:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-16 19:48 . 2008-06-23 19:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-16 19:48 . 2008-06-23 19:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-16 19:48 . 2008-06-23 19:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-16 19:48 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-16 18:07 . 2008-08-16 18:21 <DIR> d-------- C:\Program Files\COMODO
2008-08-16 18:07 . 2008-08-16 18:07 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-08-16 18:06 . 2008-08-16 18:06 <DIR> d-------- C:\Documents and Settings\Mikko\Application Data\Comodo
2008-08-16 18:06 . 2008-08-16 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-16 18:06 . 2008-08-16 18:06 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-16 18:06 . 2008-08-16 18:06 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-16 18:06 . 2008-08-16 18:06 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-16 17:58 . 2001-08-23 15:00 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20278.nls
2008-08-16 17:58 . 2001-08-23 15:00 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1143.nls
2008-08-16 17:58 . 2001-08-23 15:00 66,082 --a------ C:\WINDOWS\system32\c_20278.nls
2008-08-16 17:58 . 2001-08-23 15:00 66,082 --a------ C:\WINDOWS\system32\c_1143.nls
2008-08-16 17:58 . 2008-08-16 17:58 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-08-16 17:51 . 2008-04-14 08:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-16 17:51 . 2001-08-17 16:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-08-16 17:50 . 2008-04-14 08:42 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-08-16 17:50 . 2008-04-14 03:10 57,600 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-08-16 17:48 . 2001-08-23 15:00 176,157 --a--c--- C:\WINDOWS\system32\dllcache\dgrpsetu.dll
2008-08-16 17:47 . 2008-08-19 14:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-08-16 17:47 . 2008-08-17 14:15 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-08-16 17:45 . 2008-08-16 15:19 <DIR> d--h----- C:\Documents and Settings\Default User
2008-08-16 17:45 . 2008-08-16 15:18 <DIR> d-------- C:\Documents and Settings\All Users
2008-08-16 17:45 . 2008-08-17 16:04 <DIR> d-------- C:\Documents and Settings
2008-08-16 17:27 . 2008-08-16 15:27 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-08-16 17:19 . 2008-08-16 17:20 <DIR> d-------- C:\Documents and Settings\Mikko\Application Data\Auslogics
2008-08-16 17:06 . 2008-08-16 17:06 <DIR> d-------- C:\Program Files\Common Files\IviSDK
2008-08-16 17:06 . 2008-08-16 17:06 <DIR> d-------- C:\Program Files\anysee
2008-08-16 17:05 . 2008-08-16 17:05 <DIR> d-------- C:\Documents and Settings\Mikko\Application Data\vlc
2008-08-16 17:03 . 2008-08-16 17:03 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 15:00 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Skype
2008-08-19 13:03 --------- d-----w C:\Documents and Settings\Mikko\Application Data\skypePM
2008-08-18 12:20 --------- d-----w C:\Documents and Settings\Mikko\Application Data\uTorrent
2008-08-17 13:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
2008-08-17 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 14:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-16 14:05 --------- d-----w C:\Documents and Settings\Mikko\Application Data\vlc
2008-08-16 13:32 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-16 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-16 13:32 --------- d-----r C:\Program Files\Skype
2008-08-16 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-16 13:09 --------- d-----w C:\Program Files\Realtek
2008-08-16 13:00 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-16 12:55 --------- d-----w C:\Documents and Settings\Mikko\Application Data\InstallShield
2008-08-16 12:34 --------- d-----w C:\Program Files\Alwil Software
2008-08-16 12:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 06:42 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 17:38 78008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"anysee_TR"="F:\Program Files\anysee\anysee-E30Plus\anysee_TR.exe" [2007-09-20 09:45 1330688]
"COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\cfp.exe" [2008-08-16 18:06 1655552]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 15:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 17:39 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:42 15360]

C:\Documents and Settings\Mikko\Start Menu\Programs\Startup\
Logitech tuoterekister”inti.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2007-08-02 11:49:24 2979080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 18:13:06 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2008-08-17 18:59 60416 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\uTorrent\\uTorrent.exe"=
"F:\\srcds\\orangebox\\srcds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AMTBDA_P861F;anysee Capture Service;C:\WINDOWS\system32\DRIVERS\anyseeTU.SYS [2007-07-24 11:51]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-16 18:06]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-16 18:06]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15676f3e-6b9a-11dd-a6b6-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mikko\Application Data\Mozilla\Firefox\Profiles\pfrr1fhg.default\
FF -: plugin - F:\Program Files\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 18:00:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Mikko\LOCALS~1\Temp\RGI86.tmp 7075 bytes
C:\Documents and Settings\Mikko\Application Data\Skype\cuemanne\main.db-journal

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-08-19 18:01:21
ComboFix-quarantined-files.txt 2008-08-19 15:01:07

Pre-Run: 70,919,241,728 bytes free
Post-Run: 70,925,996,032 bytes free

221 --- E O F --- 2008-08-17 16:09:16

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.