combofix ja malware -logit

niin, aika monta puhdistusta on jo tehty. mitäs noi tiedostot on mitä yritetään poistaa, voiko ne alkaa leviämään? mulla on ainakin sormi jo suussa.

 

katos laitoin tohon ylös ohjetta

ne on sitä msn virusta
vielä sitä exe .. niin samaa sontaa koneella kohta lisää.

 

kaikki tehty ohjeen mukaan.

ComboFix 08-06-12.2 - Mane 2008-06-15 0:52:43.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.226 [GMT 3:00]
Running from: C:\Documents and Settings\Mane\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mane\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-14 to 2008-06-14 )))))))))))))))))
.

2008-06-13 18:52 . 2008-06-13 18:54 <KANSIO> d-------- C:\Program Files\virustorjuta_avast
2008-06-13 17:41 . 2008-06-13 17:41 <KANSIO> d-------- C:\Documents and Settings\Mane\Application Data\Uniblue
2008-06-12 19:54 . 2008-06-12 19:54 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 19:54 . 2008-06-12 19:54 <KANSIO> d-------- C:\Documents and Settings\Mane\Application Data\Malwarebytes
2008-06-12 19:54 . 2008-06-12 19:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 19:54 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-12 19:54 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 19:48 . 2008-06-12 19:48 268 --ah----- C:\sqmdata09.sqm
2008-06-12 19:48 . 2008-06-12 19:48 244 --ah----- C:\sqmnoopt09.sqm
2008-06-11 18:59 . 2008-06-11 18:59 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 18:58 . 2008-06-11 18:58 268 --ah----- C:\sqmdata08.sqm
2008-06-11 18:58 . 2008-06-11 18:58 244 --ah----- C:\sqmnoopt08.sqm
2008-06-11 18:05 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 18:05 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 07:49 . 2008-06-11 07:49 268 --ah----- C:\sqmdata07.sqm
2008-06-11 07:49 . 2008-06-11 07:49 244 --ah----- C:\sqmnoopt07.sqm
2008-06-10 22:17 . 2008-06-10 22:17 268 --ah----- C:\sqmdata06.sqm
2008-06-10 22:17 . 2008-06-10 22:17 244 --ah----- C:\sqmnoopt06.sqm
2008-06-09 23:46 . 2008-06-09 23:46 268 --ah----- C:\sqmdata05.sqm
2008-06-09 23:46 . 2008-06-09 23:46 244 --ah----- C:\sqmnoopt05.sqm
2008-06-08 23:43 . 2008-06-08 23:43 268 --ah----- C:\sqmdata04.sqm
2008-06-08 23:43 . 2008-06-08 23:43 244 --ah----- C:\sqmnoopt04.sqm
2008-06-04 19:06 . 2008-06-04 19:06 3,424 --a------ C:\is155400.exe
2008-06-03 18:37 . 2008-06-03 21:14 4,217 --a------ C:\WINDOWS\is154890.exe
2008-05-25 12:21 . 2008-05-25 12:21 268 --ah----- C:\sqmdata03.sqm
2008-05-25 12:21 . 2008-05-25 12:21 244 --ah----- C:\sqmnoopt03.sqm
2008-05-23 23:02 . 2008-05-23 23:02 268 --ah----- C:\sqmdata02.sqm
2008-05-23 23:02 . 2008-05-23 23:02 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 14:14 --------- d-----w C:\Documents and Settings\Mane\Application Data\Apple Computer
2008-06-13 15:54 --------- d-----w C:\Program Files\virustorjuta_avast
2008-06-03 15:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-10 13:11 --------- d-----w C:\Program Files\PartyGaming
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 15:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-14 15:06 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\VIRUST~1\ashDisp.exe" [2008-05-16 02:19 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-09-14 16:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 13:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-08-06 00:16 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-12 17:09:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 00:53:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 0:54:12
ComboFix-quarantined-files.txt 2008-06-14 21:54:01
ComboFix2.txt 2008-06-14 18:01:52
ComboFix3.txt 2008-06-14 14:04:35

Pre-Run: 16,228,130,816 tavua vapaana
Post-Run: 16,221,413,376 tavua vapaana

119 --- E O F --- 2008-06-12 16:51:25

 

C:\WINDOWS\is154890.exe
C:\is155400.exe

Poista noi käsin punasella merkatut

seurava vaihe formatointi

 

poistin käsin ... haluatko jonkin login?

 

ota nyt se combofix loki scannaat uuden

 

ComboFix 08-06-12.2 - Mane 2008-06-15 16:01:52.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.247 [GMT 3:00]
Running from: C:\Documents and Settings\Mane\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-15 to 2008-06-15 )))))))))))))))))
.

2008-06-15 01:10 . 2008-06-15 16:03 282,656 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-15 01:10 . 2008-06-15 15:38 4,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-15 01:08 . 2008-06-15 01:08 <KANSIO> d-------- C:\Program Files\ZoneAlarmSB
2008-06-15 01:06 . 2008-06-15 01:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-15 01:06 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-06-15 01:06 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-06-15 01:06 . 2008-06-15 01:09 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-15 01:05 . 2008-06-15 01:06 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-15 01:05 . 2008-06-15 01:05 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-06-15 01:05 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-06-15 01:05 . 2008-06-15 15:39 352,918 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-06-15 01:04 . 2008-06-15 15:57 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-06-13 18:52 . 2008-06-13 18:54 <KANSIO> d-------- C:\Program Files\virustorjuta_avast
2008-06-13 17:41 . 2008-06-13 17:41 <KANSIO> d-------- C:\Documents and Settings\Mane\Application Data\Uniblue
2008-06-12 19:54 . 2008-06-12 19:54 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 19:54 . 2008-06-12 19:54 <KANSIO> d-------- C:\Documents and Settings\Mane\Application Data\Malwarebytes
2008-06-12 19:54 . 2008-06-12 19:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 19:54 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-12 19:54 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 19:48 . 2008-06-12 19:48 268 --ah----- C:\sqmdata09.sqm
2008-06-12 19:48 . 2008-06-12 19:48 244 --ah----- C:\sqmnoopt09.sqm
2008-06-11 18:59 . 2008-06-11 18:59 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 18:58 . 2008-06-11 18:58 268 --ah----- C:\sqmdata08.sqm
2008-06-11 18:58 . 2008-06-11 18:58 244 --ah----- C:\sqmnoopt08.sqm
2008-06-11 18:05 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 18:05 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 07:49 . 2008-06-11 07:49 268 --ah----- C:\sqmdata07.sqm
2008-06-11 07:49 . 2008-06-11 07:49 244 --ah----- C:\sqmnoopt07.sqm
2008-06-10 22:17 . 2008-06-10 22:17 268 --ah----- C:\sqmdata06.sqm
2008-06-10 22:17 . 2008-06-10 22:17 244 --ah----- C:\sqmnoopt06.sqm
2008-06-09 23:46 . 2008-06-09 23:46 268 --ah----- C:\sqmdata05.sqm
2008-06-09 23:46 . 2008-06-09 23:46 244 --ah----- C:\sqmnoopt05.sqm
2008-06-08 23:43 . 2008-06-08 23:43 268 --ah----- C:\sqmdata04.sqm
2008-06-08 23:43 . 2008-06-08 23:43 244 --ah----- C:\sqmnoopt04.sqm
2008-05-25 12:21 . 2008-05-25 12:21 268 --ah----- C:\sqmdata03.sqm
2008-05-25 12:21 . 2008-05-25 12:21 244 --ah----- C:\sqmnoopt03.sqm
2008-05-23 23:02 . 2008-05-23 23:02 268 --ah----- C:\sqmdata02.sqm
2008-05-23 23:02 . 2008-05-23 23:02 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 14:14 --------- d-----w C:\Documents and Settings\Mane\Application Data\Apple Computer
2008-06-13 15:54 --------- d-----w C:\Program Files\virustorjuta_avast
2008-06-03 15:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-10 13:11 --------- d-----w C:\Program Files\PartyGaming
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 15:06 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-14_17.04.19,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 13:59:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 12:39:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-07-19 13:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-02 18:07:36 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
+ 2008-04-02 18:07:40 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2008-04-02 18:08:00 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-04-02 18:07:40 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2008-04-02 18:07:40 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2008-04-02 18:07:40 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2008-04-02 18:07:42 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2008-04-02 18:07:42 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2008-04-02 18:07:42 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-04-02 18:07:42 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2008-04-02 18:07:44 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2008-04-02 18:07:44 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-04-02 18:07:32 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-30 22:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 12:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 22:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-30 22:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 22:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 22:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 22:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-19 21:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 12:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 16:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 22:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 22:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 22:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 22:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 12:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 16:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-04-02 18:07:32 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 10:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2008-04-02 18:07:34 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2008-04-02 18:07:34 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2008-04-02 18:07:34 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2008-04-02 18:08:02 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-06-14 22:38:22 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-04-02 18:08:02 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-04-02 18:08:02 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-04-02 18:08:02 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-04-02 18:09:10 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-04-02 18:09:12 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-02-27 01:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 01:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2008-04-02 18:07:38 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-02-27 01:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2008-02-27 01:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2008-04-02 18:07:38 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2008-04-02 18:09:12 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-04-02 18:09:14 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-04 18:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 14:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2008-04-02 18:07:54 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 15:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2008-04-02 18:07:40 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2008-04-02 18:07:40 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2008-04-02 18:07:54 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-04-02 18:07:40 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2008-04-02 18:07:42 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2008-04-02 18:07:42 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2008-04-02 18:07:44 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2008-04-02 18:07:44 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2008-04-02 18:07:46 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2008-04-02 18:07:46 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2008-06-15 12:39:25 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_664.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-06-15 01:08 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-06-15 01:08 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\VIRUST~1\ashDisp.exe" [2008-05-16 02:19 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-09-14 16:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 13:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-08-06 00:16 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-12 17:09:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 16:03:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 16:04:38
ComboFix-quarantined-files.txt 2008-06-15 13:04:34
ComboFix2.txt 2008-06-14 21:54:13
ComboFix3.txt 2008-06-14 18:01:52
ComboFix4.txt 2008-06-14 14:04:35

Pre-Run: 16,058,376,192 tavua vapaana
Post-Run: 16,086,188,032 tavua vapaana

211 --- E O F --- 2008-06-12 16:51:25

 

Kunnossa.