Ei voi tarkistaa scannereilla

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by hytti, Aug 13, 2008.

  1. hytti

    hytti Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    11
    Hei.
    Koneessani jotain häikkää. En voi suorittaa virustarkistusta avastilla, niin että kaikki tiedostot tarkistettaisiin. Avast jökkää kesken scannauksen ja se pitää sammuttaa tehtävienhallinnan kautta. Samoin Ad-Aware:lla ei voi tehdä full scannia, jökkää kesken kaiken, mutta Ad-Awaren smart scan menee loppuun eikä koskaan ole löytänyt "örkkejä".
    spybot käy konetta läpi tosi kauan eikä ole löytänyt vikaa. Rekisterin ole puhdistanut säännöllisesti.
    Laitan oheen hijackthis lokin.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:42:14, on 13.8.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ZyXEL NPS-520 Utility\ServoApp.exe
    C:\Program Files\ZyXEL NPS-520 Utility\MFPAgent.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=76340&PartnerID=105&LegitCheckError=3
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\ZyXEL NPS-520 Utility\ServoApp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\ZyXEL NPS-520 Utility\MFPAgent.exe"
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.microsoft.net
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 7725 bytes




    Sain aikaisemmin apua tässä keskustelussa, joka jäi minulta itseltä kesken, ongelman ratkettua "itsekseen"
    http://keskustelu.afterdawn.com/thread_view.cfm/672962

    Yritin nyt skannata Malwarebytes'Anti-Malware ohjelmalla mutta myös se lopetti skannuksen kesken.
    SDFix sen sijaan onnistui ja sen loki tässä.


    SDFix: Version 1.215
    Run by Yll„pito on ke 13.08.2008 at 16:34

    Microsoft Windows XP [versio 5.1.2600]
    Running From: C:\Documents and Settings\Yll„pito\Ty”p”yt„\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-13 16:37:20
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "D:\\ASENNUSP\\UTORRENT.EXE"="D:\\ASENNUSP\\UTORRENT.EXE:*:Enabled:æTorrent"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
    "C:\\Documents and Settings\\abis\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Documents and Settings\\abis\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :



    Files with Hidden Attributes :

    Sun 1 Jun 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

    Finished!

    Teen vielä tuon compofixin ja laitan sen kohta jatkoksi.

    Kiitos suuri jos joku osaa auttaa.
     
    hytti, Aug 13, 2008
    #1
  2. hytti

    hytti Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    11
    Tässä combofix loki.

    ComboFix 08-08-12.01 - Ylläpito 2008-08-13 17:02:44.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.1534 [GMT 3:00]
    Running from: C:\Documents and Settings\Ylläpito\Työpöytä\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Jonni\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\WINDOWS\system32\Config.ini

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-13 to 2008-08-13 )))))))))))))))))
    .

    2008-08-13 16:34 . 2008-08-13 16:34 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-08-13 16:33 . 2008-08-13 16:33 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2008-08-13 16:12 . 2008-08-13 16:12 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-13 16:12 . 2008-08-13 16:12 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\Malwarebytes
    2008-08-13 16:12 . 2008-08-13 16:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-13 16:12 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-13 16:12 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-13 15:54 . 2008-08-13 15:56 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-13 08:18 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-13 08:18 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-11 19:11 . 2008-08-11 19:11 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\vlc
    2008-08-11 19:10 . 2008-08-11 19:10 <KANSIO> d-------- C:\Documents and Settings\abis\Application Data\vlc
    2008-08-11 19:06 . 2008-08-11 19:06 <KANSIO> d-------- C:\Program Files\VideoLAN
    2008-08-08 13:48 . 2008-08-13 12:30 <KANSIO> d-------- C:\Downloads
    2008-08-08 13:48 . 2008-08-08 14:27 <KANSIO> d-------- C:\Bases
    2008-08-08 13:47 . 2008-08-08 13:47 <KANSIO> d-------- C:\Kaspersky
    2008-08-02 12:46 . 2008-08-02 12:46 <KANSIO> d-------- C:\Documents and Settings\abis\Application Data\GARMIN
    2008-08-01 15:11 . 2008-08-01 15:11 <KANSIO> d-------- C:\Documents and Settings\Virpi\Application Data\Comodo
    2008-07-22 09:14 . 2003-08-29 12:09 196,608 -ra------ C:\WINDOWS\system32\hpbvnstp.dll
    2008-07-22 09:14 . 2003-08-29 12:09 212 -ra------ C:\WINDOWS\system32\hpbvnstp.dat
    2008-07-22 08:54 . 2008-07-22 08:54 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\GARMIN
    2008-07-22 08:54 . 2008-07-22 08:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GARMIN
    2008-07-22 08:44 . 2008-07-22 08:46 46,333 --a------ C:\WINDOWS\hplj1010.hi2
    2008-07-22 08:44 . 2008-07-22 08:46 4,089 --a------ C:\WINDOWS\hplj1010.bu2
    2008-07-21 13:42 . 2008-07-21 14:35 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
    2008-07-21 12:59 . 2008-07-21 12:59 <KANSIO> d-------- C:\Program Files\Common Files\Skype
    2008-07-21 12:59 . 2008-07-21 13:15 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\Skype
    2008-07-19 10:50 . 2008-07-19 10:50 <KANSIO> d-------- C:\Documents and Settings\abis\Application Data\Comodo
    2008-07-19 10:33 . 2008-07-19 10:33 <KANSIO> d-------- C:\Documents and Settings\Ylläpito\Application Data\Comodo
    2008-07-19 10:33 . 2008-07-19 10:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
    2008-07-19 10:31 . 2008-06-03 19:09 223 --a------ C:\boot.ini.comodofirewall
    2008-07-19 10:30 . 2008-07-19 10:30 <KANSIO> d-------- C:\Program Files\Comodo
    2008-07-17 11:51 . 2008-07-17 11:51 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
    2008-07-17 11:51 . 2008-07-17 11:51 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
    2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
    2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
    2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
    2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
    2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
    2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
    2008-07-17 11:50 . 2008-07-17 11:51 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
    2008-07-17 11:50 . 2008-07-17 11:51 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
    2008-07-17 11:50 . 2008-05-17 13:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
    2008-07-17 11:50 . 2008-05-17 13:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
    2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
    2008-07-17 11:50 . 2008-05-17 21:43 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
    2008-07-17 11:50 . 2008-07-17 11:51 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
    2008-07-17 11:35 . 2008-07-17 11:36 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-13 08:08 --------- d-----w C:\Documents and Settings\abis\Application Data\uTorrent
    2008-08-11 16:11 --------- d-----w C:\Documents and Settings\Ylläpito\Application Data\vlc
    2008-08-11 16:10 --------- d-----w C:\Documents and Settings\abis\Application Data\vlc
    2008-07-22 07:42 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
    2008-07-21 10:03 --------- d-----w C:\Documents and Settings\abis\Application Data\Skype
    2008-07-21 10:02 --------- d-----w C:\Documents and Settings\abis\Application Data\skypePM
    2008-07-21 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-07-21 09:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-21 09:48 --------- d-----w C:\Program Files\SpywareBlaster
    2008-07-19 07:50 --------- d-----w C:\Documents and Settings\Ylläpito\Application Data\uTorrent
    2008-07-18 16:55 --------- d-----w C:\Documents and Settings\Ylläpito\Application Data\U3
    2008-07-17 08:08 --------- d-----w C:\Program Files\Skype
    2008-07-16 10:32 20,501,962 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_16_13_12_30_full.dmp.zip
    2008-07-16 09:47 20,191,409 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_15_14_20_00_full.dmp.zip
    2008-07-14 19:22 20,195,386 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_14_15_15_37_full.dmp.zip
    2008-07-12 09:24 56 ---ha-w C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-04 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-04 14:36 --------- d-----w C:\Program Files\ZyXEL NPS-520 Utility
    2008-06-30 19:18 --------- d-----w C:\Program Files\CDBurnerXP
    2008-06-30 18:32 --------- d-----w C:\Documents and Settings\Ylläpito\Application Data\Ahead
    2008-06-30 18:25 --------- d-----w C:\Documents and Settings\abis\Application Data\Ahead
    2008-06-30 18:08 --------- d-----w C:\Documents and Settings\abis\Application Data\123 Free Solitaire
    2008-06-26 18:05 --------- d-----w C:\Documents and Settings\abis\Application Data\Media Player Classic
    2008-06-26 08:54 --------- d-----w C:\Program Files\MSXML 4.0
    2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock(2)(2).dll
    2008-06-20 17:47 147,968 ----a-w C:\WINDOWS\system32\dnsapi(2)(2).dll
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:34 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 08:22 --------- d-----w C:\Documents and Settings\abis\Application Data\Nokia Multimedia Player
    2008-06-14 08:19 --------- d-----w C:\Documents and Settings\abis\Application Data\Nokia
    2008-06-14 08:18 --------- d-----w C:\Documents and Settings\abis\Application Data\PC Suite
    2008-06-01 19:00 691,545 ----a-w C:\WINDOWS\unins000.exe
    2008-05-17 11:11 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-04-29 06:36 208896]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 17:38 78008]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 09:15 208896]
    "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 10:37 69632]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 19:43 81920]
    "Server Application for MFP Server"="C:\Program Files\ZyXEL NPS-520 Utility\ServoApp.exe" [2006-09-14 17:46 417792]
    "MFP Server Agent"="C:\Program Files\ZyXEL NPS-520 Utility\MFPAgent.exe" [2006-10-31 18:38 1675264]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-07-19 10:30 1115728]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 19:43 8466432]
    "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16:52 16861184 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]

    C:\Documents and Settings\Yll„pito\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2008-04-14 19:12 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-06-28 19:43 8466432 C:\WINDOWS\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
    "C:\\Documents and Settings\\abis\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13364:UDP"= 13364:UDP:print Server Utility
    "13621:UDP"= 13621:UDP:MFP Bot Utility
    "13878:UDP"= 13878:UDP:MFP Agent
    "14135:UDP"= 14135:UDP:MFP Driver
    "14135:TCP"= 14135:TCP:MFP Driver
    "13107:UDP"= 13107:UDP:print Server Utility
    "69:UDP"= 69:UDP:print Server Utility

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
    R2 ALIWEHCD;MFP Server Enhanced Controller;C:\WINDOWS\system32\Drivers\mfpec.sys [2006-09-12 14:33]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
    R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]
    R3 WUSBVBus;MFP Server Detector;C:\WINDOWS\system32\DRIVERS\mfpvbus.sys [2006-08-03 16:52]
    S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87c6deac-2508-11dd-a571-0019dbcfc59c}]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    *Newly Created Service* - PROCEXP90
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Ylläpito\Application Data\Mozilla\Firefox\Profiles\mb5ukbnc.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://iltasanomat.fi/


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-13 17:03:53
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-08-13 17:04:25
    ComboFix-quarantined-files.txt 2008-08-13 14:04:23

    Pre-Run: 167,760,445,440 tavua vapaana
    Post-Run: 167,889,600,512 tavua vapaana

    196 --- E O F --- 2008-08-13 12:56:44
     
    hytti, Aug 13, 2008
    #2

Share This Page