Mesevirus+muuta+hjt logi

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

Uusi loki:

ComboFix 08-06-01.6 - NOORA 2008-06-07 23:41:17.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.275 [GMT 3:00]
Running from: C:\Documents and Settings\NOORA\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\NOORA\Työpöytä\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\is154890.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\is154890.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-03 05:40 . 2008-06-03 05:40 <KANSIO> dr------- C:\Documents and Settings\NetworkService\Suosikit
2008-06-03 05:33 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-06-03 05:33 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-06-03 05:33 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-06-03 05:33 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-06-03 05:32 . 2008-06-03 05:32 <KANSIO> d-------- C:\Program Files\Sygate
2008-06-03 05:31 . 2008-06-03 05:31 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 01:01 . 2008-06-03 01:01 104,078 --a------ C:\WINDOWS\sb.exe
2008-06-02 22:31 . 2008-06-02 22:31 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 20:37 . 2008-06-02 20:37 <KANSIO> d-------- C:\Documents and Settings\NOORA\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-06-03 19:15 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 20:36 . 2008-06-02 20:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 20:36 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 20:36 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 18:36 . 2008-06-02 18:36 <KANSIO> d-------- C:\SAV32CLI
2008-06-02 06:27 . 2008-06-02 06:27 1,438,932 --a------ C:\SDFix.exe
2008-06-02 05:14 . 2008-06-02 05:14 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-24 15:44 . 2008-05-24 15:44 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-05-16 06:04 . 2008-06-07 09:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 06:04 . 2008-05-16 06:04 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 20:13 --------- d-----w C:\Program Files\StepMania
2008-06-07 06:31 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-06-07 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-06-05 16:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-02 03:34 --------- d-----w C:\Program Files\Webteh
2008-05-30 21:21 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Skype
2008-05-30 21:02 --------- d-----w C:\Documents and Settings\NOORA\Application Data\skypePM
2008-05-24 16:52 --------- d-----w C:\Program Files\Sonera Tietoturva
2008-05-24 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-24 16:44 --------- d-----w C:\Program Files\Symantec
2008-05-24 16:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-03 14:31 --------- d-----w C:\Program Files\Safari
2008-05-03 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 15:11 --------- d-----w C:\Program Files\Maxis
2008-04-13 00:38 --------- d-----w C:\Program Files\iTunes
2008-04-13 00:36 --------- d-----w C:\Program Files\iPod
2008-04-13 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 00:23 --------- d-----w C:\Program Files\QuickTime
2008-04-09 18:37 --------- d-----w C:\Documents and Settings\NOORA\Application Data\Uniblue
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-18 18:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-22 19:45 9,367 -c--a-w C:\Program Files\INSTALL.LOG
2005-03-07 19:57 81,136 -c--a-w C:\Documents and Settings\NOORA\Application Data\GDIPFONTCACHEV1.DAT
2005-03-06 18:17 81,136 -c--a-w C:\Documents and Settings\SANNA\Application Data\GDIPFONTCACHEV1.DAT
2005-02-22 15:16 81,136 -c--a-w C:\Documents and Settings\Niinan\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 10:28 34,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 11:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2001-09-28 14:00 164,864 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-06-03_17.57.17,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 14:18:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 06:29:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 16:55:51 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-06-05 16:14:54 2,022 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{86B73F86-8EEE-4FE1-8100-8973487B6E11}.bin
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-07 06:31:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_718.dat
+ 2008-06-07 06:30:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat
+ 2006-06-05 11:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 11:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 11:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 19:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 19:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 23:19 835654 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-03 12:41 1385472]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-03-12 22:43 81920]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-10-30 13:16 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 22:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 22:39 455168]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe" [2007-10-08 09:21 55856]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

C:\Documents and Settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-07-07 02:20:40 233472]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-02-06 11:33:07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20767:TCP"= 20767:TCP:BitComet 20767 TCP
"20767:UDP"= 20767:UDP:BitComet 20767 UDP

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 aswArKrn;aswArKrn;C:\DOCUME~1\NOORA\LOCALS~1\Temp\aswArKrn.sys []
S3 dtvBDADEV;Digital TV stick USB 2.0 BDA;C:\WINDOWS\system32\Drivers\dtvbdadrv.sys [2005-07-21 20:50]
S3 dtvLOAD;Digital TV stick Firmware Loader;C:\WINDOWS\system32\DRIVERS\dtvloadp.sys [2005-07-21 20:20]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 10:36]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 09:15]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-06 08:22:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 20:37:22 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-07 10:56:16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8AA3B8F-2A61-48FD-875B-AB8056345360}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 23:46:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware hqtray"="\"C:\\Program Files\\VMware\\VMware Player\\hqtray.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-07 23:51:32
ComboFix-quarantined-files.txt 2008-06-07 20:50:33
ComboFix2.txt 2008-06-07 07:52:50
ComboFix3.txt 2008-06-06 04:13:50
ComboFix4.txt 2008-06-05 15:40:40
ComboFix5.txt 2008-06-03 14:57:36

Pre-Run: 3,985,526,784 tavua vapaana
Post-Run: 3,984,891,904 tavua vapaana

223 --- E O F --- 2008-05-28 04:11:54

 

Loki ok..