TR/Vundo.Gen , mljjgdd.dll, geeby.dll ... (ainakin oli)

poomer5 · Dec 6, 2007

TR/Vundo.Gen <-tollasia ja vastaavia koneella pyöri.

Viittasi mm. tiedostoihin mljjgdd.dll / geeby.dll / pmkhf.dll / a0222154.dll / a0222157.dll

Puuhastelin ja putsailin. AntiVir ei nyt enää loppujen lopuksi kitise.

Jäiköhän jotain tai onko logi muutoin ok ? Kiitos

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:51:57, on 6.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\SatuA\Työpöytä\Virus ohjelmat\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136656772015
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136657454203
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O20 - Winlogon Notify: awtst - C:\WINDOWS\
O20 - Winlogon Notify: mljge - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\skutjwit.exe (file missing)
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\Imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8831 bytes

Shulender · Dec 6, 2007

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

poomer5 · Dec 6, 2007

Tässä Combo:

ComboFix 07-12-02.7 - SatuA 2007-12-06 23:45:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.656 [GMT 2:00]
Running from: C:\Documents and Settings\SatuA\Työpöytä\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\check_LSA7.txt
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\.protected
C:\Documents and Settings\SatuA\Application Data\inst.exe
C:\Documents and Settings\SatuA\Käynnistä-valikko\Ohjelmat\Käynnistys\.protected
C:\Program Files\MyWebSearch
C:\WINDOWS\.protected
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\drvgidr.dll
C:\WINDOWS\system32\drvgokr.dll
C:\WINDOWS\system32\drvsoxr.dll
C:\WINDOWS\system32\drvzonr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-11-06 to 2007-12-06 )))))))))))))))))
.

2007-12-06 14:52 . 2007-12-06 14:52 <KANSIO> d-------- C:\Program Files\Avira
2007-12-06 14:50 . 2007-12-06 15:00 143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp
2007-12-05 16:55 . 2007-12-05 16:55 106,945 ---hs---- C:\WINDOWS\SYSTEM32\ybeeg.bak2
2007-12-03 19:17 . 2007-12-03 19:17 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2007-11-29 16:43 . 2007-11-29 16:43 <KANSIO> d-------- C:\VundoFix Backups
2007-11-28 11:37 . 2007-11-28 11:37 109,625 ---hs---- C:\WINDOWS\SYSTEM32\ybeeg.bak1
2007-11-28 11:36 . 2007-12-06 15:00 108,883 ---hs---- C:\WINDOWS\SYSTEM32\ybeeg.ini
2007-11-25 20:09 . 2007-12-06 23:51 20,738,080 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-11-25 20:09 . 2007-12-06 23:51 243,764 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2007-11-25 20:06 . 2007-11-25 20:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-25 19:59 . 2007-12-06 15:28 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2007-11-25 12:29 . 2007-11-25 20:08 123,262 ---hs---- C:\WINDOWS\SYSTEM32\bbeeg.ini
2007-11-25 10:27 . 2007-11-25 10:27 <KANSIO> d-------- C:\fsaua.data
2007-11-24 20:04 . 2007-12-06 14:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-24 16:43 . 2007-09-06 13:09 801,144 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-11-24 09:19 . 2007-11-24 16:33 112,698 ---hs---- C:\WINDOWS\SYSTEM32\knnmp.ini
2007-11-24 09:19 . 2007-11-24 09:19 109,624 ---hs---- C:\WINDOWS\SYSTEM32\knnmp.bak1
2007-11-23 19:25 . 2007-11-23 23:04 125,584 ---hs---- C:\WINDOWS\SYSTEM32\mlnmp.ini
2007-11-23 19:25 . 2007-11-23 19:25 109,598 ---hs---- C:\WINDOWS\SYSTEM32\mlnmp.bak1
2007-11-23 19:17 . 2007-11-29 17:57 <KANSIO> d-------- C:\Program Files\E404 Helper
2007-11-22 19:59 . 2007-11-23 16:39 <KANSIO> d-------- C:\Program Files\Counter-Strike 1.6
2007-11-22 15:45 . 2007-11-25 14:11 109,639 ---hs---- C:\WINDOWS\SYSTEM32\bbeeg.bak2
2007-11-22 07:16 . 2007-11-22 07:16 109,639 ---hs---- C:\WINDOWS\SYSTEM32\bbeeg.bak1
2007-11-21 17:11 . 2007-11-21 17:11 109,824 ---hs---- C:\WINDOWS\SYSTEM32\kjjlm.bak2
2007-11-20 17:11 . 2007-11-20 17:11 107,475 ---hs---- C:\WINDOWS\SYSTEM32\kjjlm.bak1
2007-11-20 17:10 . 2007-11-22 14:42 110,740 ---hs---- C:\WINDOWS\SYSTEM32\kjjlm.ini
2007-11-16 18:12 . 2007-11-19 18:31 107,515 ---hs---- C:\WINDOWS\SYSTEM32\xbadd.bak2
2007-11-16 16:00 . 2007-11-16 16:00 111,608 ---hs---- C:\WINDOWS\SYSTEM32\edeeg.bak2
2007-11-16 11:09 . 2007-11-16 11:09 107,475 ---hs---- C:\WINDOWS\SYSTEM32\edeeg.bak1
2007-11-16 11:08 . 2007-11-16 18:11 127,176 ---hs---- C:\WINDOWS\SYSTEM32\edeeg.ini
2007-11-16 06:23 . 2007-11-19 12:43 116,432 ---hs---- C:\WINDOWS\SYSTEM32\xbadd.bak1
2007-11-16 06:23 . 2007-11-19 19:52 108,590 ---hs---- C:\WINDOWS\SYSTEM32\xbadd.ini
2007-11-15 12:15 . 2007-11-15 16:06 108,676 ---hs---- C:\WINDOWS\SYSTEM32\ihkmp.ini
2007-11-15 12:15 . 2007-11-15 12:15 107,515 ---hs---- C:\WINDOWS\SYSTEM32\ihkmp.bak1
2007-11-14 16:07 . 2007-11-14 16:07 137,387 ---hs---- C:\WINDOWS\SYSTEM32\vybeg.bak2
2007-11-13 19:13 . 2007-11-16 11:04 655,341 ---hs---- C:\WINDOWS\SYSTEM32\moloeclv.ini
2007-11-13 19:08 . 2007-11-13 19:08 134,089 ---hs---- C:\WINDOWS\SYSTEM32\vycdd.bak1
2007-11-13 19:07 . 2007-11-15 16:06 146,575 ---hs---- C:\WINDOWS\SYSTEM32\vycdd.ini
2007-11-13 13:59 . 2007-11-13 19:03 654,719 ---hs---- C:\WINDOWS\SYSTEM32\xkuqtmwg.ini
2007-11-13 13:57 . 2007-11-13 13:57 107,524 ---hs---- C:\WINDOWS\SYSTEM32\xybeg.bak1
2007-11-13 13:56 . 2007-11-13 15:24 112,448 ---hs---- C:\WINDOWS\SYSTEM32\xybeg.ini
2007-11-12 19:06 . 2007-11-13 13:52 585,788 ---hs---- C:\WINDOWS\SYSTEM32\eympokcu.ini
2007-11-12 16:36 . 2007-11-12 16:36 578,238 ---hs---- C:\WINDOWS\SYSTEM32\orcyslwe.ini
2007-11-12 15:17 . 2007-11-12 15:28 578,178 ---hs---- C:\WINDOWS\SYSTEM32\nrbdncxh.ini
2007-11-12 11:37 . 2007-11-12 15:09 578,058 ---hs---- C:\WINDOWS\SYSTEM32\katgfoso.ini
2007-11-12 11:35 . 2007-11-12 11:35 107,524 ---hs---- C:\WINDOWS\SYSTEM32\vybeg.bak1
2007-11-12 11:34 . 2007-11-15 20:12 135,637 ---hs---- C:\WINDOWS\SYSTEM32\vybeg.ini
2007-11-11 18:11 . 2007-11-12 11:30 579,368 ---hs---- C:\WINDOWS\SYSTEM32\lheoisvd.ini
2007-11-11 11:31 . 2007-11-11 11:32 579,248 ---hs---- C:\WINDOWS\SYSTEM32\nnilwvtv.ini
2007-11-10 19:57 . 2007-11-11 11:24 579,188 ---hs---- C:\WINDOWS\SYSTEM32\voctidiq.ini
2007-11-10 18:15 . 2007-11-10 18:16 579,068 ---hs---- C:\WINDOWS\SYSTEM32\mxwrywwc.ini
2007-11-09 16:58 . 2007-11-10 18:07 585,881 ---hs---- C:\WINDOWS\SYSTEM32\ksiqradi.ini
2007-11-09 16:58 . 2007-11-12 19:03 108,575 ---hs---- C:\WINDOWS\SYSTEM32\prqss.bak2
2007-11-09 15:30 . 2007-11-09 15:31 584,125 ---hs---- C:\WINDOWS\SYSTEM32\snmyphtu.ini
2007-11-09 07:15 . 2007-11-09 15:22 584,219 ---hs---- C:\WINDOWS\SYSTEM32\jcbynpdy.ini
2007-11-09 07:09 . 2007-11-13 15:24 115,738 ---hs---- C:\WINDOWS\SYSTEM32\prqss.ini
2007-11-09 07:09 . 2007-11-09 07:09 107,484 ---hs---- C:\WINDOWS\SYSTEM32\prqss.bak1
2007-11-08 15:48 . 2007-11-09 07:04 570,640 ---hs---- C:\WINDOWS\SYSTEM32\gnksirpv.ini
2007-11-08 06:43 . 2007-11-08 15:40 570,933 ---hs---- C:\WINDOWS\SYSTEM32\pkjnrvvx.ini
2007-11-08 06:09 . 2007-11-08 06:09 570,813 ---hs---- C:\WINDOWS\SYSTEM32\hacyocmq.ini
2007-11-07 17:59 . 2007-11-08 05:58 570,740 ---hs---- C:\WINDOWS\SYSTEM32\qrjgtodo.ini
2007-11-07 17:56 . 2007-11-07 17:56 126,413 ---hs---- C:\WINDOWS\SYSTEM32\bdeeg.bak2
2007-11-07 14:55 . 2007-11-07 14:55 570,614 ---hs---- C:\WINDOWS\SYSTEM32\bisxfjqc.ini
2007-11-07 06:51 . 2007-11-07 14:44 570,554 ---hs---- C:\WINDOWS\SYSTEM32\uxfquvjc.ini
2007-11-07 06:45 . 2007-11-07 17:56 112,328 ---hs---- C:\WINDOWS\SYSTEM32\nnnmp.ini
2007-11-07 06:45 . 2007-11-07 06:45 103,101 ---hs---- C:\WINDOWS\SYSTEM32\nnnmp.bak1
2007-11-06 20:20 . 2007-11-08 06:41 106,703 ---hs---- C:\WINDOWS\SYSTEM32\jlkkj.bak2
2007-11-06 20:19 . 2007-11-06 20:29 570,771 ---hs---- C:\WINDOWS\SYSTEM32\wafjoagt.ini
2007-11-06 18:21 . 2007-11-06 19:54 570,720 ---hs---- C:\WINDOWS\SYSTEM32\xmmafjpi.ini
2007-11-06 15:59 . 2007-11-06 15:59 6,513 ---hs---- C:\WINDOWS\SYSTEM32\jlkkj.bak1
2007-11-06 15:58 . 2007-11-09 15:19 135,788 ---hs---- C:\WINDOWS\SYSTEM32\jlkkj.ini

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 14:57 --------- d-----w C:\Program Files\Ubisoft
2007-12-05 14:49 --------- d-----w C:\Program Files\Java
2007-11-25 18:13 --------- d-----w C:\Program Files\McAfee.com
2007-11-25 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-24 15:33 --------- d-----w C:\Documents and Settings\SatuA\Application Data\Vso
2007-11-24 15:29 --------- d-----w C:\Program Files\MSN Messenger
2007-11-22 15:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-09 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 16:30 --------- d-----w C:\Program Files\EA GAMES
2007-11-05 18:29 --------- d-----w C:\Program Files\Trymedia
2007-11-04 16:35 --------- d-----w C:\Program Files\SopCast
2007-10-29 16:54 --------- d-----w C:\Program Files\Motocross The Force
2007-10-28 09:03 --------- d-----w C:\Program Files\Microsoft Games
2007-10-28 08:09 --------- d-----w C:\Program Files\Common Files\DirectX
2007-10-28 08:08 --------- d-----w C:\Program Files\MotoGP Demo
2007-10-28 07:25 11,426 ----a-w C:\Program Files\uninstal.log
2007-10-28 07:25 --------- d-----w C:\Program Files\motorsims
2007-10-27 19:49 --------- d-----w C:\Program Files\Infogrames
2007-10-27 16:50 --------- d-----w C:\Program Files\Tmp
2007-10-27 16:50 --------- d-----w C:\Program Files\Replays
2007-10-27 16:11 --------- d-----w C:\Program Files\Stunt Playground
2007-10-27 15:59 --------- d-----w C:\Program Files\SETUPDIR
2007-10-10 17:51 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 17:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 13:35 1 ----a-w C:\SI.bin
2007-10-10 13:30 --------- d-----w C:\Documents and Settings\SatuA\Application Data\McAfee.com Personal Firewall
2007-10-09 12:56 --------- d-----w C:\Documents and Settings\SatuA\Application Data\Bioshock
2007-09-10 12:18 22,328 ----a-w C:\Documents and Settings\SatuA\Application Data\PnkBstrK.sys
2007-09-06 14:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-06-23 16:42 47,360 ----a-w C:\Documents and Settings\SatuA\Application Data\pcouffin.sys
2005-08-19 14:45 991 ----a-w C:\Program Files\GH3D.txt
2005-08-19 14:45 81 ----a-w C:\Program Files\GamersHell.url
2000-01-31 09:18 29,108,498 ------r C:\Program Files\DATA1.CAB
2000-01-31 09:18 19,140 ------r C:\Program Files\DATA1.HDR
1999-12-21 13:59 99 ------r C:\Program Files\SETUP.INI
1999-12-21 13:59 963,778 ------r C:\Program Files\_SYS1.CAB
1999-12-21 13:59 92 ------r C:\Program Files\DATA.TAG
1999-12-21 13:59 768 ------r C:\Program Files\LAYOUT.BIN
1999-12-21 13:59 7,169 ------r C:\Program Files\_SYS1.HDR
1999-12-21 13:59 6,472,086 ------w C:\Program Files\_USER1.CAB
1999-12-21 13:59 11,086 ------r C:\Program Files\_USER1.HDR
1999-12-21 13:59 104 ------r C:\Program Files\SETUP.LID
1999-12-21 13:55 70,052 ------r C:\Program Files\SETUP.INS
1999-02-23 08:45 296,674 ------r C:\Program Files\_INST32I.EX_
1999-01-12 09:42 73,728 ------r C:\Program Files\SETUP.EXE
1999-01-12 08:34 23,541 ------r C:\Program Files\LANG.DAT
1998-10-27 10:06 27,648 ------r C:\Program Files\_ISDEL.EXE
1998-07-27 14:41 450 ------r C:\Program Files\OS.DAT
2007-07-19 08:49 6,365 --sh--w C:\WINDOWS\SYSTEM32\egjlm.bak1
2007-07-20 13:37 894,880 --sh--w C:\WINDOWS\SYSTEM32\egjlm.bak2
2007-07-26 13:37 744,150 --sh--w C:\WINDOWS\SYSTEM32\tstwa.bak1
2007-07-26 13:37 743,674 --sh--w C:\WINDOWS\SYSTEM32\tstwa.bak2
2007-08-26 18:03 728,525 --sh--w C:\WINDOWS\SYSTEM32\wycdd.ini2
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-02 15:12]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-28 11:19]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-06 15:04]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtst]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge]

S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 23:52:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 23:54:11 - machine was rebooted
.
--- E O F ---

Shulender · Dec 7, 2007

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\WINDOWS\SYSTEM32\mcrh.tmp
C:\WINDOWS\SYSTEM32\ybeeg.bak2
C:\WINDOWS\SYSTEM32\ybeeg.bak1
C:\WINDOWS\SYSTEM32\ybeeg.ini
C:\WINDOWS\SYSTEM32\bbeeg.ini
C:\WINDOWS\SYSTEM32\knnmp.ini
C:\WINDOWS\SYSTEM32\knnmp.bak1
C:\WINDOWS\SYSTEM32\mlnmp.ini
C:\WINDOWS\SYSTEM32\mlnmp.bak1
C:\WINDOWS\SYSTEM32\bbeeg.bak2
C:\WINDOWS\SYSTEM32\bbeeg.bak1
C:\WINDOWS\SYSTEM32\kjjlm.bak2
C:\WINDOWS\SYSTEM32\kjjlm.bak1
C:\WINDOWS\SYSTEM32\kjjlm.ini
C:\WINDOWS\SYSTEM32\xbadd.bak2
C:\WINDOWS\SYSTEM32\edeeg.bak2
C:\WINDOWS\SYSTEM32\edeeg.bak1
C:\WINDOWS\SYSTEM32\edeeg.ini
C:\WINDOWS\SYSTEM32\xbadd.bak1
C:\WINDOWS\SYSTEM32\xbadd.ini
C:\WINDOWS\SYSTEM32\ihkmp.ini
C:\WINDOWS\SYSTEM32\ihkmp.bak1
C:\WINDOWS\SYSTEM32\vybeg.bak2
C:\WINDOWS\SYSTEM32\moloeclv.ini
C:\WINDOWS\SYSTEM32\vycdd.bak1
C:\WINDOWS\SYSTEM32\vycdd.ini
C:\WINDOWS\SYSTEM32\xkuqtmwg.ini
C:\WINDOWS\SYSTEM32\xybeg.bak1
C:\WINDOWS\SYSTEM32\xybeg.ini
C:\WINDOWS\SYSTEM32\eympokcu.ini
C:\WINDOWS\SYSTEM32\orcyslwe.ini
C:\WINDOWS\SYSTEM32\nrbdncxh.ini
C:\WINDOWS\SYSTEM32\katgfoso.ini
C:\WINDOWS\SYSTEM32\vybeg.bak1
C:\WINDOWS\SYSTEM32\vybeg.ini
C:\WINDOWS\SYSTEM32\lheoisvd.ini
C:\WINDOWS\SYSTEM32\nnilwvtv.ini
C:\WINDOWS\SYSTEM32\voctidiq.ini
C:\WINDOWS\SYSTEM32\mxwrywwc.ini
C:\WINDOWS\SYSTEM32\ksiqradi.ini
C:\WINDOWS\SYSTEM32\prqss.bak2
C:\WINDOWS\SYSTEM32\snmyphtu.ini
C:\WINDOWS\SYSTEM32\jcbynpdy.ini
C:\WINDOWS\SYSTEM32\prqss.ini
C:\WINDOWS\SYSTEM32\prqss.bak1
C:\WINDOWS\SYSTEM32\gnksirpv.ini
C:\WINDOWS\SYSTEM32\pkjnrvvx.ini
C:\WINDOWS\SYSTEM32\qrjgtodo.ini
C:\WINDOWS\SYSTEM32\hacyocmq.ini
C:\WINDOWS\SYSTEM32\bdeeg.bak2
C:\WINDOWS\SYSTEM32\bisxfjqc.ini
C:\WINDOWS\SYSTEM32\uxfquvjc.ini
C:\WINDOWS\SYSTEM32\nnnmp.ini
C:\WINDOWS\SYSTEM32\nnnmp.bak1
C:\WINDOWS\SYSTEM32\jlkkj.bak2
C:\WINDOWS\SYSTEM32\wafjoagt.ini
C:\WINDOWS\SYSTEM32\xmmafjpi.ini
C:\WINDOWS\SYSTEM32\jlkkj.bak
C:\WINDOWS\SYSTEM32\jlkkj.ini
C:\WINDOWS\SYSTEM32\egjlm.bak1
C:\WINDOWS\SYSTEM32\egjlm.bak2
C:\WINDOWS\SYSTEM32\tstwa.bak1
C:\WINDOWS\SYSTEM32\tstwa.bak2
C:\WINDOWS\SYSTEM32\wycdd.ini2

Folder::
C:\VundoFix Backups
C:\fsaua.data
C:\Program Files\E404 Helper
C:\SI.bin

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtst]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge]
Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Lataa Atribunen AFT-cleaner tuosta
http://www.atribune.org/ccount/click.php?id=1

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa http://www.ewido.net/en/download/AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
Käynnistä AVG Anti-Spyware.
Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
Sitten "Reports" valikon alta:

Laita täppi kohtaan "Do not Automatically generate report"
Ota täppi pois kohdasta"Only if threats were found"
Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
"Resident shield is", muuta tila active:sta inactive:ksi
Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, http://www.virustorjunta.net/module...Yleisohjeita+ongelmatilanteiden+ratkaisuun#37

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestikejuusi.

Lähetä:
Combofixin logi
AVG raportti
Tuore HJT-logi

poomer5 · Dec 8, 2007

Terve!

-Quoteboksin sisältö roudattu Combofixiin ja ko toimenpiteet
-AFT suoritettu
-AVG ohjeiden mukaan (about?)

Tässä logit:

______________________________
C O M B O:

ComboFix 07-12-09.1 - SatuA 2007-12-08 22:01:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.662 [GMT 2:00]
Running from: C:\Documents and Settings\SatuA\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\SatuA\Työpöytä\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\bbeeg.bak1
C:\WINDOWS\SYSTEM32\bbeeg.bak2
C:\WINDOWS\SYSTEM32\bbeeg.ini
C:\WINDOWS\SYSTEM32\bdeeg.bak2
C:\WINDOWS\SYSTEM32\bisxfjqc.ini
C:\WINDOWS\SYSTEM32\edeeg.bak1
C:\WINDOWS\SYSTEM32\edeeg.bak2
C:\WINDOWS\SYSTEM32\edeeg.ini
C:\WINDOWS\SYSTEM32\egjlm.bak1
C:\WINDOWS\SYSTEM32\egjlm.bak2
C:\WINDOWS\SYSTEM32\eympokcu.ini
C:\WINDOWS\SYSTEM32\gnksirpv.ini
C:\WINDOWS\SYSTEM32\hacyocmq.ini
C:\WINDOWS\SYSTEM32\ihkmp.bak1
C:\WINDOWS\SYSTEM32\ihkmp.ini
C:\WINDOWS\SYSTEM32\jcbynpdy.ini
C:\WINDOWS\SYSTEM32\jlkkj.bak
C:\WINDOWS\SYSTEM32\jlkkj.bak2
C:\WINDOWS\SYSTEM32\jlkkj.ini
C:\WINDOWS\SYSTEM32\katgfoso.ini
C:\WINDOWS\SYSTEM32\kjjlm.bak1
C:\WINDOWS\SYSTEM32\kjjlm.bak2
C:\WINDOWS\SYSTEM32\kjjlm.ini
C:\WINDOWS\SYSTEM32\knnmp.bak1
C:\WINDOWS\SYSTEM32\knnmp.ini
C:\WINDOWS\SYSTEM32\ksiqradi.ini
C:\WINDOWS\SYSTEM32\lheoisvd.ini
C:\WINDOWS\SYSTEM32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mlnmp.bak1
C:\WINDOWS\SYSTEM32\mlnmp.ini
C:\WINDOWS\SYSTEM32\moloeclv.ini
C:\WINDOWS\SYSTEM32\mxwrywwc.ini
C:\WINDOWS\SYSTEM32\nnilwvtv.ini
C:\WINDOWS\SYSTEM32\nnnmp.bak1
C:\WINDOWS\SYSTEM32\nnnmp.ini
C:\WINDOWS\SYSTEM32\nrbdncxh.ini
C:\WINDOWS\SYSTEM32\orcyslwe.ini
C:\WINDOWS\SYSTEM32\pkjnrvvx.ini
C:\WINDOWS\SYSTEM32\prqss.bak1
C:\WINDOWS\SYSTEM32\prqss.bak2
C:\WINDOWS\SYSTEM32\prqss.ini
C:\WINDOWS\SYSTEM32\qrjgtodo.ini
C:\WINDOWS\SYSTEM32\snmyphtu.ini
C:\WINDOWS\SYSTEM32\tstwa.bak1
C:\WINDOWS\SYSTEM32\tstwa.bak2
C:\WINDOWS\SYSTEM32\uxfquvjc.ini
C:\WINDOWS\SYSTEM32\wafjoagt.ini
C:\WINDOWS\SYSTEM32\voctidiq.ini
C:\WINDOWS\SYSTEM32\vybeg.bak1
C:\WINDOWS\SYSTEM32\vybeg.bak2
C:\WINDOWS\SYSTEM32\vybeg.ini
C:\WINDOWS\SYSTEM32\vycdd.bak1
C:\WINDOWS\SYSTEM32\vycdd.ini
C:\WINDOWS\SYSTEM32\wycdd.ini2
C:\WINDOWS\SYSTEM32\xbadd.bak1
C:\WINDOWS\SYSTEM32\xbadd.bak2
C:\WINDOWS\SYSTEM32\xbadd.ini
C:\WINDOWS\SYSTEM32\xkuqtmwg.ini
C:\WINDOWS\SYSTEM32\xmmafjpi.ini
C:\WINDOWS\SYSTEM32\xybeg.bak1
C:\WINDOWS\SYSTEM32\xybeg.ini
C:\WINDOWS\SYSTEM32\ybeeg.bak1
C:\WINDOWS\SYSTEM32\ybeeg.bak2
C:\WINDOWS\SYSTEM32\ybeeg.ini
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fsaua.data
C:\Program Files\E404 Helper
C:\SI.bin\
C:\WINDOWS\SYSTEM32\bbeeg.bak1
C:\WINDOWS\SYSTEM32\bbeeg.bak2
C:\WINDOWS\SYSTEM32\bbeeg.ini
C:\WINDOWS\SYSTEM32\bdeeg.bak2
C:\WINDOWS\SYSTEM32\bisxfjqc.ini
C:\WINDOWS\SYSTEM32\edeeg.bak1
C:\WINDOWS\SYSTEM32\edeeg.bak2
C:\WINDOWS\SYSTEM32\edeeg.ini
C:\WINDOWS\SYSTEM32\egjlm.bak1
C:\WINDOWS\SYSTEM32\egjlm.bak2
C:\WINDOWS\SYSTEM32\eympokcu.ini
C:\WINDOWS\SYSTEM32\gnksirpv.ini
C:\WINDOWS\SYSTEM32\hacyocmq.ini
C:\WINDOWS\SYSTEM32\ihkmp.bak1
C:\WINDOWS\SYSTEM32\ihkmp.ini
C:\WINDOWS\SYSTEM32\jcbynpdy.ini
C:\WINDOWS\SYSTEM32\jlkkj.bak2
C:\WINDOWS\SYSTEM32\jlkkj.ini
C:\WINDOWS\SYSTEM32\katgfoso.ini
C:\WINDOWS\SYSTEM32\kjjlm.bak1
C:\WINDOWS\SYSTEM32\kjjlm.bak2
C:\WINDOWS\SYSTEM32\kjjlm.ini
C:\WINDOWS\SYSTEM32\knnmp.bak1
C:\WINDOWS\SYSTEM32\knnmp.ini
C:\WINDOWS\SYSTEM32\ksiqradi.ini
C:\WINDOWS\SYSTEM32\lheoisvd.ini
C:\WINDOWS\SYSTEM32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mlnmp.bak1
C:\WINDOWS\SYSTEM32\mlnmp.ini
C:\WINDOWS\SYSTEM32\moloeclv.ini
C:\WINDOWS\SYSTEM32\mxwrywwc.ini
C:\WINDOWS\SYSTEM32\nnilwvtv.ini
C:\WINDOWS\SYSTEM32\nnnmp.bak1
C:\WINDOWS\SYSTEM32\nnnmp.ini
C:\WINDOWS\SYSTEM32\nrbdncxh.ini
C:\WINDOWS\SYSTEM32\orcyslwe.ini
C:\WINDOWS\SYSTEM32\pkjnrvvx.ini
C:\WINDOWS\SYSTEM32\prqss.bak1
C:\WINDOWS\SYSTEM32\prqss.bak2
C:\WINDOWS\SYSTEM32\prqss.ini
C:\WINDOWS\SYSTEM32\qrjgtodo.ini
C:\WINDOWS\SYSTEM32\snmyphtu.ini
C:\WINDOWS\SYSTEM32\tstwa.bak1
C:\WINDOWS\SYSTEM32\tstwa.bak2
C:\WINDOWS\SYSTEM32\uxfquvjc.ini
C:\WINDOWS\SYSTEM32\wafjoagt.ini
C:\WINDOWS\SYSTEM32\voctidiq.ini
C:\WINDOWS\SYSTEM32\vybeg.bak1
C:\WINDOWS\SYSTEM32\vybeg.bak2
C:\WINDOWS\SYSTEM32\vybeg.ini
C:\WINDOWS\SYSTEM32\vycdd.bak1
C:\WINDOWS\SYSTEM32\vycdd.ini
C:\WINDOWS\SYSTEM32\wycdd.ini2
C:\WINDOWS\SYSTEM32\xbadd.bak1
C:\WINDOWS\SYSTEM32\xbadd.bak2
C:\WINDOWS\SYSTEM32\xbadd.ini
C:\WINDOWS\SYSTEM32\xkuqtmwg.ini
C:\WINDOWS\SYSTEM32\xmmafjpi.ini
C:\WINDOWS\SYSTEM32\xybeg.bak1
C:\WINDOWS\SYSTEM32\xybeg.ini
C:\WINDOWS\SYSTEM32\ybeeg.bak1
C:\WINDOWS\SYSTEM32\ybeeg.bak2
C:\WINDOWS\SYSTEM32\ybeeg.ini
C:\VundoFix Backups

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-09 to 2007-12-09 )))))))))))))))))
.

2007-12-08 00:40 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\SYSTEM32\nppt9x.vxd
2007-12-08 00:40 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys
2007-12-07 23:36 . 2007-12-07 23:36 <KANSIO> d-------- C:\Program Files\Games-Masters.com
2007-12-06 14:52 . 2007-12-06 14:52 <KANSIO> d-------- C:\Program Files\Avira
2007-12-03 19:17 . 2007-12-03 19:17 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2007-11-25 20:09 . 2007-12-09 22:07 21,841,952 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-11-25 20:09 . 2007-12-08 21:30 255,596 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2007-11-25 20:06 . 2007-11-25 20:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-25 19:59 . 2007-12-06 15:28 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2007-11-24 20:04 . 2007-12-06 14:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-24 16:43 . 2007-09-06 13:09 801,144 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-11-22 19:59 . 2007-11-23 16:39 <KANSIO> d-------- C:\Program Files\Counter-Strike 1.6

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 14:57 --------- d-----w C:\Program Files\Ubisoft
2007-12-05 14:49 --------- d-----w C:\Program Files\Java
2007-11-25 18:13 --------- d-----w C:\Program Files\McAfee.com
2007-11-25 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-24 15:33 --------- d-----w C:\Documents and Settings\SatuA\Application Data\Vso
2007-11-24 15:29 --------- d-----w C:\Program Files\MSN Messenger
2007-11-22 15:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-22 15:56 103,736 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-11-09 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 16:30 --------- d-----w C:\Program Files\EA GAMES
2007-11-06 13:59 6,513 --sh--w C:\WINDOWS\SYSTEM32\jlkkj.bak1
2007-11-05 18:29 --------- d-----w C:\Program Files\Trymedia
2007-11-05 14:16 21,840 ----atw C:\WINDOWS\SYSTEM32\SIntfNT.dll
2007-11-05 14:16 17,212 ----atw C:\WINDOWS\SYSTEM32\SIntf32.dll
2007-11-05 14:16 12,067 ----atw C:\WINDOWS\SYSTEM32\SIntf16.dll
2007-11-05 13:31 47,104 ----a-w C:\WINDOWS\SYSTEM32\KMVIDC32.DLL
2007-11-05 07:11 103,134 --sh--w C:\WINDOWS\SYSTEM32\bdeeg.bak1
2007-11-04 16:35 --------- d-----w C:\Program Files\SopCast
2007-10-29 16:54 --------- d-----w C:\Program Files\Motocross The Force
2007-10-28 09:03 --------- d-----w C:\Program Files\Microsoft Games
2007-10-28 08:09 --------- d-----w C:\Program Files\Common Files\DirectX
2007-10-28 08:08 --------- d-----w C:\Program Files\MotoGP Demo
2007-10-28 07:25 11,426 ----a-w C:\Program Files\uninstal.log
2007-10-28 07:25 --------- d-----w C:\Program Files\motorsims
2007-10-27 19:49 --------- d-----w C:\Program Files\Infogrames
2007-10-27 16:50 --------- d-----w C:\Program Files\Tmp
2007-10-27 16:50 --------- d-----w C:\Program Files\Replays
2007-10-27 16:11 --------- d-----w C:\Program Files\Stunt Playground
2007-10-27 15:59 --------- d-----w C:\Program Files\SETUPDIR
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-14 13:58 7,027 --sh--w C:\WINDOWS\SYSTEM32\rqstv.bak2
2007-10-13 15:22 390,212 --sh--w C:\WINDOWS\SYSTEM32\rqstv.bak1
2007-10-12 20:20 400,845 --sh--w C:\WINDOWS\SYSTEM32\oqstv.bak2
2007-10-11 13:07 390,212 --sh--w C:\WINDOWS\SYSTEM32\oqstv.bak1
2007-10-10 17:51 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 17:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 17:24 403,953 --sh--w C:\WINDOWS\SYSTEM32\efhkj.bak2
2007-10-10 13:35 1 ----a-w C:\SI.bin
2007-10-10 13:30 --------- d-----w C:\Documents and Settings\SatuA\Application Data\McAfee.com Personal Firewall
2007-10-10 10:49 393,988 --sh--w C:\WINDOWS\SYSTEM32\efhkj.bak1
2007-10-09 12:57 436,344 --sh--w C:\WINDOWS\SYSTEM32\kjllm.bak2
2007-10-09 12:56 --------- d-----w C:\Documents and Settings\SatuA\Application Data\Bioshock
2007-10-09 04:30 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-10-08 13:11 432,553 --sh--w C:\WINDOWS\SYSTEM32\qrutv.bak1
2007-10-08 10:01 432,529 --sh--w C:\WINDOWS\SYSTEM32\kjllm.bak1
2007-10-07 10:04 549,055 --sh--w C:\WINDOWS\SYSTEM32\bbadd.bak2
2007-10-06 05:51 519,669 --sh--w C:\WINDOWS\SYSTEM32\bbadd.bak1
2007-09-21 17:02 654,579 --sh--w C:\WINDOWS\SYSTEM32\wycdd.bak2
2007-09-20 17:02 654,316 --sh--w C:\WINDOWS\SYSTEM32\wycdd.bak1
2007-09-10 12:18 22,328 ----a-w C:\Documents and Settings\SatuA\Application Data\PnkBstrK.sys
2007-09-10 12:14 674,600 ----a-w C:\WINDOWS\SYSTEM32\pbsvc.exe
2007-06-23 16:42 47,360 ----a-w C:\Documents and Settings\SatuA\Application Data\pcouffin.sys
2005-10-10 09:13 858,087 ----a-w C:\Program Files\setup.exe
2005-08-19 14:45 991 ----a-w C:\Program Files\GH3D.txt
2005-08-19 14:45 81 ----a-w C:\Program Files\GamersHell.url
2000-01-31 09:18 29,108,498 ------r C:\Program Files\DATA1.CAB
2000-01-31 09:18 19,140 ------r C:\Program Files\DATA1.HDR
1999-12-21 13:59 99 ------r C:\Program Files\SETUP.INI
1999-12-21 13:59 963,778 ------r C:\Program Files\_SYS1.CAB
1999-12-21 13:59 92 ------r C:\Program Files\DATA.TAG
1999-12-21 13:59 768 ------r C:\Program Files\LAYOUT.BIN
1999-12-21 13:59 7,169 ------r C:\Program Files\_SYS1.HDR
1999-12-21 13:59 6,472,086 ------w C:\Program Files\_USER1.CAB
1999-12-21 13:59 11,086 ------r C:\Program Files\_USER1.HDR
1999-12-21 13:59 104 ------r C:\Program Files\SETUP.LID
1999-12-21 13:55 70,052 ------r C:\Program Files\SETUP.INS
1999-02-23 08:45 296,674 ------r C:\Program Files\_INST32I.EX_
1999-01-12 08:34 23,541 ------r C:\Program Files\LANG.DAT
1998-10-27 10:06 27,648 ------r C:\Program Files\_ISDEL.EXE
1998-07-27 14:41 450 ------r C:\Program Files\OS.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_23.53.42.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 01:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 01:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-02 15:12]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-28 11:19]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-06 15:04]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]

S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys

.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 22:07:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 22:08:08
C:\ComboFix2.txt ... 2007-12-06 23:54
.
--- E O F ---

______________________________________

A V G - RAPPARI: Mahtoiko olla toivottu tulos ? Ohjeiden mukaan ei suoranaisesti ihan suoraan luonnistunut.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:52:21 9.12.2007

+ Scan result:

:mozilla.12:C:\Documents and Settings\Kai\Application Data\Mozilla\Firefox\Profiles\x2eki4e4.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.29:C:\Documents and Settings\Kai\Application Data\Mozilla\Firefox\Profiles\x2eki4e4.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

::Report end

____________________________________-

H I J A C K -logi

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0:01:47, on 10.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\SatuA\Työpöytä\Virus ohjelmat\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136656772015
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136657454203
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\Imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8368 bytes

Shulender · Dec 9, 2007

Hjt-logi on puhdas.

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\WINDOWS\SYSTEM32\jlkkj.bak1
C:\WINDOWS\SYSTEM32\rqstv.bak2
C:\WINDOWS\SYSTEM32\rqstv.bak1
C:\WINDOWS\SYSTEM32\oqstv.bak2
C:\WINDOWS\SYSTEM32\oqstv.bak1
C:\WINDOWS\SYSTEM32\efhkj.bak2
C:\WINDOWS\SYSTEM32\efhkj.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak2
C:\WINDOWS\SYSTEM32\qrutv.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak1
C:\WINDOWS\SYSTEM32\bbadd.bak2
C:\WINDOWS\SYSTEM32\bbadd.bak1
C:\WINDOWS\SYSTEM32\wycdd.bak2
C:\WINDOWS\SYSTEM32\wycdd.bak1
Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tarkista koneesi Panda Online Skannerilla:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm
tuosta

Kun olet Pandan sivulla, klikkaa Scan your PC-painiketta
Uusi ikkuna aukeaa...klikkaa Check Now-painiketta
Valitse maa, Country
Syötä kaupunki, State/Province
Syötä sähköpostiosoitteesi, e-mail address ja klikkaa send-painiketta
Valitse joko kotikäyttäjä Home User tai yritys Company
Klikkaa suurta Scan Now-painiketta
Jos ActiveX-komponentin asentamista kysytään, salli se.
Tarvittavien tiedostojen lataaminen alkaa (Huom: Tämä vaihe voi viedä muutamia minuutteja)
Kun lataukset ovat valmiit, klikkaa Local Disks aloittaaksesi skannauksen
Kun skannaus on valmis, klikkaa See Report-painiketta jos infektioita löytyi. Klikkaa sitten Save Report ja tallenna raportti johonkin sopivaan sijaintiin (esim työpöydälle).

Liitä Pandan skannausraportin sisältö vastaukseesi.

Lähetä:
Combofixin logi
Pandan raportti

poomer5 · Dec 9, 2007

Tässä Combon raportti.
Pandaa koetin useita kertoja mutta aina päätyi "error occured"-tilaan. (yhdellä kerralla timerin mukaan jäljellä 2 sekuntia ja silloinkin heitti yllättäen error-jutun...usko loppui lukuisiin yrityksiin.)

ps. Pandaa ladatessa tuli ekalla kerralla antivirin ilmoitus w95/blumblebee ->kuittaisin deletellä ja samoin seuraavan blumblebee.1738 myös deletellä. (?)

__________________--
ComboFix 07-12-09.1 - SatuA 2007-12-10 13:56:49.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.689 [GMT 2:00]
Running from: C:\Documents and Settings\SatuA\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\SatuA\Työpöytä\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\bbadd.bak1
C:\WINDOWS\SYSTEM32\bbadd.bak2
C:\WINDOWS\SYSTEM32\efhkj.bak1
C:\WINDOWS\SYSTEM32\efhkj.bak2
C:\WINDOWS\SYSTEM32\jlkkj.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak2
C:\WINDOWS\SYSTEM32\oqstv.bak1
C:\WINDOWS\SYSTEM32\oqstv.bak2
C:\WINDOWS\SYSTEM32\qrutv.bak1
C:\WINDOWS\SYSTEM32\rqstv.bak1
C:\WINDOWS\SYSTEM32\rqstv.bak2
C:\WINDOWS\SYSTEM32\wycdd.bak1
C:\WINDOWS\SYSTEM32\wycdd.bak2
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\bbadd.bak1
C:\WINDOWS\SYSTEM32\bbadd.bak2
C:\WINDOWS\SYSTEM32\efhkj.bak1
C:\WINDOWS\SYSTEM32\efhkj.bak2
C:\WINDOWS\SYSTEM32\jlkkj.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak2
C:\WINDOWS\SYSTEM32\oqstv.bak1
C:\WINDOWS\SYSTEM32\oqstv.bak2
C:\WINDOWS\SYSTEM32\qrutv.bak1
C:\WINDOWS\SYSTEM32\rqstv.bak1
C:\WINDOWS\SYSTEM32\rqstv.bak2
C:\WINDOWS\SYSTEM32\wycdd.bak1
C:\WINDOWS\SYSTEM32\wycdd.bak2

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-10 to 2007-12-10 )))))))))))))))))
.

2007-12-10 02:48 . 2007-12-10 02:48 <KANSIO> d-------- C:\Program Files\America's Army Server Manager
2007-12-10 02:41 . 2007-12-10 02:48 <KANSIO> d-------- C:\Program Files\America's Army
2007-12-09 22:30 . 2007-12-09 22:31 <KANSIO> d-------- C:\joku
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-12-09 22:23 . 2004-11-24 01:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-12-09 22:23 . 2004-11-24 01:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-12-09 22:23 . 2004-11-24 01:05 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec
2007-12-09 22:23 . 2004-11-24 01:09 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sonic
2007-12-09 22:13 . 2007-12-09 22:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 00:40 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\SYSTEM32\nppt9x.vxd
2007-12-08 00:40 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys
2007-12-07 23:36 . 2007-12-07 23:36 <KANSIO> d-------- C:\Program Files\Games-Masters.com
2007-12-06 14:52 . 2007-12-06 14:52 <KANSIO> d-------- C:\Program Files\Avira
2007-12-03 19:17 . 2007-12-03 19:17 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2007-11-25 20:09 . 2007-12-10 04:37 21,995,552 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-11-25 20:09 . 2007-12-10 04:37 257,732 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2007-11-25 20:06 . 2007-11-25 20:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-25 19:59 . 2007-12-06 15:28 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2007-11-24 20:04 . 2007-12-06 14:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-24 16:43 . 2007-09-06 13:09 801,144 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-11-22 19:59 . 2007-11-23 16:39 <KANSIO> d-------- C:\Program Files\Counter-Strike 1.6

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 14:57 --------- d-----w C:\Program Files\Ubisoft
2007-12-05 14:49 --------- d-----w C:\Program Files\Java
2007-11-25 18:13 --------- d-----w C:\Program Files\McAfee.com
2007-11-25 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-24 15:33 --------- d-----w C:\Documents and Settings\SatuA\Application Data\Vso
2007-11-24 15:29 --------- d-----w C:\Program Files\MSN Messenger
2007-11-22 15:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-22 15:56 103,736 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-11-09 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 16:30 --------- d-----w C:\Program Files\EA GAMES
2007-11-05 18:29 --------- d-----w C:\Program Files\Trymedia
2007-11-05 14:16 21,840 ----atw C:\WINDOWS\SYSTEM32\SIntfNT.dll
2007-11-05 14:16 17,212 ----atw C:\WINDOWS\SYSTEM32\SIntf32.dll
2007-11-05 14:16 12,067 ----atw C:\WINDOWS\SYSTEM32\SIntf16.dll
2007-11-05 13:31 47,104 ----a-w C:\WINDOWS\SYSTEM32\KMVIDC32.DLL
2007-11-05 07:11 103,134 --sh--w C:\WINDOWS\SYSTEM32\bdeeg.bak1
2007-11-04 16:35 --------- d-----w C:\Program Files\SopCast
2007-10-29 16:54 --------- d-----w C:\Program Files\Motocross The Force
2007-10-28 09:03 --------- d-----w C:\Program Files\Microsoft Games
2007-10-28 08:09 --------- d-----w C:\Program Files\Common Files\DirectX
2007-10-28 08:08 --------- d-----w C:\Program Files\MotoGP Demo
2007-10-28 07:25 11,426 ----a-w C:\Program Files\uninstal.log
2007-10-28 07:25 --------- d-----w C:\Program Files\motorsims
2007-10-27 19:49 --------- d-----w C:\Program Files\Infogrames
2007-10-27 16:50 --------- d-----w C:\Program Files\Tmp
2007-10-27 16:50 --------- d-----w C:\Program Files\Replays
2007-10-27 16:11 --------- d-----w C:\Program Files\Stunt Playground
2007-10-27 15:59 --------- d-----w C:\Program Files\SETUPDIR
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 17:51 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 17:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 13:35 1 ----a-w C:\SI.bin
2007-10-10 13:30 --------- d-----w C:\Documents and Settings\SatuA\Application Data\McAfee.com Personal Firewall
2007-10-09 04:30 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-09-10 12:18 22,328 ----a-w C:\Documents and Settings\SatuA\Application Data\PnkBstrK.sys
2007-09-10 12:14 674,600 ----a-w C:\WINDOWS\SYSTEM32\pbsvc.exe
2007-06-23 16:42 47,360 ----a-w C:\Documents and Settings\SatuA\Application Data\pcouffin.sys
2005-10-10 09:13 858,087 ----a-w C:\Program Files\setup.exe
2005-08-19 14:45 991 ----a-w C:\Program Files\GH3D.txt
2005-08-19 14:45 81 ----a-w C:\Program Files\GamersHell.url
2000-01-31 09:18 29,108,498 ------r C:\Program Files\DATA1.CAB
2000-01-31 09:18 19,140 ------r C:\Program Files\DATA1.HDR
1999-12-21 13:59 99 ------r C:\Program Files\SETUP.INI
1999-12-21 13:59 963,778 ------r C:\Program Files\_SYS1.CAB
1999-12-21 13:59 92 ------r C:\Program Files\DATA.TAG
1999-12-21 13:59 768 ------r C:\Program Files\LAYOUT.BIN
1999-12-21 13:59 7,169 ------r C:\Program Files\_SYS1.HDR
1999-12-21 13:59 6,472,086 ------w C:\Program Files\_USER1.CAB
1999-12-21 13:59 11,086 ------r C:\Program Files\_USER1.HDR
1999-12-21 13:59 104 ------r C:\Program Files\SETUP.LID
1999-12-21 13:55 70,052 ------r C:\Program Files\SETUP.INS
1999-02-23 08:45 296,674 ------r C:\Program Files\_INST32I.EX_
1999-01-12 08:34 23,541 ------r C:\Program Files\LANG.DAT
1998-10-27 10:06 27,648 ------r C:\Program Files\_ISDEL.EXE
1998-07-27 14:41 450 ------r C:\Program Files\OS.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_23.53.42.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-09 16:40:49 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2007-12-10 00:49:45 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-11-09 16:40:50 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2007-12-10 00:49:45 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-11-09 16:40:51 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-12-10 00:49:46 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2007-10-09 04:29:12 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:35 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:15 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:37 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:16 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:38 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-09 16:40:52 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:39 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:18 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:39 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:20 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:40 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:21 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:41 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:23 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:42 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:24 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:42 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:28 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:46 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-09 16:40:54 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2007-12-10 00:49:47 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-11-09 16:40:54 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2007-12-10 00:49:47 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-11-09 16:40:55 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2007-12-10 00:49:48 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-11-09 16:40:56 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2007-12-10 00:49:48 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-11-09 16:40:49 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-12-10 00:49:44 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2007-11-27 01:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 01:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
- 2004-09-29 09:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
- 2004-12-01 12:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2005-02-05 16:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
- 2005-05-26 12:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
- 2005-07-22 14:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2005-09-28 11:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
- 2005-12-05 14:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2006-02-03 04:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
- 2006-03-31 08:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2005-05-26 12:34:52 2,297,552 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_26.dll
+ 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_26.dll
- 2005-07-22 16:59:04 2,319,568 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_27.dll
+ 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_27.dll
- 2005-12-05 15:09:18 2,323,664 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_28.dll
+ 2005-12-05 16:09:18 2,323,664 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_28.dll
- 2006-02-03 05:43:16 2,332,368 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_29.dll
+ 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_29.dll
- 2006-03-31 09:40:58 2,388,176 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_30.dll
+ 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_30.dll
- 2006-02-03 05:41:26 14,032 ----a-w C:\WINDOWS\SYSTEM32\x3daudio1_0.dll
+ 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\SYSTEM32\x3daudio1_0.dll
- 2006-02-03 05:42:06 230,096 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_0.dll
+ 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_0.dll
- 2006-03-31 09:39:48 229,584 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_1.dll
+ 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_1.dll
- 2006-05-31 04:24:16 230,168 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_2.dll
+ 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_2.dll
- 2006-07-28 06:30:32 236,824 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_3.dll
+ 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_3.dll
- 2006-03-31 09:39:24 62,672 ----a-w C:\WINDOWS\SYSTEM32\xinput1_1.dll
+ 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\SYSTEM32\xinput1_1.dll
- 2006-07-28 06:30:14 62,744 ----a-w C:\WINDOWS\SYSTEM32\xinput1_2.dll
+ 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\SYSTEM32\xinput1_2.dll
- 2005-12-05 15:07:30 61,136 ----a-w C:\WINDOWS\SYSTEM32\xinput9_1_0.dll
+ 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\SYSTEM32\xinput9_1_0.dll
- 2007-12-06 21:52:48 4,212 ---h--w C:\WINDOWS\SYSTEM32\zllictbl.dat
+ 2007-12-10 01:35:03 4,212 ---h--w C:\WINDOWS\SYSTEM32\zllictbl.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-02 15:12]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-28 11:19]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-06 15:04]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]

S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys

.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 14:00:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 14:01:29
C:\ComboFix2.txt ... 2007-12-09 22:08
C:\ComboFix3.txt ... 2007-12-06 23:54
.
--- E O F ---

poomer5 · Dec 9, 2007

Tässä Combon raportti.
Pandaa koetin useita kertoja mutta aina päätyi "error occured"-tilaan. (yhdellä kerralla timerin mukaan jäljellä 2 sekuntia ja silloinkin heitti yllättäen error-jutun...usko loppui lukuisiin yrityksiin.)

ps. Pandaa ladatessa tuli ekalla kerralla antivirin ilmoitus w95/blumblebee ->kuittaisin deletellä ja samoin seuraavan blumblebee.1738 myös deletellä. (?)

__________________--
ComboFix 07-12-09.1 - SatuA 2007-12-10 13:56:49.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.689 [GMT 2:00]
Running from: C:\Documents and Settings\SatuA\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\SatuA\Työpöytä\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\bbadd.bak1
C:\WINDOWS\SYSTEM32\bbadd.bak2
C:\WINDOWS\SYSTEM32\efhkj.bak1
C:\WINDOWS\SYSTEM32\efhkj.bak2
C:\WINDOWS\SYSTEM32\jlkkj.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak2
C:\WINDOWS\SYSTEM32\oqstv.bak1
C:\WINDOWS\SYSTEM32\oqstv.bak2
C:\WINDOWS\SYSTEM32\qrutv.bak1
C:\WINDOWS\SYSTEM32\rqstv.bak1
C:\WINDOWS\SYSTEM32\rqstv.bak2
C:\WINDOWS\SYSTEM32\wycdd.bak1
C:\WINDOWS\SYSTEM32\wycdd.bak2
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\bbadd.bak1
C:\WINDOWS\SYSTEM32\bbadd.bak2
C:\WINDOWS\SYSTEM32\efhkj.bak1
C:\WINDOWS\SYSTEM32\efhkj.bak2
C:\WINDOWS\SYSTEM32\jlkkj.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak1
C:\WINDOWS\SYSTEM32\kjllm.bak2
C:\WINDOWS\SYSTEM32\oqstv.bak1
C:\WINDOWS\SYSTEM32\oqstv.bak2
C:\WINDOWS\SYSTEM32\qrutv.bak1
C:\WINDOWS\SYSTEM32\rqstv.bak1
C:\WINDOWS\SYSTEM32\rqstv.bak2
C:\WINDOWS\SYSTEM32\wycdd.bak1
C:\WINDOWS\SYSTEM32\wycdd.bak2

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-10 to 2007-12-10 )))))))))))))))))
.

2007-12-10 02:48 . 2007-12-10 02:48 <KANSIO> d-------- C:\Program Files\America's Army Server Manager
2007-12-10 02:41 . 2007-12-10 02:48 <KANSIO> d-------- C:\Program Files\America's Army
2007-12-09 22:30 . 2007-12-09 22:31 <KANSIO> d-------- C:\joku
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-12-09 22:23 . 2004-11-24 01:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-12-09 22:23 . 2004-11-24 01:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-12-09 22:23 . 2004-11-24 00:38 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-12-09 22:23 . 2004-11-24 01:05 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec
2007-12-09 22:23 . 2004-11-24 01:09 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sonic
2007-12-09 22:13 . 2007-12-09 22:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 00:40 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\SYSTEM32\nppt9x.vxd
2007-12-08 00:40 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys
2007-12-07 23:36 . 2007-12-07 23:36 <KANSIO> d-------- C:\Program Files\Games-Masters.com
2007-12-06 14:52 . 2007-12-06 14:52 <KANSIO> d-------- C:\Program Files\Avira
2007-12-03 19:17 . 2007-12-03 19:17 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2007-11-25 20:09 . 2007-12-10 04:37 21,995,552 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-11-25 20:09 . 2007-12-10 04:37 257,732 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2007-11-25 20:06 . 2007-11-25 20:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-25 19:59 . 2007-12-06 15:28 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2007-11-24 20:04 . 2007-12-06 14:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-24 16:43 . 2007-09-06 13:09 801,144 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-11-22 19:59 . 2007-11-23 16:39 <KANSIO> d-------- C:\Program Files\Counter-Strike 1.6

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 14:57 --------- d-----w C:\Program Files\Ubisoft
2007-12-05 14:49 --------- d-----w C:\Program Files\Java
2007-11-25 18:13 --------- d-----w C:\Program Files\McAfee.com
2007-11-25 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-24 15:33 --------- d-----w C:\Documents and Settings\SatuA\Application Data\Vso
2007-11-24 15:29 --------- d-----w C:\Program Files\MSN Messenger
2007-11-22 15:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-22 15:56 103,736 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-11-09 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 16:30 --------- d-----w C:\Program Files\EA GAMES
2007-11-05 18:29 --------- d-----w C:\Program Files\Trymedia
2007-11-05 14:16 21,840 ----atw C:\WINDOWS\SYSTEM32\SIntfNT.dll
2007-11-05 14:16 17,212 ----atw C:\WINDOWS\SYSTEM32\SIntf32.dll
2007-11-05 14:16 12,067 ----atw C:\WINDOWS\SYSTEM32\SIntf16.dll
2007-11-05 13:31 47,104 ----a-w C:\WINDOWS\SYSTEM32\KMVIDC32.DLL
2007-11-05 07:11 103,134 --sh--w C:\WINDOWS\SYSTEM32\bdeeg.bak1
2007-11-04 16:35 --------- d-----w C:\Program Files\SopCast
2007-10-29 16:54 --------- d-----w C:\Program Files\Motocross The Force
2007-10-28 09:03 --------- d-----w C:\Program Files\Microsoft Games
2007-10-28 08:09 --------- d-----w C:\Program Files\Common Files\DirectX
2007-10-28 08:08 --------- d-----w C:\Program Files\MotoGP Demo
2007-10-28 07:25 11,426 ----a-w C:\Program Files\uninstal.log
2007-10-28 07:25 --------- d-----w C:\Program Files\motorsims
2007-10-27 19:49 --------- d-----w C:\Program Files\Infogrames
2007-10-27 16:50 --------- d-----w C:\Program Files\Tmp
2007-10-27 16:50 --------- d-----w C:\Program Files\Replays
2007-10-27 16:11 --------- d-----w C:\Program Files\Stunt Playground
2007-10-27 15:59 --------- d-----w C:\Program Files\SETUPDIR
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 17:51 --------- d-----w C:\Program Files\Lavasoft
2007-10-10 17:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 13:35 1 ----a-w C:\SI.bin
2007-10-10 13:30 --------- d-----w C:\Documents and Settings\SatuA\Application Data\McAfee.com Personal Firewall
2007-10-09 04:30 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-09-10 12:18 22,328 ----a-w C:\Documents and Settings\SatuA\Application Data\PnkBstrK.sys
2007-09-10 12:14 674,600 ----a-w C:\WINDOWS\SYSTEM32\pbsvc.exe
2007-06-23 16:42 47,360 ----a-w C:\Documents and Settings\SatuA\Application Data\pcouffin.sys
2005-10-10 09:13 858,087 ----a-w C:\Program Files\setup.exe
2005-08-19 14:45 991 ----a-w C:\Program Files\GH3D.txt
2005-08-19 14:45 81 ----a-w C:\Program Files\GamersHell.url
2000-01-31 09:18 29,108,498 ------r C:\Program Files\DATA1.CAB
2000-01-31 09:18 19,140 ------r C:\Program Files\DATA1.HDR
1999-12-21 13:59 99 ------r C:\Program Files\SETUP.INI
1999-12-21 13:59 963,778 ------r C:\Program Files\_SYS1.CAB
1999-12-21 13:59 92 ------r C:\Program Files\DATA.TAG
1999-12-21 13:59 768 ------r C:\Program Files\LAYOUT.BIN
1999-12-21 13:59 7,169 ------r C:\Program Files\_SYS1.HDR
1999-12-21 13:59 6,472,086 ------w C:\Program Files\_USER1.CAB
1999-12-21 13:59 11,086 ------r C:\Program Files\_USER1.HDR
1999-12-21 13:59 104 ------r C:\Program Files\SETUP.LID
1999-12-21 13:55 70,052 ------r C:\Program Files\SETUP.INS
1999-02-23 08:45 296,674 ------r C:\Program Files\_INST32I.EX_
1999-01-12 08:34 23,541 ------r C:\Program Files\LANG.DAT
1998-10-27 10:06 27,648 ------r C:\Program Files\_ISDEL.EXE
1998-07-27 14:41 450 ------r C:\Program Files\OS.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_23.53.42.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-09 16:40:49 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2007-12-10 00:49:45 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-11-09 16:40:50 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2007-12-10 00:49:45 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-11-09 16:40:51 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-12-10 00:49:46 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2007-10-09 04:29:12 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:35 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:15 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:37 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:16 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:38 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-09 16:40:52 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:39 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:18 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:39 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:20 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:40 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:21 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:41 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:23 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:42 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:24 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:42 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-10-09 04:29:28 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 00:49:46 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-09 16:40:54 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2007-12-10 00:49:47 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-11-09 16:40:54 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2007-12-10 00:49:47 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-11-09 16:40:55 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2007-12-10 00:49:48 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-11-09 16:40:56 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2007-12-10 00:49:48 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-11-09 16:40:49 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-12-10 00:49:44 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2007-11-27 01:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 01:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
- 2004-09-29 09:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
- 2004-12-01 12:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2005-02-05 16:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
- 2005-05-26 12:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
- 2005-07-22 14:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2005-09-28 11:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
- 2005-12-05 14:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2006-02-03 04:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
- 2006-03-31 08:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2005-05-26 12:34:52 2,297,552 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_26.dll
+ 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_26.dll
- 2005-07-22 16:59:04 2,319,568 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_27.dll
+ 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_27.dll
- 2005-12-05 15:09:18 2,323,664 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_28.dll
+ 2005-12-05 16:09:18 2,323,664 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_28.dll
- 2006-02-03 05:43:16 2,332,368 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_29.dll
+ 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_29.dll
- 2006-03-31 09:40:58 2,388,176 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_30.dll
+ 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\SYSTEM32\d3dx9_30.dll
- 2006-02-03 05:41:26 14,032 ----a-w C:\WINDOWS\SYSTEM32\x3daudio1_0.dll
+ 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\SYSTEM32\x3daudio1_0.dll
- 2006-02-03 05:42:06 230,096 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_0.dll
+ 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_0.dll
- 2006-03-31 09:39:48 229,584 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_1.dll
+ 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_1.dll
- 2006-05-31 04:24:16 230,168 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_2.dll
+ 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_2.dll
- 2006-07-28 06:30:32 236,824 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_3.dll
+ 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\SYSTEM32\xactengine2_3.dll
- 2006-03-31 09:39:24 62,672 ----a-w C:\WINDOWS\SYSTEM32\xinput1_1.dll
+ 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\SYSTEM32\xinput1_1.dll
- 2006-07-28 06:30:14 62,744 ----a-w C:\WINDOWS\SYSTEM32\xinput1_2.dll
+ 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\SYSTEM32\xinput1_2.dll
- 2005-12-05 15:07:30 61,136 ----a-w C:\WINDOWS\SYSTEM32\xinput9_1_0.dll
+ 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\SYSTEM32\xinput9_1_0.dll
- 2007-12-06 21:52:48 4,212 ---h--w C:\WINDOWS\SYSTEM32\zllictbl.dat
+ 2007-12-10 01:35:03 4,212 ---h--w C:\WINDOWS\SYSTEM32\zllictbl.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-02 15:12]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-28 11:19]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-06 15:04]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]

S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys

.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 14:00:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 14:01:29
C:\ComboFix2.txt ... 2007-12-09 22:08
C:\ComboFix3.txt ... 2007-12-06 23:54
.
--- E O F ---

poomer5 · Dec 9, 2007

Kiitokset tähän asti.

Mikäli ylläolevassa combon logissa jotain äärimmäisen erikoista niin mielellään tiedon vastaanotan. Muutoin jatketaan harjoituksia ja palaan tarvittaessa asiaan.

Kiitos.

(Taisi se blumblebee olla kuitenkin antivirin "väärä arvio",ja ehkä Pandaan "kuuluva" juttu.)

Shulender · Dec 10, 2007

Tarkista koneesi http://support.f-secure.fi/fin/home/ols.shtml F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Seuraavaksi poistamme kaikki käytetyt työkalut.

Lataa http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

Lähetä:
F-Securen raportti

Hujo · Dec 10, 2007

Fixsaa tuo pois

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJfox000

Log in or Sign up

TR/Vundo.Gen , mljjgdd.dll, geeby.dll ... (ainakin oli)

poomer5 Member

Shulender Member

poomer5 Member

Shulender Member

poomer5 Member

Shulender Member

poomer5 Member

poomer5 Member

poomer5 Member

Shulender Member

Hujo Guest

Share This Page

Log in or Sign up

TR/Vundo.Gen , mljjgdd.dll, geeby.dll ... (ainakin oli)

poomer5 Member

Shulender Member

poomer5 Member

Shulender Member

poomer5 Member

Shulender Member

poomer5 Member

poomer5 Member

poomer5 Member

Shulender Member

Hujo Guest

Share This Page

Useful Searches