Viitsisikö joku katsoa,

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by JAMATO, Jul 16, 2008.

Thread Status:
Not open for further replies.
  1. JAMATO

    JAMATO Member

    Joined:
    Apr 22, 2008
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Juupa jos joku fiksu jaksas kahtoa tuon läpi.

    HjT:

    ComboFix 08-07-15.4 - Henri 2008-07-16 21:26:50.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.680 [GMT 3:00]
    Running from: C:\Documents and Settings\Henri\Työpöytä\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ddcYsPij.dll
    C:\WINDOWS\system32\ssqQjHxv.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-06-16 to 2008-07-16 )))))))))))))))))
    .

    2008-07-16 20:51 . 2008-07-16 20:51 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-16 20:51 . 2008-07-16 20:51 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\Malwarebytes
    2008-07-16 20:51 . 2008-07-16 20:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-16 20:51 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-16 20:51 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-16 20:35 . 2008-07-16 20:35 <KANSIO> d-------- C:\Program Files\ToniArts
    2008-07-16 00:58 . 2008-07-16 19:38 <KANSIO> d-------- C:\Program Files\XviD
    2008-07-16 00:57 . 2006-02-09 17:19 15,120 --a------ C:\WINDOWS\system32\PDINFO.xpd
    2008-07-16 00:56 . 2008-07-16 00:56 <KANSIO> d-------- C:\Program Files\Samsung
    2008-07-16 00:56 . 2008-07-16 00:56 <KANSIO> d-------- C:\Program Files\MarkAny
    2008-07-15 23:54 . 2008-07-15 23:54 <KANSIO> d-------- C:\Program Files\Adobe Photoshop CS3 Extended + Crack
    2008-07-15 23:53 . 2008-07-15 23:53 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-07-15 23:53 . 2008-07-15 23:53 <KANSIO> d-------- C:\Program Files\Bonjour
    2008-07-14 22:18 . 2008-07-14 22:18 1,841,373 ---hs---- C:\WINDOWS\system32\igejxdkf.tmp
    2008-07-13 22:59 . 2008-07-16 20:06 110,415 --a------ C:\WINDOWS\BM73e905f3.xml
    2008-07-13 22:22 . 2008-07-13 22:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-07-12 14:35 . 2008-07-12 14:35 <KANSIO> d-------- C:\Guitar
    2008-07-12 14:31 . 2008-07-12 14:31 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
    2008-07-12 02:30 . 2008-07-12 02:38 <KANSIO> d-------- C:\Program Files\DC++
    2008-07-12 02:03 . 2008-07-12 02:39 <KANSIO> d-------- C:\Program Files\Quintessential Media Player
    2008-07-12 01:07 . 2008-07-12 01:07 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\vlc
    2008-07-12 01:04 . 2008-07-12 01:04 <KANSIO> d-------- C:\Program Files\VideoLAN
    2008-07-12 00:39 . 2008-07-12 00:39 <KANSIO> d-------- C:\Program Files\uTorrent
    2008-07-12 00:39 . 2008-07-16 20:42 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\uTorrent
    2008-07-11 21:59 . 2008-07-12 00:24 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-07-11 21:59 . 2008-07-12 00:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-07-11 21:58 . 2008-07-11 21:58 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
    2008-07-11 21:58 . 2008-07-11 21:58 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-07-11 21:47 . 2008-07-11 21:47 <KANSIO> d---s---- C:\Documents and Settings\Henri\UserData
    2008-07-11 21:42 . 2008-07-11 21:42 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-07-11 21:42 . 2008-07-11 21:42 <KANSIO> d-------- C:\Program Files\MSN Messenger
    2008-07-11 21:42 . 2008-07-12 22:42 <KANSIO> d-------- C:\Documents and Settings\Henri\Contacts
    2008-07-11 21:01 . 2008-07-11 21:01 287 --a------ C:\WINDOWS\game.ini
    2008-07-11 20:50 . 2008-07-11 20:50 <KANSIO> d-------- C:\Program Files\Activision
    2008-07-11 20:48 . 2008-07-11 20:48 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2008-07-11 20:31 . 2008-07-11 20:32 <KANSIO> d-------- C:\Program Files\DAEMON Tools Toolbar
    2008-07-11 20:31 . 2008-07-11 20:32 <KANSIO> d-------- C:\Program Files\DAEMON Tools Lite
    2008-07-11 20:29 . 2008-07-11 20:29 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-07-11 20:28 . 2008-07-11 20:28 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\DAEMON Tools
    2008-07-11 20:20 . 2008-07-11 20:20 <KANSIO> d-------- C:\Program Files\C-Media 3D Audio
    2008-07-11 20:20 . 2004-01-07 10:14 2,453,504 --a------ C:\WINDOWS\system\cmicnfg.cpl
    2008-07-11 20:16 . 2008-07-11 20:16 <KANSIO> d-------- C:\Documents and Settings\Henri\WINDOWS
    2008-07-11 20:16 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
    2008-07-11 20:15 . 2000-03-29 17:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
    2008-07-11 20:15 . 2008-07-11 20:19 3,015 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-07-11 20:07 . 2008-07-11 20:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    2008-07-11 18:40 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-11 18:40 . 2008-07-11 18:40 0 --a------ C:\WINDOWS\nsreg.dat
    2008-07-11 18:39 . 2008-07-11 18:39 7,330,552 --a------ C:\Program Files\Firefox Setup 3.0.exe
    2008-07-11 18:36 . 2008-07-11 18:36 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-07-11 18:34 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-07-11 18:33 . 2008-07-11 18:35 <KANSIO> d-------- C:\Program Files\ATI Technologies
    2008-07-11 18:32 . 2008-07-11 18:32 <KANSIO> d-------- C:\ATI
    2008-07-11 18:25 . 2008-07-12 17:17 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2008-07-11 18:25 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-07-11 18:18 . 2008-07-11 18:18 <KANSIO> d-------- C:\Program Files\Alwil Software
    2008-07-11 18:17 . 2008-07-11 18:18 22,946,227 --a------ C:\Program Files\avast_home_v4.8.1201.zip
    2008-07-11 18:09 . 2008-07-16 20:35 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
    2008-07-11 18:08 . 2008-07-11 18:08 <KANSIO> d-------- C:\WINDOWS\system32\Adobe
    2008-07-11 18:08 . 2008-07-11 18:08 <KANSIO> d-------- C:\WINDOWS\Profiles
    2008-07-11 18:08 . 2008-07-11 18:08 <KANSIO> d-------- C:\Program Files\D-Link
    2008-07-11 18:08 . 2008-07-11 18:34 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
    2008-07-11 18:08 . 2008-07-16 00:55 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
    2008-07-11 18:08 . 2008-07-11 18:08 <KANSIO> d-------- C:\Documents and Settings\Henri\Application Data\InterTrust
    2008-07-11 18:08 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-07-11 17:05 . 2008-07-11 19:40 <KANSIO> d--h----- C:\Documents and Settings\Henri\Verkkoymp„rist”
    2008-07-11 17:05 . 2008-07-16 21:20 <KANSIO> d-------- C:\Documents and Settings\Henri\Ty”p”yt„
    2008-07-11 17:05 . 2008-07-11 19:40 <KANSIO> d--h----- C:\Documents and Settings\Henri\Tulostinymp„rist”
    2008-07-11 17:05 . 2008-07-11 17:05 <KANSIO> dr------- C:\Documents and Settings\Henri\Suosikit
    2008-07-11 17:05 . 2008-07-16 00:52 <KANSIO> dr------- C:\Documents and Settings\Henri\Omat tiedostot
    2008-07-11 17:05 . 2008-07-14 00:58 <KANSIO> d--h----- C:\Documents and Settings\Henri\Mallit
    2008-07-11 17:05 . 2008-07-16 20:30 <KANSIO> dr------- C:\Documents and Settings\Henri\K„ynnist„-valikko
    2008-07-11 17:05 . 2008-07-16 21:26 <KANSIO> d-------- C:\Documents and Settings\Henri
    2008-07-11 17:03 . 2008-07-11 17:03 <KANSIO> d---s---- C:\WINDOWS\system32\Microsoft
    2008-07-11 17:03 . 2008-07-16 20:31 <KANSIO> d--hs---- C:\Documents and Settings\NetworkService
    2008-07-11 17:03 . 2008-07-16 20:31 <KANSIO> d--hs---- C:\Documents and Settings\LocalService
    2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> d--h----- C:\WINDOWS\system32\config\systemprofile\Verkkoymp„rist”
    2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Ty”p”yt„
    2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> d--h----- C:\WINDOWS\system32\config\systemprofile\Tulostinymp„rist”
    2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Suosikit
    2008-07-11 17:02 . 2008-07-11 16:57 <KANSIO> d--h----- C:\WINDOWS\system32\config\systemprofile\Mallit
    2008-07-11 17:02 . 2008-07-11 19:40 <KANSIO> dr------- C:\WINDOWS\system32\config\systemprofile\K„ynnist„-valikko
    2008-07-11 17:01 . 2004-09-15 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-07-11 17:00 . 2008-07-11 17:00 <KANSIO> d-------- C:\WINDOWS\system32\xircom
    2008-07-11 17:00 . 2008-07-11 17:00 <KANSIO> d-------- C:\Program Files\microsoft frontpage

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-15 20:44 --------- d-----w C:\Program Files\Warcraft III
    2008-07-11 22:07 --------- d-----w C:\Documents and Settings\Henri\Application Data\vlc
    2008-07-11 17:26 --------- d-----w C:\Program Files\PC Wizard 2008
    2008-07-11 16:55 2,829 ----a-w C:\WINDOWS\War3Unin.pif
    2008-07-11 16:55 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-07-11 16:37 --------- d-----w C:\Program Files\directX
    2008-07-11 16:36 35,113,704 ----a-w C:\Program Files\directx_9c_redist.exe
    2008-07-11 16:30 --------- d-----w C:\Documents and Settings\Henri\Application Data\ATI
    2008-07-11 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
    2008-07-11 16:18 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
    2008-07-11 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
    2008-07-11 16:01 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
    2008-07-11 16:01 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
    2008-07-11 16:01 19,564,288 ----a-w C:\Program Files\CFP_Setup_3.0.25.378_XP_Vista_x32.exe
    2008-07-11 16:01 --------- d-----w C:\Program Files\COMODO
    2008-07-11 16:01 --------- d-----w C:\Documents and Settings\Henri\Application Data\Comodo
    2008-06-14 17:59 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ------- Sigcheck -------

    2004-09-15 15:00 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\svchost.exe
    2004-09-15 15:00 14336 34c8d42b876703b3abf0562307428561 C:\WINDOWS\system32\dllcache\svchost.exe
    .
    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-08 18:59 683464]

    [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
    [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
    [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-08 18:59 683464]

    [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
    [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
    [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-04 18:01 486856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-11 19:01 1655552]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 15:00 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-11 19:01]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-11 19:01]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Cmaudio - cmicnfg.cpl


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-16 21:31:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\ComboFix\30create.dat 10456 bytes
    C:\ComboFix\CreateC00
    C:\ComboFix\CreateC00.bat

    scan completed successfully
    hidden files: 3

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Completion time: 2008-07-16 21:35:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-16 18:34:23

    Pre-Run: 138,573,148,160 tavua vapaana
    Post-Run: 138,576,953,344 tavua vapaana

    206 --- E O F --- 2008-07-12 14:17:49
     
    JAMATO, Jul 16, 2008
    #1
Thread Status:
Not open for further replies.

Share This Page