HJT logi virusten poiston jäljiltä

Radetz · 26.06.2008

Mjoo eli koneelle iski iso kasa kaikenlaista moskaa ja poistelua tuli harjoitettua muun muassa ComboFixillä, Malwarebytesin Anti-Malwarella, Trojan Removerilla ja ties millä. Kone ainakin tuntuisi toimivan normaalisti ja mitään ihmeellistä roskaa ei scannauksissa löydy. Tässä nyt HJT logi jonka joku osaavampi voisi katsoa vielä:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:14, on 26.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\HDTUNE~1\HDTUNE~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Anime, Manga yms\DOWNLOADS\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HD Tune Pro] C:\PROGRA~1\HDTUNE~1\HDTUNE~1.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7578 bytes

AfterDawn

yaht · 26.06.2008

Ihan hyvältä tuo logi näyttää lähetä viellä combofix:in logi niin katson näkyykö siinä mitään poistettavaa.

Radetz · 26.06.2008

ComboFix 08-06-20.4 - Rejn 2008-06-26 23:11:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1359 [GMT 3:00]
Running from: C:\Documents and Settings\Rejn\Työpöytä\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\system\

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-26 to 2008-06-26 )))))))))))))))))
.

2008-06-26 18:18 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-26 18:18 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-26 18:18 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-26 18:18 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-26 18:18 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-26 18:18 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-26 18:18 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-26 18:18 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-26 18:18 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe.vir
2008-06-26 17:49 . 2008-06-26 17:49 <KANSIO> d-------- C:\Temp\itmp4
2008-06-26 17:49 . 2008-06-26 17:49 <KANSIO> d-------- C:\Temp
2008-06-26 17:48 . 2008-06-26 17:48 102,400 --a------ C:\Documents and Settings\All Users\Application Data\vklotize.dll
2008-06-26 17:48 . 2008-06-26 17:48 23,048 --a------ C:\WINDOWS\444.471.vir
2008-06-25 18:34 . 2008-06-26 19:30 <KANSIO> d-------- C:\Program Files\a-squared Free
2008-06-25 15:38 . 2008-06-25 15:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 01:35 . 2001-09-06 10:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-25 01:35 . 2007-06-25 14:02 475,136 --a------ C:\WINDOWS\system32\SkinCrafter2.dll
2008-06-24 21:13 . 2008-06-24 21:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-24 21:09 . 2008-06-24 21:10 <KANSIO> d-------- C:\Program Files\ATI Technologies
2008-06-24 21:09 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-06-24 16:56 . 2008-06-25 15:39 4,096 --a------ C:\WINDOWS\system32\crash
2008-06-23 13:24 . 2008-06-23 13:24 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-23 13:24 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-23 11:42 . 2008-06-23 11:42 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 11:42 . 2008-06-23 11:42 <KANSIO> d-------- C:\Documents and Settings\Rejn\Application Data\Malwarebytes
2008-06-23 11:42 . 2008-06-23 11:42 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 11:42 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 11:42 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-23 11:30 . 2008-06-26 18:48 2,424 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-23 01:50 . 2008-06-23 01:50 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-22 23:23 . 2008-06-25 15:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-22 15:54 . 2008-06-22 15:54 361,344 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-06-18 19:21 . 2008-06-18 19:30 <KANSIO> d-------- C:\GTA Vice City ISO
2008-06-18 19:11 . 2008-06-23 01:42 <KANSIO> d-------- C:\Program Files\Rockstar Games
2008-06-17 20:55 . 2008-05-23 01:22 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-06-17 20:55 . 2008-05-23 01:22 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-06-17 02:07 . 2008-06-17 02:07 <KANSIO> d-------- C:\Documents and Settings\Rejn\Downloads
2008-06-16 00:10 . 2008-06-16 00:10 28,672 --a------ C:\WINDOWS\system32\klfv.exe
2008-06-16 00:01 . 2008-06-16 00:01 921,654 --a------ C:\WINDOWS\stones6865E094.bmp
2008-06-16 00:01 . 2008-06-16 00:09 94 --a------ C:\WINDOWS\system32\run.bat
2008-06-16 00:01 . 2008-06-16 00:01 19 --a------ C:\WINDOWS\CTDChannels_Version.6865E094.cdf
2008-06-16 00:00 . 2008-06-16 00:00 135,168 --a------ C:\WINDOWS\system32\Lock.dll
2008-06-16 00:00 . 2008-06-16 00:09 1,940 --a------ C:\WINDOWS\system32\fv2.lic
2008-06-15 19:41 . 2008-06-12 20:37 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-06-15 13:03 . 2008-06-15 13:03 <KANSIO> d-------- C:\Program Files\CDCheck
2008-06-14 20:26 . 2008-06-18 18:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-14 20:18 . 2008-06-14 20:18 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-14 20:18 . 2008-06-14 20:26 35,628 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-14 20:18 . 2008-06-14 20:18 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-14 20:11 . 2008-06-18 14:24 <KANSIO> d-------- C:\Program Files\Diablo II
2008-06-14 19:17 . 2008-06-14 19:17 12,540 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-14 16:52 . 2008-06-14 16:52 248 --a------ C:\WINDOWS\RomeTW.ini
2008-06-14 16:41 . 2008-06-14 16:41 <KANSIO> d-------- C:\Program Files\Activision
2008-06-13 18:32 . 2008-06-13 18:34 <KANSIO> d-------- C:\Program Files\DFX
2008-06-13 18:32 . 2008-06-13 18:32 <KANSIO> d-------- C:\Program Files\Common Files\DFX
2008-06-13 18:32 . 2008-06-13 18:32 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\DFX
2008-06-13 17:39 . 2008-06-23 15:29 <KANSIO> d-------- C:\Program Files\JockerSoft
2008-06-13 16:34 . 2008-06-13 19:59 <KANSIO> d-------- C:\Program Files\DU Meter
2008-06-13 16:33 . 2008-06-13 16:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-06-12 21:36 . 2008-06-12 21:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-12 09:28 . 2008-06-12 09:28 56,108 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-11 17:28 . 2008-06-14 20:34 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 17:28 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 12:31 . 2008-06-11 12:31 20 --a------ C:\WINDOWS\system32\SYSTEM
2008-06-08 23:28 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-06-05 23:35 . 2008-06-13 14:15 <KANSIO> d-------- C:\Program Files\Tortun
2008-06-04 18:01 . 2008-06-04 18:01 <KANSIO> d-------- C:\Documents and Settings\Rejn\Application Data\DVDFab
2008-06-04 17:56 . 2008-06-07 01:50 <KANSIO> d-------- C:\Program Files\DVDFab 5
2008-06-03 16:01 . 2008-06-03 16:01 <KANSIO> d-------- C:\Program Files\Common Files\CyberLink
2008-06-03 16:00 . 2008-06-03 15:59 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-06-03 06:46 . 2008-06-03 06:46 10,276,864 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-06-03 06:22 . 2008-06-03 06:22 413,696 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 06:11 . 2008-06-03 06:11 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 06:11 . 2008-06-03 06:11 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 06:11 . 2008-06-03 06:11 139,264 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 06:11 . 2008-06-03 06:11 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 06:11 . 2008-06-03 06:11 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 06:09 . 2008-06-03 06:09 552,960 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 06:08 . 2008-06-03 06:08 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 06:04 . 2008-06-03 06:04 245,760 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 06:02 . 2008-06-03 06:02 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 05:47 . 2008-06-03 05:47 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-06-03 05:47 . 2008-06-03 05:47 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-06-03 05:47 . 2008-06-03 05:47 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-06-03 05:33 . 2008-06-03 05:33 48,128 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 05:29 . 2008-06-03 05:29 348,160 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-06-03 05:28 . 2008-06-03 05:28 23,040 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 05:28 . 2008-06-03 05:28 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-06-03 05:27 . 2008-06-03 05:27 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 05:22 . 2008-06-03 05:22 5,439,488 --a------ C:\WINDOWS\system32\atioglxx.dll
2008-06-02 15:33 . 2008-06-02 15:33 <KANSIO> d-------- C:\WINDOWS\lhsp
2008-06-02 15:32 . 2000-04-11 12:00 264,288 --a------ C:\WINDOWS\system32\AMERICAN.VTD
2008-06-02 15:32 . 2000-04-14 12:00 188,416 --a------ C:\WINDOWS\system32\UT_VM.dll
2008-06-02 15:32 . 2000-04-11 12:00 126,976 --a------ C:\WINDOWS\system32\cPopMenu6.ocx
2008-06-02 15:32 . 2000-04-11 12:00 97,280 --a------ C:\WINDOWS\system32\Vspell32.ocx
2008-06-02 15:32 . 2000-04-11 12:00 70,656 --a------ C:\WINDOWS\system32\VSPELL32.DLL
2008-06-02 15:32 . 2000-04-11 12:00 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-06-02 15:31 . 2008-06-26 19:06 <KANSIO> d-------- C:\Program Files\UTDeluxe
2008-06-02 15:31 . 2000-04-11 12:00 244,232 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX
2008-05-31 13:56 . 2008-05-31 13:56 <KANSIO> d-------- C:\Program Files\LittleFighter2
2008-05-30 21:27 . 2008-05-30 21:27 57,344 --a------ C:\WINDOWS\system32\binkp2x.dll
2008-05-30 21:27 . 2008-05-30 21:27 49,152 --a------ C:\WINDOWS\system32\brwsvc.dll
2008-05-30 21:27 . 2008-05-30 21:27 20,480 --a------ C:\WINDOWS\system32\nt32int.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 20:12 --------- d-----w C:\Program Files\mIRC
2008-06-26 20:10 --------- d-----w C:\Documents and Settings\Rejn\Application Data\SiteAdvisor
2008-06-26 16:57 60,416 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2008-06-26 16:57 3,216,896 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2008-06-26 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-26 16:35 --------- d-----w C:\Program Files\RegVac Registry Cleaner
2008-06-26 16:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 16:33 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-26 15:53 3,213,824 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2008-06-26 15:53 3,056,640 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2008-06-26 15:37 --------- d-----w C:\Documents and Settings\Rejn\Application Data\uTorrent
2008-06-26 15:36 11,248 ----a-w C:\WINDOWS\Prefetch\444.471-1784917C.pf.vir
2008-06-26 14:48 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\vklotize.dll
2008-06-26 10:09 --------- d-----w C:\Program Files\Euroword2004
2008-06-26 09:36 --------- d-----w C:\Program Files\ffdshow
2008-06-26 09:36 --------- d-----w C:\Program Files\DScaler5
2008-06-25 22:33 3,150,848 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2008-06-25 22:33 1,852,928 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-06-25 12:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 12:39 3,140,608 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2008-06-25 12:39 3,054,080 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-06-25 08:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-24 22:50 --------- d-----w C:\Program Files\Trojan Remover
2008-06-24 22:17 --------- d-----w C:\Program Files\Driver Magician
2008-06-24 13:56 858,624 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2008-06-24 13:56 3,090,432 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2008-06-24 13:46 3,120,640 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2008-06-24 13:46 3,090,432 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2008-06-23 12:29 --------- d-----w C:\Program Files\DivX
2008-06-23 12:27 --------- d-----w C:\Program Files\Replay Media Catcher
2008-06-23 10:33 4,008,043 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-23 10:24 --------- d-----w C:\Program Files\Java
2008-06-23 07:06 --------- d-----w C:\Program Files\PowerISO
2008-06-22 20:22 --------- d-----w C:\Documents and Settings\Rejn\Application Data\FileZilla
2008-06-22 12:55 460,288 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2008-06-22 12:55 2,976,768 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2008-06-22 12:54 361,344 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-22 12:54 361,344 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-06-21 20:02 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-06-20 12:16 385,536 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
2008-06-20 12:16 2,968,576 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2008-06-19 23:35 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-19 23:35 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-19 23:35 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-18 12:57 72,192 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
2008-06-18 12:57 2,953,216 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
2008-06-17 23:12 542,720 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
2008-06-17 17:56 --------- d-----w C:\Documents and Settings\Rejn\Application Data\DivX
2008-06-15 19:19 --------- d-----w C:\Program Files\Easy CD-DA Extractor 11
2008-06-15 10:09 --------- d-----w C:\Program Files\SHOUTcast Source
2008-06-14 17:34 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 00:32 749,568 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
2008-06-14 00:32 2,827,776 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
2008-06-12 17:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-09 10:31 20,201,305 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_06_09_13_24_13_full.dmp.zip
2008-06-07 12:52 354,560 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-06 23:29 977,920 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
2008-06-06 23:29 2,735,104 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
2008-06-04 14:53 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-06-03 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-03 13:01 --------- d-----w C:\Documents and Settings\Rejn\Application Data\CyberLink
2008-06-03 13:00 --------- d-----w C:\Program Files\CyberLink
2008-06-03 12:59 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-03 12:59 353,576 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-02 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zoom Player
2008-06-02 15:10 4,752,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-06-02 14:10 --------- d-----w C:\Program Files\DiskTrix
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 22:37 647,680 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2008-05-30 22:37 2,653,184 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
2008-05-28 11:52 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-26 23:37 366,080 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-05-26 23:37 2,631,680 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-05-26 14:00 --------- d-----w C:\Program Files\Opera
2008-05-26 13:55 --------- d-----w C:\Program Files\UltraISO
2008-05-26 13:53 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-05-24 01:58 2,618,368 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-05-24 01:58 130,048 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-05-23 18:54 --------- d-----w C:\Program Files\QuickTime
2008-05-23 18:49 --------- d-----w C:\Program Files\Apple Software Update
2008-05-23 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-22 22:28 464,384 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-05-22 22:28 2,617,856 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
.

------- Sigcheck -------

2006-04-20 15:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 20:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-11-04 01:43 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 22:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-06-22 15:54 361344 8e036eec565910417ea020ce0962aa24 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-06-22 15:54 361344 8e036eec565910417ea020ce0962aa24 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-13 19:59 2645528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-20 02:35 1231128]
"HD Tune Pro"="C:\PROGRA~1\HDTUNE~1\HDTUNE~1.EXE" [2008-03-07 04:59 227328]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 11:52 167936]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Cerberus\\Cerberus.exe"=
"C:\\Anime, Manga yms\\DOWNLOADS\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Flagship Studios\\Mythos\\bin\\Mythos.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-20 02:35]
R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-02-09 22:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-20 02:35]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-05-15 12:07]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-20 02:35]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-20 02:35]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-10 17:16]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [2007-02-03 04:18]
R2 MRUWebService;MRU Web Service;"C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe" -k runservice []
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:12]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 19:26]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 19:26]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-07 15:52]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-26 20:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-20 14:40:26 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-21 14:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 23:12:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2008-06-26 23:13:22
ComboFix-quarantined-files.txt 2008-06-26 20:13:19
ComboFix2.txt 2008-06-26 15:58:30

Pre-Run: 167,203,450,880 tavua vapaana
Post-Run: 167,180,947,456 tavua vapaana

321 --- E O F --- 2008-06-20 12:00:58

Kirjaudu tai liity jäseneksi

HJT logi virusten poiston jäljiltä

Radetz Member

yaht Regular member

Radetz Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

HJT logi virusten poiston jäljiltä

Radetz Member

yaht Regular member

Radetz Member

Jaa tämä sivu

Hyödyllisiä hakuja