1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

hjt-logi, active desktop herjailee ja iexplore..

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Palle00 17.02.2008.

Sivu 2 / 3
  1. Hujo

    Hujo Guest

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna se nimellä CFScript

    Sitten raahaa CFScript ComboFix.exeen kuten alla.
    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
     
    Hujo, 17.02.2008
    #21
  2.  
  3. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    ComboFix 08-02-17.2 - Pauli 2008-02-17 22:08:10.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.591 [GMT 2:00]
    Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-17 to 2008-02-17 )))))))))))))))))
    .

    2008-02-17 21:24 . 2008-02-17 21:51 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
    2008-02-17 16:25 . 2008-02-17 16:53 <KANSIO> d-------- C:\VundoFix Backups
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
    2008-02-17 12:58 . 2008-02-17 12:58 54,272 --a------ C:\kdbfoifg.exe
    2008-02-17 12:58 . 2008-02-17 12:58 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
    2008-02-17 12:58 . 2008-02-17 21:53 21,120 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
    2008-02-17 12:58 . 2008-02-17 12:58 2 --a------ C:\1960262883
    2008-02-17 12:33 . 2008-02-17 21:54 <KANSIO> d-------- C:\HijackThis
    2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
    2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
    2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
    2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
    2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
    2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
    2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
    2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
    2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
    2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
    2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
    2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
    2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
    2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
    2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
    2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
    2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
    2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
    2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
    2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
    2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
    2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
    2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
    2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\free-downloads.net
    2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
    2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
    2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
    2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
    2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
    2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
    2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
    2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
    2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
    2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
    2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
    2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
    2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
    2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
    2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
    2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
    2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
    2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
    2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
    2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
    2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
    2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
    2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
    2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-26 10:11 . 2008-02-17 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
    2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
    2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
    2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
    2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
    2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
    2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
    2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
    2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
    2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
    2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
    "ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

    C:\Documents and Settings\Pauli\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe [2008-02-02 21:33:58 172032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    WLCtrl32.dll 2008-02-17 21:51 6656 C:\WINDOWS\system32\WLCtrl32.dll

    R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-17 21:53]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
    \Shell\AutoRun\command - D:\CD.EXE

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 22:10:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    .
    Completion time: 2008-02-17 22:11:09
    ComboFix-quarantined-files.txt 2008-02-17 20:10:53
    ComboFix2.txt 2008-02-17 19:25:30
    ComboFix3.txt 2008-02-17 18:41:41
    ComboFix4.txt 2008-02-17 15:54:11
    .
    2008-01-26 07:34:54 --- E O F ---
     
    Palle00, 17.02.2008
    #22
  4. Hujo

    Hujo Guest

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna se nimellä CFScript

    Sitten raahaa CFScript ComboFix.exeen kuten alla.
    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
     
    Hujo, 17.02.2008
    #23
  5. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    ComboFix 08-02-17.2 - Pauli 2008-02-17 22:28:51.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.486 [GMT 2:00]
    Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\WLCtrl32.dll
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\WLCtrl32.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-17 to 2008-02-17 )))))))))))))))))
    .

    2008-02-17 16:25 . 2008-02-17 16:53 <KANSIO> d-------- C:\VundoFix Backups
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
    2008-02-17 12:58 . 2008-02-17 12:58 54,272 --a------ C:\kdbfoifg.exe
    2008-02-17 12:58 . 2008-02-17 12:58 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
    2008-02-17 12:58 . 2008-02-17 22:32 21,120 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
    2008-02-17 12:58 . 2008-02-17 12:58 2 --a------ C:\1960262883
    2008-02-17 12:33 . 2008-02-17 21:54 <KANSIO> d-------- C:\HijackThis
    2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
    2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
    2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
    2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
    2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
    2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
    2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
    2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
    2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
    2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
    2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
    2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
    2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
    2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
    2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
    2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
    2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
    2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
    2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
    2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
    2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
    2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
    2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
    2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\free-downloads.net
    2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
    2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
    2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
    2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
    2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
    2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
    2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
    2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
    2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
    2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
    2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
    2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
    2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
    2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
    2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
    2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
    2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
    2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
    2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
    2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
    2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
    2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
    2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
    2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-26 10:11 . 2008-02-17 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
    2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
    2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
    2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
    2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
    2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
    2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
    2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
    2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\K„ynnist„-valikko
    2008-01-25 19:57 . 2008-01-25 20:04 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
    2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
    2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    .

    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
    "ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    WLCtrl32.dll

    R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-17 22:32]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
    \Shell\AutoRun\command - D:\CD.EXE

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-17 22:32:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\WLCtrl32.dll

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-17 22:34:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-17 20:34:16
    ComboFix2.txt 2008-02-17 20:11:10
    ComboFix3.txt 2008-02-17 19:25:30
    ComboFix4.txt 2008-02-17 18:41:41
    ComboFix5.txt 2008-02-17 15:54:11
    .
    2008-01-26 07:34:54 --- E O F ---
     
    Palle00, 17.02.2008
    #24
  6. Hujo

    Hujo Guest

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna se nimellä CFScript

    Sitten raahaa CFScript ComboFix.exeen kuten alla.
    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.


    ===============

    Laita vielä hjt:n loki ja combofix loki
     
    Hujo, 17.02.2008
    #25
  7. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    ComboFix 08-02-17.2 - Pauli 2008-02-18 17:27:19.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.605 [GMT 2:00]
    Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-18 to 2008-02-18 )))))))))))))))))
    .

    2008-02-18 17:23 . 2008-02-18 17:23 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
    2008-02-17 16:25 . 2008-02-17 16:53 <KANSIO> d-------- C:\VundoFix Backups
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
    2008-02-17 12:58 . 2008-02-17 12:58 54,272 --a------ C:\kdbfoifg.exe
    2008-02-17 12:58 . 2008-02-17 12:58 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
    2008-02-17 12:58 . 2008-02-18 17:24 21,632 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
    2008-02-17 12:58 . 2008-02-17 12:58 2 --a------ C:\1960262883
    2008-02-17 12:33 . 2008-02-17 21:54 <KANSIO> d-------- C:\HijackThis
    2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
    2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
    2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
    2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
    2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
    2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
    2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
    2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
    2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
    2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
    2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
    2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
    2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
    2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
    2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
    2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
    2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
    2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
    2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
    2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
    2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
    2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
    2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
    2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\free-downloads.net
    2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
    2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
    2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
    2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
    2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
    2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
    2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
    2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
    2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
    2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
    2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
    2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
    2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
    2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
    2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
    2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
    2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
    2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
    2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
    2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
    2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
    2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
    2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
    2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-26 10:11 . 2008-02-17 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
    2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
    2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
    2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
    2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
    2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
    2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
    2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
    2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
    2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
    2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
    "ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

    C:\Documents and Settings\Pauli\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe [2008-02-02 21:33:58 172032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    WLCtrl32.dll 2008-02-18 17:23 6656 C:\WINDOWS\system32\WLCtrl32.dll

    R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-18 17:24]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
    \Shell\AutoRun\command - D:\CD.EXE

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 17:29:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\WLCtrl32.dll

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    .
    Completion time: 2008-02-18 17:29:48
    ComboFix-quarantined-files.txt 2008-02-18 15:29:38
    ComboFix2.txt 2008-02-17 20:34:47
    ComboFix3.txt 2008-02-17 20:11:10
    ComboFix4.txt 2008-02-17 19:25:30
    ComboFix5.txt 2008-02-17 18:41:41
    .
    2008-01-26 07:34:54 --- E O F ---




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:30:57, on 18.2.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Vista Drive Icon\DrvIcon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\Scanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = ?
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 5421 bytes


    Ja tässäpä jälleen tutkittavaa..
     
    Palle00, 18.02.2008
    #26
  8. Hujo

    Hujo Guest

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna se nimellä CFScript.txt

    Sitten raahaa CFScript ComboFix.exeen kuten alla.
    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
     
    Hujo, 18.02.2008
    #27
  9. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    ComboFix 08-02-17.2 - Pauli 2008-02-18 19:12:48.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.496 [GMT 2:00]
    Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\1960262883
    C:\kdbfoifg.exe
    C:\WINDOWS\system32\marwin32.dll
    C:\WINDOWS\system32\WLCtrl32.dll
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\1960262883
    C:\kdbfoifg.exe
    C:\Program Files\free-downloads.net
    C:\Program Files\tmp1911765.exe\
    C:\Program Files\tmp1911796.exe\
    C:\Program Files\tmp331703.exe\
    C:\Program Files\tmp5016875.exe\
    C:\Program Files\tmp5016937.exe\
    C:\Program Files\tmp5025421.exe\
    C:\Program Files\tmp5027343.exe\
    C:\WINDOWS\system32\marwin32.dll
    C:\WINDOWS\system32\WLCtrl32.dll
    C:\VundoFix Backups
    C:\VundoFix Backups\awtspon.dll.bad
    C:\VundoFix Backups\fccbaay.dll.bad
    C:\VundoFix Backups\geeby.dll.bad
    C:\VundoFix Backups\hgdhohdt.dll.bad
    C:\VundoFix Backups\jexjtfep.ini.bad
    C:\VundoFix Backups\peftjxej.dll.bad
    C:\VundoFix Backups\rqrpqrq.dll.bad
    C:\VundoFix Backups\ybeeg.ini.bad
    C:\VundoFix Backups\ybeeg.ini2.bad

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-18 to 2008-02-18 )))))))))))))))))
    .

    2008-02-18 18:33 . 2008-02-18 18:33 <KANSIO> d-------- C:\Program Files\ffdshow
    2008-02-18 18:33 . 2008-02-15 19:13 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
    2008-02-18 18:33 . 2008-02-15 19:13 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-02-18 18:33 . 2008-02-15 19:13 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-02-18 18:17 . 2008-02-18 18:17 <KANSIO> d-------- C:\Program Files\TimeAdjuster
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
    2008-02-17 12:58 . 2008-02-18 19:16 21,632 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
    2008-02-17 12:33 . 2008-02-18 17:30 <KANSIO> d-------- C:\HijackThis
    2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
    2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
    2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
    2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
    2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
    2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
    2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
    2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
    2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
    2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
    2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
    2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
    2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
    2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
    2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
    2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
    2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
    2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
    2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
    2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
    2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
    2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
    2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
    2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
    2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
    2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
    2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
    2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
    2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
    2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
    2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
    2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
    2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
    2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
    2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
    2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
    2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
    2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
    2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
    2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
    2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
    2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
    2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
    2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
    2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
    2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
    2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-26 10:11 . 2008-02-18 18:18 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
    2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
    2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
    2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
    2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
    2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
    2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
    2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
    2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\K„ynnist„-valikko
    2008-01-25 19:57 . 2008-01-25 20:04 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
    2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
    2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
    "ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    WLCtrl32.dll

    R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-18 19:16]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
    \Shell\AutoRun\command - D:\CD.EXE

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 19:16:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\WLCtrl32.dll

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-18 19:18:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-18 17:18:08
    ComboFix2.txt 2008-02-18 15:29:49
    ComboFix3.txt 2008-02-17 20:34:47
    ComboFix4.txt 2008-02-17 20:11:10
    ComboFix5.txt 2008-02-17 19:25:30
    .
    2008-01-26 07:34:54 --- E O F ---
     
    Palle00, 18.02.2008
    #28
  10. Hujo

    Hujo Guest

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna se nimellä CFScript.txt

    Sitten raahaa CFScript ComboFix.exeen kuten alla.
    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

    kato että tuo ei löydy Prosessit
    WLCtrl32.dll

    Ctrl+Alt+Del Prosessit välilehti
     
    Moderaattorin viimeksi muokkaama: 18.02.2008
    Hujo, 18.02.2008
    #29
  11. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    Ei löydy prosesseista wlctrl32.dll

    ComboFix 08-02-17.2 - Pauli 2008-02-18 20:57:28.8 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.566 [GMT 2:00]
    Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Pauli\Työpöytä\CFScript
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\tmp1911765.exe\
    C:\Program Files\tmp1911796.exe\
    C:\Program Files\tmp331703.exe\
    C:\Program Files\tmp5016875.exe\
    C:\Program Files\tmp5016937.exe\
    C:\Program Files\tmp5025421.exe\
    C:\Program Files\tmp5027343.exe\

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-18 to 2008-02-18 )))))))))))))))))
    .

    2008-02-18 18:33 . 2008-02-18 18:33 <KANSIO> d-------- C:\Program Files\ffdshow
    2008-02-18 18:33 . 2008-02-15 19:13 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
    2008-02-18 18:33 . 2008-02-15 19:13 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-02-18 18:33 . 2008-02-15 19:13 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-02-18 18:17 . 2008-02-18 18:17 <KANSIO> d-------- C:\Program Files\TimeAdjuster
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
    2008-02-17 12:58 . 2008-02-18 19:16 21,632 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
    2008-02-17 12:33 . 2008-02-18 17:30 <KANSIO> d-------- C:\HijackThis
    2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
    2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
    2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
    2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
    2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
    2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
    2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
    2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
    2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
    2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
    2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
    2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
    2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
    2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
    2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
    2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
    2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
    2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
    2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
    2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
    2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
    2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
    2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
    2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
    2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
    2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
    2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
    2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
    2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
    2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
    2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
    2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
    2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
    2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
    2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
    2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
    2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
    2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
    2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
    2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
    2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
    2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
    2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
    2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
    2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
    2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
    2008-01-26 10:12 . 2008-02-17 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-26 10:11 . 2008-02-18 18:18 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
    2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
    2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
    2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
    2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
    2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
    2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
    2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
    2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
    2008-01-25 19:57 . 2008-01-25 20:04 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
    2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
    2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
    "ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

    C:\Documents and Settings\Pauli\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe [2008-02-02 21:33:58 172032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    WLCtrl32.dll

    R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-18 19:16]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
    \Shell\AutoRun\command - D:\CD.EXE

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 20:59:20
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\WLCtrl32.dll
    .
    Completion time: 2008-02-18 21:00:02
    ComboFix-quarantined-files.txt 2008-02-18 18:59:52
    ComboFix2.txt 2008-02-18 17:18:40
    ComboFix3.txt 2008-02-18 15:29:49
    ComboFix4.txt 2008-02-17 20:34:47
    ComboFix5.txt 2008-02-17 20:11:10
    .
    2008-01-26 07:34:54 --- E O F ---
     
    Palle00, 18.02.2008
    #30
  12. Hujo

    Hujo Guest

    aja toi combofix vikasietotilassa
     
    Moderaattorin viimeksi muokkaama: 18.02.2008
    Hujo, 18.02.2008
    #31
  13. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    Kun yritän mennä windows update -sivustolle iexplorella niin osoite jää palkkiin ja iexplore sanoo olevansa valmis vaikka ikkuna on tyhjä.. Mistähän moinen mahtaa johtua? Ennen on pelannut ok.
     
    Palle00, 18.02.2008
    #32
  14. Hujo

    Hujo Guest

    laitoin tuohon ylös ohjetta ota sen jälkeen hjt:n loki normaalissa tilassa.
     
    Hujo, 18.02.2008
    #33
  15. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:34:41, on 18.2.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Vista Drive Icon\DrvIcon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\Scanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = ?
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 5421 bytes
     
    Palle00, 18.02.2008
    #34
  16. Hujo

    Hujo Guest

    katos onko sulla firfoxsissa aloitus sivu

    laita ie selaimeen aloitus sivu

    Klikkaa käynnistä > ohjeja tuki > windows updaten
     
    Hujo, 18.02.2008
    #35
  17. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    ComboFix 08-02-17.2 - Pauli 2008-02-18 21:30:19.9 - NTFSx86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.814 [GMT 2:00]
    Running from: C:\Documents and Settings\Pauli\Työpöytä\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-18 to 2008-02-18 )))))))))))))))))
    .

    2008-02-18 21:19 . 2008-02-18 21:29 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
    2008-02-18 18:33 . 2008-02-18 18:33 <KANSIO> d-------- C:\Program Files\ffdshow
    2008-02-18 18:33 . 2008-02-15 19:13 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
    2008-02-18 18:33 . 2008-02-15 19:13 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-02-18 18:33 . 2008-02-15 19:13 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-02-18 18:17 . 2008-02-18 18:17 <KANSIO> d-------- C:\Program Files\TimeAdjuster
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911796.exe
    2008-02-17 13:34 . 2008-02-17 13:34 2,495 --a------ C:\Program Files\tmp1911765.exe
    2008-02-17 12:58 . 2008-02-18 21:24 21,632 --a------ C:\WINDOWS\system32\drivers\Uci06.sys
    2008-02-17 12:33 . 2008-02-18 17:30 <KANSIO> d-------- C:\HijackThis
    2008-02-17 11:55 . 2008-02-17 11:55 2,495 --a------ C:\Program Files\tmp331703.exe
    2008-02-16 14:50 . 2008-02-16 14:50 <KANSIO> d-------- C:\Program Files\AC3Filter
    2008-02-16 14:50 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
    2008-02-16 14:44 . 2008-02-16 14:44 <KANSIO> d-------- C:\Program Files\GNU
    2008-02-16 11:55 . 2008-02-16 11:56 8,143 --a------ C:\Program Files\tmp5027343.exe
    2008-02-16 11:55 . 2008-02-16 11:55 8,143 --a------ C:\Program Files\tmp5016937.exe
    2008-02-16 11:55 . 2008-02-16 11:56 2,495 --a------ C:\Program Files\tmp5025421.exe
    2008-02-16 11:55 . 2008-02-16 11:55 2,495 --a------ C:\Program Files\tmp5016875.exe
    2008-02-16 11:41 . 2008-02-16 11:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
    2008-02-15 19:11 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2008-02-15 19:11 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
    2008-02-15 17:39 . 2008-02-17 11:56 <KANSIO> d-------- C:\Program Files\CachemanXP
    2008-02-15 14:47 . 2008-02-15 14:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2008-02-15 14:46 . 2008-02-15 14:46 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\GRETECH
    2008-02-15 14:45 . 2008-02-15 14:45 <KANSIO> d-------- C:\Program Files\GRETECH
    2008-02-02 21:34 . 2001-11-27 00:07 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
    2008-02-02 21:33 . 2008-02-02 21:33 <KANSIO> d-------- C:\Program Files\Wireless
    2008-02-02 21:33 . 2008-02-02 21:34 <KANSIO> d-------- C:\Program Files\Slim Multimedia Keyboard
    2008-02-02 21:33 . 2005-12-23 11:59 5,700 --a------ C:\WINDOWS\system32\ZPLKVXD.VXD
    2008-02-02 21:07 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\PC Check-up
    2008-02-02 20:34 . 2008-02-02 21:12 <KANSIO> d-------- C:\Program Files\SpeedItUpFree
    2008-02-02 20:34 . 2008-02-02 21:07 737,280 --a------ C:\WINDOWS\iun6002.exe
    2008-02-02 20:26 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
    2008-02-02 20:26 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
    2008-02-02 20:19 . 2008-02-02 20:19 <KANSIO> d-------- C:\Program Files\Haysoft
    2008-02-02 17:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-02-02 16:09 . 2008-02-17 15:24 312 --a------ C:\WINDOWS\Clony2.ini
    2008-02-02 14:50 . 2008-02-02 21:35 <KANSIO> d-------- C:\Program Files\Conduit
    2008-02-02 14:44 . 2008-02-02 14:44 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2008-02-02 14:40 . 2008-02-02 14:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-01 17:56 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-01 17:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-01 17:56 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\wsInspector
    2008-01-30 19:51 . 2008-01-30 19:51 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Grisoft
    2008-01-30 19:43 . 2008-01-30 19:48 <KANSIO> d-------- C:\Program Files\Startup Inspector for Windows
    2008-01-30 19:43 . 2008-01-30 19:43 <KANSIO> d-------- C:\Program Files\Stardock
    2008-01-30 19:43 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2008-01-30 19:41 . 2008-02-17 11:58 <KANSIO> d-------- C:\Program Files\Raxco
    2008-01-30 19:28 . 2008-01-30 19:28 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Media Player Classic
    2008-01-30 19:27 . 2008-01-30 19:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-30 19:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-30 19:24 . 2008-01-30 19:24 <KANSIO> d-------- C:\Program Files\Google
    2008-01-30 19:21 . 2008-02-03 14:45 <KANSIO> d-------- C:\Program Files\ToniArts
    2008-01-30 17:01 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-01-30 17:01 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-01-30 17:01 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-01-27 17:29 . 2008-01-27 17:29 <KANSIO> d-------- C:\Program Files\Vista Drive Icon
    2008-01-27 16:13 . 2008-01-27 16:13 <KANSIO> d-------- C:\Program Files\Yahoo!
    2008-01-27 14:55 . 2008-01-27 14:56 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-01-27 14:35 . 2008-01-27 15:57 <KANSIO> d-------- C:\Program Files\Y'z Shadow
    2008-01-27 14:13 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\Lang
    2008-01-27 14:13 . 2008-01-27 14:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-27 14:13 . 2008-01-27 14:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-27 14:13 . 2008-01-27 21:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
    2008-01-27 14:13 . 2008-01-27 14:13 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
    2008-01-27 13:45 . 2008-01-27 14:56 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-01-27 13:45 . 2008-01-27 14:56 65,345 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-01-27 13:43 . 2008-01-27 14:54 <KANSIO> d-------- C:\WINDOWS\BricoPacks
    2008-01-26 13:23 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2008-01-26 12:11 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
    2008-01-26 12:11 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
    2008-01-26 12:10 . 2008-01-26 12:10 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-26 11:45 . 2008-01-26 11:45 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\Symantec
    2008-01-26 11:15 . 2008-01-26 11:15 <KANSIO> dr-h----- C:\Documents and Settings\Pauli\Application Data\SecuROM
    2008-01-26 11:15 . 2008-01-26 11:15 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-01-26 11:02 . 2008-01-26 11:04 169 --a------ C:\WINDOWS\RtlRack.ini
    2008-01-26 10:27 . 2008-01-26 10:27 16 --a------ C:\WINDOWS\system32\coh.cache
    2008-01-26 10:13 . 2008-01-27 20:32 <KANSIO> d-------- C:\Program Files\Norton 360
    2008-01-26 10:13 . 2008-01-26 14:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-26 10:13 . 2008-01-26 14:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-01-26 10:13 . 2008-01-26 14:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-01-26 10:13 . 2008-01-26 14:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-01-26 10:12 . 2008-01-26 14:28 <KANSIO> d-------- C:\Program Files\Symantec
    2008-01-26 10:12 . 2008-02-18 21:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-26 10:11 . 2008-02-18 18:18 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared
    2008-01-26 00:38 . 2008-01-26 00:38 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
    2008-01-25 23:22 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-25 23:03 . 2006-10-13 14:37 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
    2008-01-25 22:55 . 2008-01-25 22:55 <KANSIO> d---s---- C:\Documents and Settings\Pauli\UserData
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\Realtek Sound Manager
    2008-01-25 22:49 . 2008-01-25 22:49 <KANSIO> d-------- C:\Program Files\AvRack
    2008-01-25 22:48 . 2008-02-15 14:42 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
    2008-01-25 22:43 . 2008-01-25 22:43 <KANSIO> d-------- C:\Program Files\Common Files\NVIDIA Shared
    2008-01-25 20:39 . 2008-01-25 20:39 <KANSIO> d-------- C:\NVIDIA
    2008-01-25 20:28 . 2008-01-25 20:29 <KANSIO> d-------- C:\Program Files\Jasc Software Inc
    2008-01-25 20:12 . 2008-01-25 20:12 <KANSIO> d-------- C:\Documents and Settings\Pauli\Application Data\ATI
    2008-01-25 20:04 . 2008-01-25 20:04 <KANSIO> d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 11:45 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-24 16:38 558,142 ----a-w C:\WINDOWS\java\Packages\TJRTNZZH.ZIP
    2008-01-24 16:38 155,995 ----a-w C:\WINDOWS\java\Packages\DFT7J3LB.ZIP
    2008-01-24 16:38 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
    "ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [ ]
    "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-09-14 16:12 159232]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 16:12 15360]

    C:\Documents and Settings\Pauli\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe [2008-02-02 21:33:58 172032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    WLCtrl32.dll 2008-02-18 21:29 7168 C:\WINDOWS\system32\WLCtrl32.dll

    R0 Uci06;Uci06;C:\WINDOWS\system32\Drivers\Uci06.sys [2008-02-18 21:24]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbae442-ca88-11dc-98be-806d6172696f}]
    \Shell\AutoRun\command - D:\CD.EXE

    *Newly Created Service* - COMHOST
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 21:31:20
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\WLCtrl32.dll
    .
    Completion time: 2008-02-18 21:31:40
    ComboFix-quarantined-files.txt 2008-02-18 19:31:32
    ComboFix2.txt 2008-02-18 19:00:03
    ComboFix3.txt 2008-02-18 17:18:40
    ComboFix4.txt 2008-02-18 15:29:49
    ComboFix5.txt 2008-02-17 20:34:47
    .
    2008-01-26 07:34:54 --- E O F ---
     
    Palle00, 18.02.2008
    #36
  18. Hujo

    Hujo Guest

    Lataa Look2Me-Destroyer.exe työpöydällesi.
    http://www.atribune.org/ccount/click.php?id=7

    * Sulje kaikki ikkunat ennen jatkamista.
    * Tupla-klikkaa Look2Me-Destroyer.exe ajaaksesi ohjelman.
    * Rastita Run this program as a task.
    * Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
    * Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
    * Kun skannaus on valmis, klikkaa Remove L2M valintaa.
    * Saat Done Scanning viestin, klikkaa OK.
    * Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
    * Tietokoneesi sammuttaa itsensä.
    * Käynnistä koneesi uudelleen.
    * Postita C:\Look2Me-Destroyer.txt tiedoston sisältö uuden HijackThis login kera postiisi.

    Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.

    Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.
     
    Hujo, 18.02.2008
    #37
  19. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    En aivan taida ymmärtää.. Tottahan molemmissa on aloitussivu? Vai ehkä oletusselainta meinaat? IExplorella kun menen osoitteeseen: http://windowsupdate.microsoft.com/
    niin mitään ei ilmesty ikkunaan..

    "käynnistä > ohjeja tuki > windows updaten" - tyhjä ikkuna näkyy tuollakin..
     
    Palle00, 18.02.2008
    #38
  20. Palle00

    Palle00 Member

    Liittynyt:
    24.01.2006
    Viestejä:
    61
    Kiitokset:
    0
    Pisteet:
    16
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:33:19, on 18.2.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Vista Drive Icon\DrvIcon.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\Scanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [ZPLED] C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 5558 bytes







    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 18.2.2008 22:28:03


    Attempting to delete infected files...

    Making registry repairs.


    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded
     
    Palle00, 18.02.2008
    #39
  21. Hujo

    Hujo Guest

    ei iessä ainakaan näytä olevan aloitus sivua kun ei tule riviä

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.elisa.net/ esim
     
    Hujo, 18.02.2008
    #40
Sivu 2 / 3

Jaa tämä sivu