Jump to content

BlairOnTheRoad

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the hijackthis log and ads spy log... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:45:21, on 21.7.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Lataa FDM:llä - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Lataa kaikki FDM:llä - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Lataus valittu FDM:n toimesta - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231841782203 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe -- End of file - 6313 bytes C:\Documents and Settings\All Users\Application Data\TEMP : 0D786AE3 (120 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : 430C6D84 (102 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34 (95 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : 7E95B6FD (118 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : A8ADE5D8 (115 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : C31F31E6 (100 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : CB0AACC9 (150 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2 (125 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : FA5F15C4 (114 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : 0D786AE3 (120 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : 430C6D84 (102 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : 5C321E34 (95 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : 7E95B6FD (118 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : A8ADE5D8 (115 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : C31F31E6 (100 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : CB0AACC9 (150 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2 (125 bytes) C:\Documents and Settings\All Users\Application Data\TEMP : FA5F15C4 (114 bytes) This is what i dont understand because i only have antivir and ashampoo firewall installed... AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: Spy Sweeper *Disabled/Outdated* {00000000-E9D0-004F-D859-4D0000000000} SP: Spy Sweeper *Enabled/Updated* {00000000-0000-0000-0000-000000000000} SP: Spyware Doctor *Disabled/Updated* {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301} SP: Webroot Spy Sweeper *Disabled/Updated* {00000000-E9D0-004F-D859-4D0001000000}
  2. dds scan seems to start but then the program just suddenly exits without producing the log files...
  3. Here is the new combofix log... Sorry this took some time... ComboFix 11-07-21.02 - Käyttäjä 21.07.2011 14:08:59.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.2047.1552 [GMT 3:00] Sijainti: c:\combofix\ComboFix.exe Käytetyt komentorivivalitsimet :: c:\documents and settings\Kõyttõjõ\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: Spy Sweeper *Disabled/Outdated* {00000000-E9D0-004F-D859-4D0000000000} SP: Spy Sweeper *Enabled/Updated* {00000000-0000-0000-0000-000000000000} SP: Spyware Doctor *Disabled/Updated* {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301} SP: Webroot Spy Sweeper *Disabled/Updated* {00000000-E9D0-004F-D859-4D0001000000} . . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\isRS-000.tmp c:\windows\regedit.com c:\windows\system32\taskmgr.com . . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2011-06-21 to 2011-07-21 ))))))))))))))))) . . 2011-06-28 16:32 . 2011-06-28 16:32 3584 ----a-r- c:\documents and settings\Käyttäjä\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2011-06-28 16:32 . 2011-06-28 16:32 -------- d-----w- c:\program files\Windows Installer Clean Up 2011-06-28 16:08 . 2011-06-28 16:08 -------- d-----w- c:\windows\ShellNew 2011-06-28 15:38 . 2011-06-28 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2011-06-28 11:25 . 2011-06-28 11:25 -------- d-----w- c:\windows\Internet Logs 2011-06-27 17:52 . 2011-06-27 17:52 -------- d-----w- c:\program files\HD Tune 2011-06-27 17:17 . 2011-06-27 17:17 -------- d-----w- c:\program files\SecurityXploded 2011-06-27 12:30 . 2011-06-27 12:30 -------- d---a-w- c:\windows\VDLL.DLL 2011-06-27 12:30 . 2011-06-27 12:30 -------- d---a-w- c:\windows\system32\runouce.exe 2011-06-27 12:30 . 2011-06-27 12:30 -------- d---a-w- c:\windows\rundll16.exe 2011-06-27 12:30 . 2011-06-27 12:30 -------- d---a-w- c:\windows\RUNDL132.EXE 2011-06-27 12:30 . 2011-06-27 12:30 -------- d---a-w- c:\windows\logo1_.exe 2011-06-27 12:30 . 2011-06-27 12:30 -------- d---a-w- c:\windows\logo_1.exe 2011-06-27 12:21 . 2011-06-27 12:21 34048 ----a-w- c:\windows\system32\eEmpty.exe 2011-06-27 12:21 . 2011-06-27 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld 2011-06-26 18:06 . 2011-07-06 16:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-26 18:05 . 2011-07-06 16:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-26 15:05 . 2011-06-26 15:05 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\Avira 2011-06-26 14:48 . 2011-06-29 07:52 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-26 14:48 . 2011-06-29 07:52 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-26 14:48 . 2010-06-17 12:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-06-26 14:48 . 2010-06-17 12:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-06-26 14:48 . 2011-06-26 14:48 -------- d-----w- c:\program files\Avira 2011-06-26 14:48 . 2011-06-26 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-06-26 09:09 . 2011-06-26 09:10 -------- d-----w- C:\acr_logs 2011-06-25 16:54 . 2011-06-25 16:54 -------- d-----w- c:\program files\Webroot 2011-06-24 14:50 . 2011-06-24 14:50 388096 ----a-r- c:\documents and settings\Käyttäjä\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-24 07:47 . 2011-06-24 07:47 39192 ----a-w- c:\windows\system32\Partizan.exe 2011-06-24 07:47 . 2011-06-24 07:47 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2011-06-24 07:46 . 2011-06-24 07:46 -------- d-----w- c:\program files\Greatis 2011-06-23 19:50 . 2011-06-28 15:39 -------- d-----w- c:\program files\SpeedFan 2011-06-23 13:19 . 2011-06-24 17:34 -------- d-----w- C:\Downloads 2011-06-23 13:13 . 2011-06-24 12:16 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\Free Download Manager 2011-06-23 13:13 . 2011-06-23 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG 2011-06-23 13:13 . 2011-06-23 13:13 -------- d-----w- c:\program files\Free Download Manager 2011-06-23 06:04 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-23 06:04 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 06:02 . 2011-06-16 04:38 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-06-23 06:02 . 2011-06-16 04:38 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-06-23 06:02 . 2011-06-16 04:38 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-06-23 06:02 . 2011-06-16 04:38 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-06-23 06:02 . 2011-06-16 04:38 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-06-23 06:02 . 2011-06-16 04:38 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-06-23 02:46 . 2011-06-23 02:46 -------- d-----w- c:\windows\Standalone System Sweeper 2011-06-21 16:21 . 2011-06-21 16:21 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\f-secure . . . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-25 11:50 . 2011-06-03 18:04 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys 2011-06-24 07:46 . 2009-10-24 12:50 2 --shatr- c:\windows\winstart.bat 2011-06-21 11:03 . 2011-06-21 11:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-21 10:58 . 2011-06-21 11:00 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-21 10:58 . 2010-04-30 08:28 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-06-02 06:20 . 2010-04-28 14:08 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-05-02 15:31 . 2009-01-09 07:32 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:23 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-06-16 04:38 . 2011-06-23 06:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "Ashampoo FireWall"="c:\program files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Käyttäjä\\My Documents\\Lataukset\\utorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 21:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 21:41 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.6.2011 17:48 136360] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.6.2011 21:06 366640] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19.4.2011 9:44 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19.4.2011 9:44 399416] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.6.2011 21:05 22712] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?] S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\Käyttäjä\My Documents\Lataukset\SASKUTIL.SYS --> c:\documents and settings\Käyttäjä\My Documents\Lataukset\SASKUTIL.SYS [?] S3 KProcWatch;KProcWatch;\??\c:\windows\system32\drivers\KProcWatch.sys --> c:\windows\system32\drivers\KProcWatch.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26.6.2011 21:06 41272] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [24.6.2011 10:47 35816] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 11:30 15544] S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [3.6.2011 21:04 53248] S3 rkhdrv40;Rootkit Unhooker Driver; [x] S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [31.10.2009 12:24 93360] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4.8.2004 15:00 14336] S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM getPlusHelper REG_MULTI_SZ getPlusHelper . 'Ajoitetut tehtävät'-kansion sisältö . 2011-07-21 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-04-21 14:24] . . ------- Täydentävä tarkistus ------- . uStart Page = hxxp://www.google.fi/ IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Lataa FDM:llä - file://c:\program files\Free Download Manager\dllink.htm IE: Lataa kaikki FDM:llä - file://c:\program files\Free Download Manager\dlall.htm IE: Lataus valittu FDM:n toimesta - file://c:\program files\Free Download Manager\dlselected.htm LSP: c:\program files\Ashampoo\Ashampoo FireWall\spi.dll TCP: DhcpNameServer = 193.229.0.40 193.229.0.42 FF - ProfilePath - c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\hm63qxli.default\ FF - prefs.js: browser.startup.homepage - www.saunalahti.fi . - - - - POISTETUT JÄMÄRIVIT - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-21 14:23 Windows 5.1.2600 Service Pack 3 NTFS . tarkistaa piilotettuja prosesseja ... . tarkistaa piilotettuja käynnistysarvoja ... . tarkistaa piilotettuja tiedostoja ... . tarkistus on valmis piilotetut tiedostot: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASFWHide] "ImagePath"="\??\c:\docume~1\KYTTJ~1\LOCALS~1\Temp\ASFWHide" . --------------------- Prosesseihin ladatut DLLt --------------------- . - - - - - - - > 'winlogon.exe'(516) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(572) c:\program files\Ashampoo\Ashampoo FireWall\spi.dll . Valmistumisajankohta: 2011-07-21 14:30:31 ComboFix-quarantined-files.txt 2011-07-21 11:30 . Ennen ajoa: 141 167 058 944 bytes free Ajon jälkeen: 141 162 930 176 bytes free . - - End Of File - - 8DF8F9AB911C40EEDD484A9927B3BE8D
  4. Heres the combofix log... ComboFix 11-06-26.02 - Käyttäjä 27.06.2011 13:52:14.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.2047.1385 [GMT 3:00] Sijainti: c:\documents and settings\Käyttäjä\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: Spy Emergency *Disabled/Updated* {82117492-906E-4b02-A33A-84D42A2DD907} SP: Spy Sweeper *Disabled/Outdated* {00000000-E9D0-004F-D859-4D0000000000} SP: Spy Sweeper *Enabled/Updated* {00000000-0000-0000-0000-000000000000} SP: Spyware Doctor *Disabled/Updated* {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301} SP: Webroot Spy Sweeper *Disabled/Updated* {00000000-E9D0-004F-D859-4D0001000000} . . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2011-05-27 to 2011-06-27 ))))))))))))))))) . . 2011-06-27 07:35 . 2011-05-03 19:04 28672 ----a-w- c:\windows\system32\SpyShelterShellExt.dll 2011-06-27 07:35 . 2010-04-21 09:57 1740800 ----a-w- c:\windows\system32\Osklauncher.exe 2011-06-27 07:35 . 2009-06-24 12:34 54784 ----a-w- c:\windows\system32\inject_logon_dll.dll 2011-06-27 07:35 . 2011-06-27 07:36 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\SpyShelter 2011-06-27 07:35 . 2011-06-27 07:35 -------- d-----w- c:\program files\SpyShelter Personal Free 2011-06-26 18:06 . 2011-05-29 06:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-26 18:05 . 2011-05-29 06:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-26 15:05 . 2011-06-26 15:05 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\Avira 2011-06-26 14:57 . 2011-03-17 22:24 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-06-26 14:57 . 2011-03-17 22:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll 2011-06-26 14:56 . 2011-03-17 22:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-06-26 14:56 . 2011-06-26 14:57 -------- d-----w- c:\windows\system32\ZoneLabs 2011-06-26 14:56 . 2011-06-26 14:56 -------- d-----w- c:\program files\Zone Labs 2011-06-26 14:48 . 2011-06-17 09:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-26 14:48 . 2011-06-17 09:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-26 14:48 . 2010-06-17 12:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-06-26 14:48 . 2010-06-17 12:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-06-26 14:48 . 2011-06-26 14:48 -------- d-----w- c:\program files\Avira 2011-06-26 14:48 . 2011-06-26 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-06-26 09:09 . 2011-06-26 09:10 -------- d-----w- C:\acr_logs 2011-06-25 16:54 . 2011-06-25 16:54 -------- d-----w- c:\program files\Webroot 2011-06-24 14:50 . 2011-06-24 14:50 388096 ----a-r- c:\documents and settings\Käyttäjä\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-24 07:47 . 2011-06-24 07:47 39192 ----a-w- c:\windows\system32\Partizan.exe 2011-06-24 07:47 . 2011-06-24 07:47 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2011-06-24 07:46 . 2011-06-24 07:46 -------- d-----w- c:\program files\Greatis 2011-06-23 19:50 . 2011-06-25 17:38 -------- d-----w- c:\program files\SpeedFan 2011-06-23 13:19 . 2011-06-24 17:34 -------- d-----w- C:\Downloads 2011-06-23 13:13 . 2011-06-24 12:16 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\Free Download Manager 2011-06-23 13:13 . 2011-06-23 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG 2011-06-23 13:13 . 2011-06-23 13:13 -------- d-----w- c:\program files\Free Download Manager 2011-06-23 06:04 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-23 06:04 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 06:02 . 2011-06-16 04:38 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-06-23 06:02 . 2011-06-16 04:38 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-06-23 06:02 . 2011-06-16 04:38 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-06-23 06:02 . 2011-06-16 04:38 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-06-23 06:02 . 2011-06-16 04:38 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-06-23 06:02 . 2011-06-16 04:38 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-06-23 02:46 . 2011-06-23 02:46 -------- d-----w- c:\windows\Standalone System Sweeper 2011-06-22 06:58 . 2011-06-26 09:40 -------- d-----w- c:\documents and settings\Käyttäjä\Local Settings\Application Data\AskToolbar 2011-06-21 16:21 . 2011-06-21 16:21 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\f-secure 2011-06-21 11:01 . 2011-06-21 11:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-21 11:01 . 2011-06-24 14:03 -------- d-----w- c:\program files\Ask.com 2011-06-21 11:01 . 2011-06-21 11:01 -------- d-----w- c:\program files\Common Files\Java 2011-06-21 11:00 . 2011-06-21 10:58 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-21 10:57 . 2011-06-21 10:57 -------- d-----w- c:\program files\Java 2011-06-21 10:46 . 2011-06-21 10:46 -------- d-----w- c:\documents and settings\Käyttäjä\Local Settings\Application Data\Secunia PSI 2011-06-16 15:12 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-04 09:56 . 2011-06-04 09:56 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\SUPERAntiSpyware.com 2011-06-03 18:04 . 2011-06-25 11:50 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys 2011-06-03 18:00 . 2011-06-03 18:00 -------- d-----w- c:\program files\Safer Networking 2011-06-03 17:39 . 2011-06-03 17:39 -------- d-----w- c:\program files\7-Zip 2011-06-02 11:05 . 2011-06-02 11:05 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\Auslogics . . . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-24 07:46 . 2009-10-24 12:50 2 --shatr- c:\windows\winstart.bat 2011-06-21 10:58 . 2010-04-30 08:28 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-02 06:20 . 2010-04-28 14:08 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-05-02 15:31 . 2009-01-09 07:32 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 1998-12-09 00:53 . 1998-12-09 00:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL 1998-12-09 00:53 . 1998-12-09 00:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL 1998-12-09 00:53 . 1998-12-09 00:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL 1998-12-09 00:53 . 1998-12-09 00:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL 1998-12-09 00:53 . 1998-12-09 00:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL 1998-12-09 00:53 . 1998-12-09 00:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL 2011-06-16 04:38 . 2011-06-23 06:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-05-17 10:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpyShelter"="c:\program files\SpyShelter Personal Free\SpyShelter.exe" [2011-05-30 2565616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Käyttäjä\\My Documents\\Lataukset\\utorrent.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 21:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 21:41 67656] R1 Spyshelter;Spyshelter;c:\program files\SpyShelter Personal Free\SpyShelter.sys [27.6.2011 10:35 158192] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.6.2011 17:48 136360] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.6.2011 21:06 366640] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19.4.2011 9:44 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19.4.2011 9:44 399416] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.6.2011 21:05 22712] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 11:30 15544] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?] S3 KProcWatch;KProcWatch;\??\c:\windows\system32\drivers\KProcWatch.sys --> c:\windows\system32\drivers\KProcWatch.sys [?] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [24.6.2011 10:47 35816] S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [3.6.2011 21:04 53248] S3 rkhdrv40;Rootkit Unhooker Driver; [x] S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [31.10.2009 12:24 93360] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4.8.2004 15:00 14336] S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?] . --- Muut muistissa olevat ajurit/palvelut --- . *NewlyCreated* - SPYSHELTER *Deregistered* - XueTr . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM getPlusHelper REG_MULTI_SZ getPlusHelper . 'Ajoitetut tehtävät'-kansion sisältö . 2011-06-27 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-04-21 14:24] . 2011-06-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-05-17 10:29] . . ------- Täydentävä tarkistus ------- . uStart Page = hxxp://www.google.fi/ IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Lataa FDM:llä - file://c:\program files\Free Download Manager\dllink.htm IE: Lataa kaikki FDM:llä - file://c:\program files\Free Download Manager\dlall.htm IE: Lataus valittu FDM:n toimesta - file://c:\program files\Free Download Manager\dlselected.htm TCP: DhcpNameServer = 193.229.0.40 193.229.0.42 FF - ProfilePath - c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\hm63qxli.default\ FF - prefs.js: browser.startup.homepage - www.saunalahti.fi . . ------- Tiedostokytkennät ------- . JSEFile="c:\program files\ScripTrap\scriptrap.exe" "%1" %* . - - - - POISTETUT JÄMÄRIVIT - - - - . AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-27 14:04 Windows 5.1.2600 Service Pack 3 NTFS . tarkistaa piilotettuja prosesseja ... . tarkistaa piilotettuja käynnistysarvoja ... . tarkistaa piilotettuja tiedostoja ... . tarkistus on valmis piilotetut tiedostot: 0 . ************************************************************************** . --------------------- Prosesseihin ladatut DLLt --------------------- . - - - - - - - > 'winlogon.exe'(608) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(16948) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Valmistumisajankohta: 2011-06-27 14:13:50 ComboFix-quarantined-files.txt 2011-06-27 11:13 . Ennen ajoa: 142 852 087 808 bytes free Ajon jälkeen: 142 842 613 760 bytes free . - - End Of File - - BABFA02AAD6E0A7DB34D2A21CDE98DB9
  5. This is a sunlogix powerline desktop or something like that. This is a quite big desktop.
  6. Strange thing happened today. I was just browsing the internet and then suddenly antivir reported about a trojan.trash.gen in the system restore i then quarantined it. Here is a screenshot... Uploaded with ImageShack.us
  7. In my long fight against the malwares in my computer i have lost and i must admit my defeat. Heres the response that i got from avira after sending one memory dump of a system file to them and this aint the first... Uploaded with ImageShack.us To me it seems that the lulz boat will be sailing in the future too because there are these totally undetected malwares maybe impossible to detect malwares so much. Who knows when someone decides to put down the whole internet with some super bot network that have been growing undetected for many years...
  8. Hello i have this problem. This is actually my mothers computer... The hard disk keeps heating up right now the temperature is 57... Heres a screenshot: Uploaded with ImageShack.us I also scanned the hard disk with the check disk utility that comes with windows xp and it found 4 kbytes in bad sectors. Sometimes the computer crashes with blue screen. Is there anything that i can do to save this hard disk? Also can anyone tell me what these speed fan readings means? It shows 3 fans but only one of them is working or am i wrong? Uploaded with ImageShack.us I have a hard disk that i could change to replace this hard disk but it's a 40 gb ata hard disk and the one currently in use is a sata hard disk and i dont have the proper cables so i dont know what can i do.
  9. Look i managed to telnet to my own computers port 135 but all i got was this black screen... Uploaded with ImageShack.us
  10. Hello, i have changed some security programs in my computer since i posted the last logs. I now have antivir, zonealarm and mbam trial. When i started the combofix it said that spy sweeper real time shield was on even though i dont have spy sweeper installed on my computer i had it installed but uninstalled it. I still ran the combofix. Here are the logs... Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6957 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 27.6.2011 13:26:27 mbam-log-2011-06-27 (13-26-27).txt Scan type: Quick scan Objects scanned: 144011 Time elapsed: 8 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Käyttäjä at 14:18:57 on 2011-06-27 Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.2047.1288 [GMT 3:00] . AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} SP: Spy Sweeper *Disabled/Outdated* {00000000-E9D0-004F-D859-4D0000000000} SP: Spy Emergency *Disabled/Updated* {82117492-906E-4b02-A33A-84D42A2DD907} SP: Spyware Doctor *Disabled/Updated* {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301} SP: Spy Sweeper *Enabled/Updated* {00000000-0000-0000-0000-000000000000} SP: Webroot Spy Sweeper *Disabled/Updated* {00000000-E9D0-004F-D859-4D0001000000} FW: ZoneAlarm Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Secunia\PSI\sua.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.fi/ BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File uRun: [spyShelter] c:\program files\spyshelter personal free\SpyShelter.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: Lataa FDM:llä - file://c:\program files\free download manager\dllink.htm IE: Lataa kaikki FDM:llä - file://c:\program files\free download manager\dlall.htm IE: Lataus valittu FDM:n toimesta - file://c:\program files\free download manager\dlselected.htm IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231841782203 TCP: DhcpNameServer = 193.229.0.40 193.229.0.42 TCP: Interfaces\{F867CC7D-BCCC-4E76-852A-7393F0237997} : DhcpNameServer = 193.229.0.40 193.229.0.42 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\käyttäjä\application data\mozilla\firefox\profiles\hm63qxli.default\ FF - prefs.js: browser.startup.homepage - www.saunalahti.fi FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-26 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R1 Spyshelter;Spyshelter;c:\program files\spyshelter personal free\SpyShelter.sys [2011-6-27 158192] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-6-26 532224] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-26 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-26 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-26 61960] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-26 366640] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-26 22712] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S3 KProcWatch;KProcWatch;\??\c:\windows\system32\drivers\kprocwatch.sys --> c:\windows\system32\drivers\KProcWatch.sys [?] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-6-24 35816] S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-6-3 53248] S3 rkhdrv40;Rootkit Unhooker Driver; [x] S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-31 93360] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?] . =============== File Associations =============== . JSEFile="c:\program files\scriptrap\scriptrap.exe" "%1" %* . =============== Created Last 30 ================ . 2011-06-27 07:35:55 28672 ----a-w- c:\windows\system32\SpyShelterShellExt.dll 2011-06-27 07:35:53 1740800 ----a-w- c:\windows\system32\Osklauncher.exe 2011-06-27 07:35:52 54784 ----a-w- c:\windows\system32\inject_logon_dll.dll 2011-06-27 07:35:51 -------- d-----w- c:\program files\SpyShelter Personal Free 2011-06-27 07:35:51 -------- d-----w- c:\documents and settings\käyttäjä\application data\SpyShelter 2011-06-26 18:06:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-26 18:05:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-26 15:05:41 -------- d-----w- c:\documents and settings\käyttäjä\application data\Avira 2011-06-26 14:56:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-06-26 14:56:50 -------- d-----w- c:\windows\system32\ZoneLabs 2011-06-26 14:56:45 -------- d-----w- c:\program files\Zone Labs 2011-06-26 14:48:33 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-26 14:48:32 -------- d-----w- c:\program files\Avira 2011-06-26 14:48:32 -------- d-----w- c:\documents and settings\all users\application data\Avira 2011-06-26 09:09:37 -------- d-----w- C:\acr_logs 2011-06-25 16:54:11 -------- d-----w- c:\program files\Webroot 2011-06-25 14:47:05 98816 ----a-w- c:\windows\sed.exe 2011-06-25 14:47:05 518144 ----a-w- c:\windows\SWREG.exe 2011-06-25 14:47:05 256512 ----a-w- c:\windows\PEV.exe 2011-06-25 14:47:05 208896 ----a-w- c:\windows\MBR.exe 2011-06-24 14:50:11 388096 ----a-r- c:\documents and settings\käyttäjä\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-06-24 07:47:42 39192 ----a-w- c:\windows\system32\Partizan.exe 2011-06-24 07:47:42 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2011-06-24 07:46:34 -------- d-----w- c:\program files\Greatis 2011-06-23 19:50:21 -------- d-----w- c:\program files\SpeedFan 2011-06-23 13:19:02 -------- d-----w- C:\Downloads 2011-06-23 13:13:16 -------- d-----w- c:\documents and settings\käyttäjä\application data\Free Download Manager 2011-06-23 13:13:03 -------- d-----w- c:\documents and settings\all users\application data\FreeDownloadManager.ORG 2011-06-23 13:13:02 -------- d-----w- c:\program files\Free Download Manager 2011-06-23 06:04:20 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-06-23 06:04:20 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-06-23 06:02:27 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-06-23 06:02:26 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-06-23 06:02:26 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-06-23 06:02:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-06-23 06:02:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-06-23 06:02:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-06-23 02:46:15 -------- d-----w- c:\windows\Standalone System Sweeper 2011-06-22 06:58:27 -------- d-----w- c:\documents and settings\käyttäjä\local settings\application data\AskToolbar 2011-06-21 16:21:01 -------- d-----w- c:\documents and settings\käyttäjä\application data\f-secure 2011-06-21 11:01:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-21 11:01:26 -------- d-----w- c:\program files\Ask.com 2011-06-21 11:00:13 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-21 10:46:48 -------- d-----w- c:\documents and settings\käyttäjä\local settings\application data\Secunia PSI 2011-06-16 15:12:50 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-04 09:56:20 -------- d-----w- c:\documents and settings\käyttäjä\application data\SUPERAntiSpyware.com 2011-06-03 18:04:19 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys 2011-06-03 18:00:58 -------- d-----w- c:\program files\Safer Networking 2011-06-02 11:05:37 -------- d-----w- c:\documents and settings\käyttäjä\application data\Auslogics . ==================== Find3M ==================== . 2011-06-24 07:46:53 2 --shatr- c:\windows\winstart.bat 2011-06-21 10:58:17 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-02 06:20:30 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 1998-12-09 00:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL 1998-12-09 00:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL 1998-12-09 00:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL 1998-12-09 00:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL 1998-12-09 00:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL 1998-12-09 00:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL . ============= FINISH: 14:21:22,31 =============== attach.zip
  11. Here is the log: GMER 1.0.15.15640 - http://www.gmer.net Rootkit quick scan 2011-06-24 11:29:49 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev. Running: gy1cgbwr.exe; Driver: C:\DOCUME~1\KYTTJ~1\LOCALS~1\Temp\pxtdqpow.sys ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA4DD3BF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA4DD3A5D] SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xA5F4D8A0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ---- Here is the rest of the logs... attach.zipark.zip . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Käyttäjä at 11:37:03 on 2011-06-24 Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.2047.1549 [GMT 3:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Spy Sweeper *Disabled/Outdated* {00000000-E9D0-004F-D859-4D0000000000} SP: Spy Emergency *Disabled/Updated* {82117492-906E-4b02-A33A-84D42A2DD907} SP: Spyware Doctor *Disabled/Updated* {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301} SP: Spy Sweeper *Enabled/Updated* {00000000-0000-0000-0000-000000000000} SP: Webroot Spy Sweeper *Disabled/Updated* {00000000-E9D0-004F-D859-4D0001000000} FW: Outpost Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Secunia\PSI\sua.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HDD Health\HDDHealth.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Käyttäjä\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.fi/ BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File uRun: [HDDHealth] c:\program files\hdd health\HDDHealth.exe -wl uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: Lataa FDM:llä - file://c:\program files\free download manager\dllink.htm IE: Lataa kaikki FDM:llä - file://c:\program files\free download manager\dlall.htm IE: Lataus valittu FDM:n toimesta - file://c:\program files\free download manager\dlselected.htm IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231841782203 TCP: DhcpNameServer = 193.229.0.40 193.229.0.42 TCP: Interfaces\{F867CC7D-BCCC-4E76-852A-7393F0237997} : DhcpNameServer = 193.229.0.40 193.229.0.42 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\käyttäjä\application data\mozilla\firefox\profiles\hm63qxli.default\ . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-2 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-2 307928] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-6-2 704384] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2011-6-2 1195008] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-2 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-2 42184] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2011-6-2 31128] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2011-6-2 257432] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S3 aswArKrn;aswArKrn;\??\c:\docume~1\kyttj~1\locals~1\temp\aswarkrn.sys --> c:\docume~1\kyttj~1\locals~1\temp\aswArKrn.sys [?] S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?] S3 BCASPROT;Advanced System Protector;\??\c:\program files\systweak\advanced system protector\sasprot32.sys --> c:\program files\systweak\advanced system protector\sasprot32.sys [?] S3 KProcWatch;KProcWatch;\??\c:\windows\system32\drivers\kprocwatch.sys --> c:\windows\system32\drivers\KProcWatch.sys [?] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-6-24 35816] S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-6-3 53248] S3 rkhdrv40;Rootkit Unhooker Driver; [x] S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-31 93360] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S4 CXZTK;CXZTK;c:\docume~1\kyttj~1\locals~1\temp\cxztk.exe --> c:\docume~1\kyttj~1\locals~1\temp\CXZTK.exe [?] S4 HZOCWYSUYO;HZOCWYSUYO;c:\docume~1\kyttj~1\locals~1\temp\hzocwysuyo.exe --> c:\docume~1\kyttj~1\locals~1\temp\HZOCWYSUYO.exe [?] S4 JQBG;JQBG;c:\docume~1\kyttj~1\locals~1\temp\jqbg.exe --> c:\docume~1\kyttj~1\locals~1\temp\JQBG.exe [?] S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?] . =============== File Associations =============== . JSEFile="c:\program files\scriptrap\scriptrap.exe" "%1" %* . =============== Created Last 30 ================ . 2011-06-24 08:28:33 -------- d--h--r- c:\documents and settings\käyttäjä\Recent 2011-06-24 07:47:42 39192 ----a-w- c:\windows\system32\Partizan.exe 2011-06-24 07:47:42 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2011-06-24 07:46:34 -------- d-----w- c:\program files\Greatis 2011-06-23 19:50:21 -------- d-----w- c:\program files\SpeedFan 2011-06-23 13:19:02 -------- d-----w- C:\Downloads 2011-06-23 13:13:16 -------- d-----w- c:\documents and settings\käyttäjä\application data\Free Download Manager 2011-06-23 13:13:03 -------- d-----w- c:\documents and settings\all users\application data\FreeDownloadManager.ORG 2011-06-23 13:13:02 -------- d-----w- c:\program files\Free Download Manager 2011-06-23 06:04:20 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-06-23 06:04:20 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-06-23 06:02:27 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-06-23 06:02:26 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-06-23 06:02:26 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-06-23 06:02:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-06-23 06:02:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-06-23 06:02:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-06-23 02:46:15 -------- d-----w- c:\windows\Standalone System Sweeper 2011-06-22 11:31:35 -------- d-----w- c:\program files\EMCO 2011-06-21 16:21:01 -------- d-----w- c:\documents and settings\käyttäjä\application data\f-secure 2011-06-21 13:55:40 -------- d-----w- c:\program files\Gore 2011-06-21 13:35:36 -------- d-----w- C:\PScanner Backup 2011-06-21 11:01:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-21 11:01:26 -------- d-----w- c:\program files\Ask.com 2011-06-21 11:00:13 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-21 10:37:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2011-06-19 12:00:31 -------- d-----w- C:\tiedostot 2011-06-16 15:12:50 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-04 09:56:20 -------- d-----w- c:\documents and settings\käyttäjä\application data\SUPERAntiSpyware.com 2011-06-03 18:04:19 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys 2011-06-03 18:00:58 -------- d-----w- c:\program files\Safer Networking 2011-06-02 16:44:59 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys 2011-06-02 16:44:27 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys 2011-06-02 16:43:42 31128 ----a-w- c:\windows\system32\drivers\afw.sys 2011-06-02 16:43:37 -------- d-----w- c:\program files\Agnitum 2011-06-02 11:39:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-06-02 11:38:28 40112 ----a-w- c:\windows\avastSS.scr 2011-06-02 11:37:47 -------- d-----w- c:\program files\AVAST Software 2011-06-02 11:37:47 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2011-06-02 11:05:37 -------- d-----w- c:\documents and settings\käyttäjä\application data\Auslogics . ==================== Find3M ==================== . 2011-06-24 07:46:53 2 --shatr- c:\windows\winstart.bat 2011-06-21 10:58:17 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-02 06:20:30 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 1998-12-09 00:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL 1998-12-09 00:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL 1998-12-09 00:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL 1998-12-09 00:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL 1998-12-09 00:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL 1998-12-09 00:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A8DDAB8] 3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006e[0x8A8DF348] 5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A8D4940] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! . ============= FINISH: 11:40:48,00 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.