Antivirus xp virus!

Discussion in 'Virukset ja haittaohjelmat' started by taxl, Sep 11, 2008.

  1. taxl

    taxl Member

    Joined:
    Sep 11, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    No nyt on tämmönen pahalainen saastuttanut koneeni. Voisko joku auttaa? Kone aika jumissa ja olen nytkin vikasietotilassa. Tähän ilmeisesti pitää laittaa hjt logi, se on tässä:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:10:56, on 11.9.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TurvaPC] C:\Program Files\TurvaPC\GDC.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [lphcpqjj0e51n] C:\WINDOWS\system32\lphcpqjj0e51n.exe
    O4 - HKLM\..\Run: [SMrhctqjj0e51n] C:\Program Files\rhctqjj0e51n\rhctqjj0e51n.exe
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://saunalahti.fi
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1025_EN_XP.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN_XP.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://panetera1981.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12782582fd54fa17f819/netzip/RdxIE601.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9EF4E3E4-2F1E-472E-9FF2-2670EA5C42D9} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_EN_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN_XP.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 7467 bytes
     
    taxl, Sep 11, 2008
    #1
  2. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    Käynnistä Hijackthis ja fixaa seuraavat rivit.

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [lphcpqjj0e51n] C:\WINDOWS\system32\lphcpqjj0e51n.exe
    O4 - HKLM\..\Run: [SMrhctqjj0e51n] C:\Program Files\rhctqjj0e51n\rhctqjj0e51n.exe
    O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)




    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
    * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
    * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
    täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
     
    yaht, Sep 11, 2008
    #2
  3. taxl

    taxl Member

    Joined:
    Sep 11, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Malware:.

    Malwarebytes' Anti-Malware 1.28
    Tietokantaversio: 1141
    Windows 5.1.2600 Service Pack 3

    12.9.2008 13:19:17
    mbam-log-2008-09-12 (13-19-17).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|)
    Tarkistetut kohteet: 147958
    Kulunut aika: 1 hour(s), 4 minute(s), 54 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 24
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 2
    Saastuneita hakemistoja: 14
    Saastuneita tiedostoja: 44

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_CLASSES_ROOT\ngd2.ngd (Adware.AccessPlugin) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ngd2.ngd.1 (Adware.AccessPlugin) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e30ac01-99d7-4e9c-b13e-94e1701b0ac9} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8f0a06f6-df4d-4d54-b8ca-e8eedbae6ddb} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{14325268-79e0-4d2a-89a4-fffc6e22741e} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{eeeca057-ad0f-44a7-8be5-8634cedbdbd1} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594af7e-573b-40df-8165-e47ab2eaefe8} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14325268-79e0-4d2a-89a4-fffc6e22741e} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1eb17d1c-141d-4d9d-91cb-24d99215851d} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469c7080-8ec8-43a6-ad97-45848113743c} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{cefb7b49-9652-464f-8afd-a577c0500f39} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{eeeca057-ad0f-44a7-8be5-8634cedbdbd1} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhctqjj0e51n (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mslagent.3 (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mslagent.3.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\navihelper.navihelperobject (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\navihelper.navihelperobject.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: system32\ -> Quarantined and deleted successfully.

    Saastuneita hakemistoja:
    C:\Program Files\rhctqjj0e51n (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Application Data\rhctqjj0e51n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Saastuneita tiedostoja:
    C:\WINDOWS\system32\blphcpqjj0e51n.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\rhctqjj0e51n\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhctqjj0e51n\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhctqjj0e51n\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhctqjj0e51n\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhctqjj0e51n\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhctqjj0e51n\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhctqjj0e51n\rhctqjj0e51n.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhctqjj0e51n\rhctqjj0e51n.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\lphcpqjj0e51n.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcpqjj0e51n.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pphcpqjj0e51n.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\EGAUTH.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\netpe32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\nethv32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\LiveService.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\käyttäjä\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


    HJT:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TurvaPC] C:\Program Files\TurvaPC\GDC.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://saunalahti.fi
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://panetera1981.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12782582fd54fa17f819/netzip/RdxIE601.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9EF4E3E4-2F1E-472E-9FF2-2670EA5C42D9} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_EN_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6514 bytes
     
    taxl, Sep 12, 2008
    #3
  4. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    Fixaa seuraava rivi Hijackthis:llä

    O4 - HKLM\..\Run: [TurvaPC] C:\Program Files\TurvaPC\GDC.exe

    Poista seuraava kansio.

    C:\Program Files\TurvaPC\

    Tyhjennä roskakori.

    Skannaa uudelleen Malwarebytesillä.

    Asenna koneellesi Viruksentorjunta ohjelma

    Avast

    Tai

    Avira

    Asenna koneellesi palomuuri

    Zonealarm Free

    Tai

    Comodo

    Lähetä uusi Hijackthis loki ja Malwarabytesin loki.
     
    Last edited: Sep 12, 2008
    yaht, Sep 12, 2008
    #4

Share This Page