nyt on tämmönen ongelma että firefox lakkasi toimimasta tuossa vähän aikaa sitten ja sitä ennen oli tullu joku mukamas windowssin varoitus jostain trojan-keylogger.win32.fung keyloggerista mutta taitaa oikeasti olla vaan troijalainen ja tää varotus tulee joku 20 minsan välein. tämän lisäksi IE saattaa yht'äkkiä vaan pätkässä ja sulkea selaimen ja sama juttu windows media playerissa. kiitoksia jo etukäteen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:51:11, on 13.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\runservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {970E26F1-73DE-8C12-718B-8BF24020B0B1} - C:\DOCUME~1\Olli\APPLIC~1\KNOB64~1\waitdata.exe (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PollInfoDeadRule] C:\Documents and Settings\All Users\Application Data\Size bits poll info\pollknob.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [TEAM SETTINGS] C:\DOCUME~1\Olli\APPLIC~1\VGABOR~1\birdtrayfor.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Olli\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [wixpo] "C:\Documents and Settings\Olli\Application Data\Google\mupd1_2_645698.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121780122750 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11445 bytes
Luo poistolista: • Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta ketjuusi
2006 FIFA World Cup (TM) Ad-Aware SE Personal Adobe Acrobat - Reader 6.0.2 Update Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 6.0.1 - Suomi Adobe Shockwave Player Apple Mobile Device Support Apple Software Update Avira AntiVir Personal - Free Antivirus BitComet 0.63 Command & Conquer Red Alert 2 DAEMON Tools DivX Player EA SPORTS online 2007 Eastside UK pre-game Editor v2007.1.5 Eastside UK saved game Editor v2007.0.4 EPSON Easy Photo Print EPSON File Manager EPSON Image Clip Palette EPSON Scan EPSON Scan Assistant EPSON Web-To-Page EPSON-tulostinohjelma ESDX4800_4200 Käyttöopas EVEREST Home Edition v1.51 ffdshow Football Manager 2008 Frets On Fire Guitar Pro 5.0 Hamachi 1.0.2.1 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683) Hotfix-päivitys Windows XP:lle (KB952287) InterVideo WinDVD iTunes J2SE Runtime Environment 5.0 Update 11 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Update 1 Logitech® Camera -ohjain Malwarebytes' Anti-Malware Messenger Plus! 3 Messenger Plus! Live & Sponsor Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft AntiSpyware Microsoft AutoRoute 2005 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Encarta Encyclopedia Standard 2005 Microsoft Money Microsoft Office Professional Edition 2003 Microsoft Photo Premium 10 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works Microsoft Works 2005 Osien valitseminen mIRC Mopokorttikoulu Mozilla Firefox (3.0.4) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nero BurnRights Nero OEM NeroVision Express 2 NHL Eastside Hockey Manager 2007 NHL06 Nokia PC Connectivity Solution Nokia PC Suite NVIDIA Drivers OpenOffice.org Installer 1.0 Opera Pack Vista Inspirat 1.1 PIF DESIGNER Päivitys Windows XP:lle (KB951072-v2) Päivitys Windows XP:lle (KB951978) Päivitys Windows XP:lle (KB955839) QuickTime Riva FLV Encoder 2.0 Shockwave Ski Jump International 3.11 Shareware Sony Ericsson PC Suite Sound Blaster Audigy 2 ZS Steam(TM) Stronghold Stronghold Crusader Suojauspäivitys ohjelmistolle Windows XP (KB941569) Suojauspäivitys Windows Media Player 10:lle (KB911565) Suojauspäivitys Windows Media Player 10:lle (KB917734) Suojauspäivitys Windows Media Player 11:lle (KB936782) Suojauspäivitys Windows Media Player 11:lle (KB954154) Suojauspäivitys Windows Media Playerille (KB952069) Suojauspäivitys Windows XP:lle (KB938464) Suojauspäivitys Windows XP:lle (KB946648) Suojauspäivitys Windows XP:lle (KB950759) Suojauspäivitys Windows XP:lle (KB950760) Suojauspäivitys Windows XP:lle (KB950762) Suojauspäivitys Windows XP:lle (KB950974) Suojauspäivitys Windows XP:lle (KB951066) Suojauspäivitys Windows XP:lle (KB951376) Suojauspäivitys Windows XP:lle (KB951376-v2) Suojauspäivitys Windows XP:lle (KB951698) Suojauspäivitys Windows XP:lle (KB951748) Suojauspäivitys Windows XP:lle (KB952954) Suojauspäivitys Windows XP:lle (KB953838) Suojauspäivitys Windows XP:lle (KB953839) Suojauspäivitys Windows XP:lle (KB954211) Suojauspäivitys Windows XP:lle (KB954459) Suojauspäivitys Windows XP:lle (KB954600) Suojauspäivitys Windows XP:lle (KB955069) Suojauspäivitys Windows XP:lle (KB956390) Suojauspäivitys Windows XP:lle (KB956391) Suojauspäivitys Windows XP:lle (KB956802) Suojauspäivitys Windows XP:lle (KB956803) Suojauspäivitys Windows XP:lle (KB956841) Suojauspäivitys Windows XP:lle (KB957095) Suojauspäivitys Windows XP:lle (KB957097) Suojauspäivitys Windows XP:lle (KB958644) WIDCOMM Bluetooth-ohjelmisto Winamp (remove only) Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) Windows Genuine Advantage v1.3.0254.0 Windows Internet Explorer 8 Beta 2 Windows Live installer Windows Live Messenger Windows Live OneCare safety scanner Windows Liven kirjautumisavustaja Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver Wolfenstein - Enemy Territory ZoneAlarm
Poista lisää poista sovelutuksesta J2SE Runtime Environment 5.0 Update 11 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Update 1 Messenger Plus! 3 Messenger Plus! Live & Sponsor Poista Vikasiedossa kansiot C:\Program Files\Java C:\Program Files\Save C:\NORMAN ================ scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {970E26F1-73DE-8C12-718B-8BF24020B0B1} - C:\DOCUME~1\Olli\APPLIC~1\KNOB64~1\waitdata.exe (file missing) O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PollInfoDeadRule] C:\Documents and Settings\All Users\Application Data\Size bits poll info\pollknob.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [TEAM SETTINGS] C:\DOCUME~1\Olli\APPLIC~1\VGABOR~1\birdtrayfor.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [wixpo] "C:\Documents and Settings\Olli\Application Data\Google\mupd1_2_645698.exe" O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun Varmista että tiedoston tyyppi on "all Files" ja tallenna se Poisto.bat. nimisenä työpöydällesi. @echo off sc stop NipSvc sc delete NipSvc Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia. ====================== Malwarebytes' Anti-Malware päivitä ja aja täysi scannaus =================== 1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ================ Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Noniin pitkästä aikaa, tässä nuo lokit: ComboFix 09-01-05.01 - Olli 2009-01-05 16:37:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1022.602 [GMT 2:00] Sijainti: c:\documents and settings\Olli\Työpöytä\ComboFix.exe * Uusi palautuspiste luotu VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Olli\Application Data\Google\mjkmsk.dll c:\windows\IE4 Error Log.txt . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-05 to 2009-01-05 ))))))))))))))))) . 2009-01-05 15:41 . 2009-01-05 15:41 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-01-05 15:37 . 2009-01-05 15:37 <KANSIO> d-------- c:\windows\ERUNT 2008-12-18 22:12 . 2008-12-18 22:12 <KANSIO> d-------- c:\windows\ie8updates 2008-12-06 18:25 . 2008-12-06 18:26 <KANSIO> d--h-c--- c:\windows\ie8 . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-05 14:35 --------- d-----w c:\program files\Microsoft AntiSpyware 2009-01-05 14:02 1,529 --sha-w c:\windows\system32\mmf.sys 2009-01-05 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition classic 2008-12-29 21:01 --------- d-----w c:\program files\Opera 2008-12-14 10:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-12-14 09:56 --------- d-----w c:\program files\MSN Messenger 2008-12-03 17:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 17:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-11-20 19:27 --------- d-----w c:\program files\Windows Live Safety Center 2008-11-15 19:40 --------- d-----w c:\program files\Trend Micro 2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll 2006-01-21 18:22 0 ----a-w c:\documents and settings\Päivi\Application Data\wklnhst.dat 2004-09-15 12:00 93,184 --sha-w c:\windows\BricoPacks\SysFiles\68_iexplore.exe 2008-09-23 10:17 1,529 --sha-w c:\windows\system32\mmf(2)(2).sys 2008-08-24 06:36 1,529 --sha-w c:\windows\system32\mmf(3)(2).sys . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "UberIcon"="c:\windows\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe" [2005-08-12 180224] "Octoshape Streaming Services"="c:\program files\Octoshape Streaming Services\Olli\OctoshapeClient.exe" [2006-02-13 214648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-20 4583424] "gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2004-12-31 469824] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304] "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 237568] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "CTHelper"="CTHELPER.EXE" [2003-10-06 c:\windows\system32\CTHELPER.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Olli\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe [2005-08-12 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe [2002-09-30 151552] Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112] c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-05 618557] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft AntiSpyware\\GIANTAntiSpywareMain.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-02-22 22336] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-02-22 45376] R4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2006-11-29 2560] R4 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2005-08-15 15840] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-07-09 16512] S3 gel90xne;gel90xne;\??\c:\docume~1\Olli\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\Olli\LOCALS~1\Temp\gel90xne.sys [?] S3 TNET1130x;ZyXEL 802.11g Wireless Card;c:\windows\system32\DRIVERS\tnet1130x.sys --> c:\windows\system32\DRIVERS\tnet1130x.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\autorun.exe . 'Ajoitetut tehtävät'-kansion sisältö 2009-01-05 c:\windows\Tasks\A2D8047491A7BEE0.job - c:\docume~1\olli\applic~1\vgabor~1\Shim lies find.exe [] 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] . - - - - POISTETUT JÄMÄRIVIT - - - - HKCU-Run-Steam - c:\program files\Valve\Steam\Steam.exe HKLM-Run-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe . ------- Täydentävä tarkistus ------- . uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Lähetä &Bluetooth-laitteeseen... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Olli\Application Data\Mozilla\Firefox\Profiles\fc1e2prp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/ FF - plugin: c:\documents and settings\Olli\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Octoshape Streaming Services\Olli\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll FF - plugin: c:\program files\Octoshape Streaming Services\Olli\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-05 16:40:08 Windows 5.1.2600 Service Pack 3 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... ************************************************************************** . Valmistumisajankohta: 2009-01-05 16:43:00 ComboFix-quarantined-files.txt 2009-01-05 14:41:43 Ennen ajoa: 167 403 462 656 tavua vapaana Ajon jälkeen: 167,736,430,592 tavua vapaana 139 --- E O F --- 2008-12-18 20:12:13 SDFix: Version 1.240 Run by Olli on ma 05.01.2009 at 15:43 Microsoft Windows XP [versio 5.1.2600] Running From: C:\Documents and Settings\Olli\Ty”p”yt„\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-05 16:24:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016385e55f9] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] "khjeh"=hex:20,02,00,00,f8,d0,6a,8d,ab,42,63,40,80,7f,a2,34,ba,8f,15,c6,f0,.. "hj34z0"=hex:9e,de,14,c6,3f,23,b4,40,87,8a,02,b2,64,75,9f,96,7c,78,45,a6,15,.. "hj34z1"=hex:02,df,31,5f,55,22,32,df,84,8a,9b,16,67,75,06,3f,7e,78,d2,08,21,.. "hj34z2"=hex:07,df,22,40,50,22,f3,cc,81,8a,5a,20,62,75,f7,0e,7b,78,3d,38,24,.. "hj34z3"=hex:0c,df,41,f8,5b,22,0d,02,8a,8a,21,f5,69,75,17,dd,70,78,ae,e9,2f,.. "hj34z4"=hex:10,df,70,fc,47,22,21,7e,96,8a,c1,f0,75,75,6f,d0,6c,78,65,ed,33,.. "hj34z5"=hex:13,df,4c,39,44,22,e3,43,92,8a,57,b5,71,75,d0,9d,68,78,0f,a9,37,.. "hj34z6"=hex:17,df,5b,5c,40,22,94,de,91,8a,ed,13,72,75,5e,33,6b,78,d3,0f,34,.. "hj34z7"=hex:1b,df,55,d6,4c,22,45,53,9d,8a,a3,a5,7e,75,d1,8d,67,78,bb,b8,38,.. "hj34z8"=hex:1e,df,67,a3,49,22,4b,28,98,8a,8c,de,7b,75,83,e6,62,78,e0,d5,3d,.. "hj34z9"=hex:21,df,7d,5b,76,22,63,e0,a7,8a,45,16,44,75,2b,31,5d,78,67,0d,02,.. "hj34z10"=hex:24,df,ed,7c,73,22,f8,fe,a2,8a,9e,73,41,75,6d,52,58,78,00,6e,07,.. "hj34z11"=hex:27,df,47,06,70,22,38,83,a1,8a,c6,74,42,75,9e,5c,5b,78,7e,6b,04,.. "hj34z12"=hex:2a,df,99,69,7d,22,1b,f2,ac,8a,d0,07,4f,75,6a,2e,56,78,5c,1a,09,.. "hj34z13"=hex:2d,df,54,4c,7a,22,f9,cd,ab,8a,5a,22,48,75,f9,05,51,78,36,30,0e,.. "hj34z14"=hex:30,df,7a,94,67,22,dd,15,b6,8a,67,ea,55,75,c0,cd,4c,78,1c,f8,13,.. "hj34z15"=hex:33,df,74,cf,64,22,fd,4c,b5,8a,30,bd,56,75,81,84,4f,78,4c,b3,10,.. "hj34z16"=hex:35,df,40,76,62,22,98,f3,b3,8a,07,04,50,75,43,2e,49,78,f6,1d,16,.. "hj34z17"=hex:38,df,70,8e,6f,22,9f,0b,be,8a,f0,ff,5d,75,24,c6,44,78,c6,f5,1b,.. "hj34z18"=hex:3a,df,25,14,6d,22,59,94,bc,8a,a9,65,5f,75,fa,4c,46,78,5a,7b,19,.. "hj34z19"=hex:3d,df,d4,88,6a,22,d8,11,bb,8a,14,e6,58,75,5c,c0,41,78,2b,ff,1e,.. "hj34z20"=hex:3f,df,c9,78,68,22,c8,81,b9,8a,19,76,5a,75,26,50,43,78,12,6f,1c,.. "hj34z21"=hex:42,df,2b,e5,15,22,65,65,c4,8a,67,9a,27,75,6b,bc,3e,78,c0,8b,61,.. "hj34z22"=hex:44,df,b1,ba,13,22,9f,3f,c2,8a,b2,33,21,75,a7,12,38,78,fb,20,67,.. "hj34z23"=hex:46,df,26,0d,11,22,19,8d,c0,8a,2b,62,23,75,3c,44,3a,78,5b,73,65,.. "hj34z24"=hex:49,df,d4,c9,1e,22,85,52,cf,8a,b3,a6,2c,75,ae,81,35,78,e7,bf,6a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016385e55f9] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\Microsoft AntiSpyware\\GIANTAntiSpywareMain.exe"="C:\\Program Files\\Microsoft AntiSpyware\\GIANTAntiSpywareMain.exe:*:Enabled:Microsoft AntiSpyware" "C:\\Norman\\Nvc\\BIN\\Ninfo.exe"="C:\\Norman\\Nvc\\BIN\\Ninfo.exe:*isabled:Julkaisutietoja" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Et„tuki - Windows Messenger ja „„niyhteys" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Tue 9 Sep 2008 637,984 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe" Mon 17 Sep 2007 51,712 ..SHR --- "C:\Program Files\Ski Jump International\Setup.exe" Tue 23 Sep 2008 1,529 A.SH. --- "C:\WINDOWS\system32\mmf(2)(2).sys" Sun 24 Aug 2008 1,529 A.SH. --- "C:\WINDOWS\system32\mmf(3)(2).sys" Mon 5 Jan 2009 1,529 A.SH. --- "C:\WINDOWS\system32\mmf.sys" Wed 12 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 12 Jul 2004 122,880 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\EulaRegn.dll" Mon 6 Sep 2004 1,949,696 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe" Mon 6 Sep 2004 53,760 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll" Mon 6 Sep 2004 94,208 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe" Mon 6 Sep 2004 35,328 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll" Mon 6 Sep 2004 20,480 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe" Thu 19 Aug 2004 13,824 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\wkernlng.dll" Wed 15 Sep 2004 93,184 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\68_iexplore.exe" Sun 7 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:46:10, on 5.1.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\runservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Olli\OctoshapeClient.exe" -inv:bootrun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121780122750 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9087 bytes
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi
Malwarebytes' Anti-Malware 1.31 Tietokantaversio: 1456 Windows 5.1.2600 Service Pack 3 5.1.2009 18:48:01 mbam-log-2009-01-05 (18-48-01).txt Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|) Tarkistetut kohteet: 171017 Kulunut aika: 1 hour(s), 13 minute(s), 43 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 0 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 0 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: (Haitallisia kohteita ei löydetty)
