HijackThis logi troijalaiset vaivaa

Voisko joku ystävällinen ihminen katsoa tämän login
Kiitos jo etukäteen

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:28:32, on 10.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Asennetut Ohjelmat\AnyDVD\AnyDVD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\azureus\Azureus.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Ari-Pekka\Desktop\HiJackThis_v2.0.0.0.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlackFooX 3] D:\Asennetut Ohjelmat\AnyDVD\BlackFooX3.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

--
End of file - 8257 bytes

 

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Tämmönen tuli


"Ari-Pekka" - 2007-05-10 23:38:29 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Program Files\Mozilla Firefox\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-10 ))))))))))))))))))))))))))))))))))


2007-05-10 01:51 <DIR> d-------- C:\!KillBox
2007-05-10 01:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-10 01:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-05-10 01:19 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-05-10 01:19 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-10 01:19 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-10 01:19 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-10 01:19 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-10 01:19 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-10 01:19 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-10 00:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-10 00:16 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-05 14:58 <DIR> d-------- C:\DOCUME~1\ARI-PE~1\APPLIC~1\Apple Computer
2007-05-05 14:55 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-05 14:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-05 14:53 <DIR> d-------- C:\Program Files\QuickTime
2007-05-05 00:13 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-05-05 00:13 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-05-05 00:11 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-05-05 00:11 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-05-05 00:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-04 22:08 <DIR> d-------- C:\WINDOWS\system32\EWS
2007-05-04 18:22 <DIR> dr------- C:\DOCUME~1\ARI-PE~1\APPLIC~1\Brother
2007-05-04 18:01 49,152 --a------ C:\WINDOWS\system32\EZPdf.dll
2007-05-04 18:01 307,200 --a------ C:\WINDOWS\system32\PolarZIPLight.dll
2007-05-04 18:01 29,184 --a------ C:\WINDOWS\system32\picn20.dll
2007-05-04 18:01 266,240 --a------ C:\WINDOWS\system32\EZTiff.dll
2007-05-04 18:01 225,280 --a------ C:\WINDOWS\system32\Btn32d20.dll
2007-05-04 18:01 180,224 --a------ C:\WINDOWS\system32\Eztwain3.dll
2007-05-04 18:01 153,088 --a------ C:\WINDOWS\system32\UNWISE.EXE
2007-05-04 18:01 151,552 --a------ C:\WINDOWS\system32\EZPng.dll
2007-05-04 18:01 122,880 --a------ C:\WINDOWS\system32\fxtls532.dll
2007-05-04 18:01 118,784 --a------ C:\WINDOWS\system32\EZGif.dll
2007-05-04 18:01 106,496 --a------ C:\WINDOWS\system32\EZJpeg.dll
2007-05-03 19:08 <DIR> d-------- C:\DOCUME~1\ARI-PE~1\APPLIC~1\Joost
2007-05-02 13:38 <DIR> d-------- C:\Program Files\TimeAdjuster
2007-05-01 18:33 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-23 21:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
2007-04-23 21:02 <DIR> d-------- C:\Program Files\GRETECH
2007-04-23 21:02 <DIR> d-------- C:\DOCUME~1\ARI-PE~1\APPLIC~1\GRETECH
2007-04-21 16:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-04-21 12:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-21 02:35 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-04-21 02:30 <DIR> d-------- C:\Program Files\ATI Technologies
2007-04-13 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-04-13 19:54 <DIR> d-------- C:\Program Files\Microsoft Works
2007-04-13 19:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-13 19:50 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-13 19:50 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-04-13 19:49 <DIR> dr-h----- C:\MSOCache
2007-04-13 19:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-04-11 18:50 <DIR> d-------- C:\DOCUME~1\ARI-PE~1\APPLIC~1\ICAClient
2007-04-11 15:35 24,816 --a------ C:\WINDOWS\system32\mdimon.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-10 20:40:53 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\Azureus
2007-05-10 04:30:43 -------- d-----w C:\Program Files\Azureus
2007-05-09 23:10:43 2,151 ----a-w C:\WINDOWS\mozver.dat
2007-05-05 10:16:19 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-29 11:29:47 54,784 ----a-w C:\WINDOWS\system32\msvci70c.dll
2007-04-22 15:26:00 -------- d-----w C:\Program Files\The All-Seeing Eye
2007-04-20 23:40:43 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-20 23:40:37 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-04-20 23:20:16 -------- d-----w C:\Program Files\CyberLink DVD Solution
2007-04-14 06:13:29 -------- d-----w C:\Program Files\Ray Adams
2007-04-13 16:53:54 -------- d-----w C:\Program Files\MSBuild
2007-04-11 15:58:06 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\Vso
2007-04-08 22:26:13 -------- d-----w C:\Program Files\DAEMON Tools
2007-04-08 22:22:55 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-08 21:50:53 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-04-08 21:50:53 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-04-08 21:32:28 -------- d-----w C:\Program Files\SystemRequirementsLab
2007-04-08 21:32:23 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\SystemRequirementsLab
2007-04-04 13:57:24 -------- d-----w C:\Program Files\Common Files\aliaswavefront shared
2007-04-04 13:57:24 -------- d-----w C:\Program Files\Common Files\Alias Shared
2007-04-04 13:57:20 -------- d-----w C:\Program Files\Microsoft DirectX SDK (April 2007)
2007-04-02 12:47:32 -------- d-----w C:\Program Files\OpenAL
2007-03-30 14:12:33 -------- d-----w C:\Program Files\EZB System
2007-03-30 14:09:57 -------- d-----w C:\Program Files\MagicISO
2007-03-30 12:46:08 3,087,208 ----a-w C:\WINDOWS\system32\d3d9d.dll
2007-03-30 12:44:54 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-03-30 12:43:20 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-03-30 12:42:56 342,888 ----a-w C:\WINDOWS\system32\d3dref9.dll
2007-03-29 14:15:51 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\BSplayer Pro
2007-03-29 12:58:12 -------- d-----w C:\Program Files\YourWare Solutions
2007-03-28 19:06:39 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\MP3Toys
2007-03-28 09:43:37 -------- d-----w C:\Program Files\PokerOffice
2007-03-27 10:29:27 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-03-27 10:21:51 -------- d-----w C:\Program Files\Electronic Arts
2007-03-25 12:37:11 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-03-25 12:37:11 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-03-25 12:37:11 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-03-23 03:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 03:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 18:37:54 -------- d-----w C:\Program Files\GameShadow
2007-03-22 17:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-22 13:54:19 -------- d-----w C:\Program Files\MadOnion.com
2007-03-20 22:54:46 -------- d-----w C:\Program Files\Activision
2007-03-20 18:56:44 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\atitray
2007-03-20 09:54:44 -------- d-----w C:\Program Files\NVIDIA Corporation
2007-03-20 09:54:23 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-19 18:31:51 -------- d-----w C:\Program Files\Windows Defender
2007-03-19 12:55:15 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\uTorrent
2007-03-18 08:38:39 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\SlySoft
2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 22:37:57 -------- d-----w C:\Program Files\Winamp
2007-03-16 21:55:02 87,608 ----a-w C:\DOCUME~1\ARI-PE~1\APPLIC~1\ezpinst.exe
2007-03-16 21:55:02 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-16 21:55:02 47,360 ----a-w C:\DOCUME~1\ARI-PE~1\APPLIC~1\pcouffin.sys
2007-03-16 21:41:56 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\FinalBurner Video DVD
2007-03-16 16:04:27 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\FinalBurner .ISO
2007-03-16 06:56:10 72,496 ----a-w C:\WINDOWS\system32\drivers\khips.sys
2007-03-16 06:56:06 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
2007-03-15 22:42:09 77,000 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-03-15 21:37:30 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\CyberLink
2007-03-15 18:35:13 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\Ideazon
2007-03-15 18:31:40 -------- d-----w C:\Program Files\Ideazon
2007-03-15 17:52:02 -------- d-----w C:\Program Files\CyberLink
2007-03-15 13:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 01:57:15 1,986,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-03-13 22:50:24 -------- d-----w C:\Program Files\Common Files\SystemRequirementsLab
2007-03-13 22:50:24 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\System Requirements Lab
2007-03-13 18:35:50 -------- d-----w C:\Program Files\Gabest
2007-03-13 18:27:28 -------- d-----w C:\DOCUME~1\ARI-PE~1\APPLIC~1\Media Player Classic
2007-03-12 13:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
2007-03-12 13:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
2007-03-12 13:42:28 3,799,400 ----a-w C:\WINDOWS\system32\d3dx9d_33.dll
2007-03-08 15:48:36 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:48:36 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:48:36 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:49:49 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat
2007-03-05 09:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
2007-03-05 09:41:00 359,624 ----a-w C:\WINDOWS\system32\dinput8d.dll
2007-03-05 09:41:00 106,696 ----a-w C:\WINDOWS\system32\d3dref.dll
2007-03-05 09:40:56 73,928 ----a-w C:\WINDOWS\system32\dmcompod.dll
2007-03-05 09:40:56 52,424 ----a-w C:\WINDOWS\system32\dmloaded.dll
2007-03-05 09:40:56 41,160 ----a-w C:\WINDOWS\system32\dmbandd.dll
2007-03-05 09:40:56 30,920 ----a-w C:\WINDOWS\system32\dswaved.dll
2007-03-05 09:40:56 240,328 ----a-w C:\WINDOWS\system32\dmimed.dll
2007-03-05 09:40:56 134,344 ----a-w C:\WINDOWS\system32\dmusicd.dll
2007-03-05 09:40:56 117,448 ----a-w C:\WINDOWS\system32\dmstyled.dll
2007-03-05 09:40:56 115,912 ----a-w C:\WINDOWS\system32\dmscripd.dll
2007-03-05 09:40:56 112,840 ----a-w C:\WINDOWS\system32\dmsynthd.dll
2007-03-05 09:40:52 248,008 ----a-w C:\WINDOWS\system32\d3dref8.dll
2007-03-05 09:40:50 1,390,792 ----a-w C:\WINDOWS\system32\d3d8d.dll
2007-03-04 18:11:00 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-02-28 23:05:26 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-02-26 14:23:07 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-25 12:41:54 0 ----a-w C:\WINDOWS\nsreg.dat
2007-02-25 12:05:27 0 --sha-r C:\MSDOS.SYS
2007-02-25 12:05:27 0 --sha-r C:\IO.SYS
2007-02-25 12:05:27 0 ----a-w C:\CONFIG.SYS
2007-02-25 12:05:27 0 ----a-w C:\AUTOEXEC.BAT
2007-02-25 12:02:45 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UnlockerAssistant"="C:\\Program Files\\Unlocker\\UnlockerAssistant.exe -H"
"amd_dc_opt"="C:\\Program Files\\AMD\\Dual-Core Optimizer\\amd_dc_opt.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
@=""
"NVIDIA nTune"="\"C:\\Program Files\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"
"POEngine"=""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BlackFooX 3"="D:\\Asennetut Ohjelmat\\AnyDVD\\BlackFooX3.exe"
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"AtiTrayTools"="\"C:\\Program Files\\Ray Adams\\ATI Tray Tools\\atitray.exe\""
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ZboardTray"="\"C:\\Program Files\\Ideazon\\Zboard Software\\Driver\\ZboardTray.exe\" /autolaunch"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-10 23:41:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [3944]

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-10 23:41:31
C:\ComboFix-quarantined-files.txt ... 2007-05-10 23:41
C:\ComboFix2.txt ... 2007-05-10 00:19

 

avg antaa tälläsen lokin ja nuo troijalaiset ja tuo backdoor.huia löytyy melkein joka scannaus en tiä sit osaako tuo poistaa nuita oikeasti.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 0:37:32 11.5.2007

+ Scan result:



C:\System Volume Information\_restore{4E4BD3DC-2B7E-4557-8F9C-915EC0A905BF}\RP138\A0057668.exe -> Backdoor.Huai : Cleaned.
D:\System Volume Information\_restore{4E4BD3DC-2B7E-4557-8F9C-915EC0A905BF}\RP138\A0057671.ax -> Heuristic.Win32.Morphine-Crypted : Cleaned.
:mozilla.49:C:\Documents and Settings\Ari-Pekka\Application Data\Mozilla\Firefox\Profiles\jeuq5a1c.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.27:C:\Documents and Settings\Ari-Pekka\Application Data\Mozilla\Firefox\Profiles\jeuq5a1c.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.39:C:\Documents and Settings\Ari-Pekka\Application Data\Mozilla\Firefox\Profiles\jeuq5a1c.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\Ari-Pekka\Application Data\Mozilla\Firefox\Profiles\jeuq5a1c.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.9:C:\Documents and Settings\Ari-Pekka\Application Data\Mozilla\Firefox\Profiles\jeuq5a1c.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
D:\System Volume Information\_restore{4E4BD3DC-2B7E-4557-8F9C-915EC0A905BF}\RP138\A0057670.exe -> Trojan.Feutel.av : Cleaned.
D:\System Volume Information\_restore{4E4BD3DC-2B7E-4557-8F9C-915EC0A905BF}\RP138\A0057669.exe -> Trojan.Small : Cleaned.


::Report end

 

Ajetaanpas blacklightia.

Lataa ja tallenna Blacklight työpöydällesi;

Tupla-klikkaa fsbl.exe, hyväksy sopimus, klikkaa -> Scan, sitten -> Next

Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".

=========

Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi

 

Toi Blackkight anto tämmösen eli ei juuri mitään

05/11/07 12:11:13 [Info]: BlackLight Engine 1.0.61 initialized
05/11/07 12:11:13 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/11/07 12:11:13 [Note]: 7019 4
05/11/07 12:11:13 [Note]: 7005 0
05/11/07 12:11:21 [Note]: 7006 0
05/11/07 12:11:21 [Note]: 7011 1984
05/11/07 12:11:21 [Note]: 7026 0
05/11/07 12:11:21 [Note]: 7026 0
05/11/07 12:11:23 [Note]: FSRAW library version 1.7.1021
05/11/07 12:14:56 [Note]: 7007 0

DR web tällasen

07 - Irwin Goodman - Terveisiä Perseestä.mp3;D:\MUSIIKKI\Irwin Goodman\1984 - Härmäläinen Perusjuntti;Modification of Trojan.Nadoel;Moved.;

 

Nyt alko näyttään paremmalta.
Ei enään löydy trijan horseja
Kiitos avusta.

 

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI