Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:13, on 20.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSMA32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSMB32.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FCH32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FAMEH32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSM32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing) O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing) O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file:///C:/Documents%20and%20Settings/Alex.WINTER/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9122 bytes Olen ajanut Combomixin ja Malwarebytesin. Pitääkö tehdä vielä jotain? Virus Alert luki joka paikassa ennenkuin ajoin ohjelmat. Kiitos vastauksesta.
Tässä myös Combomixin logi: ComboFix 08-10-18.03 - Alex 2008-10-20 0:50:55.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.520 [GMT 3:00] Sijainti: C:\Documents and Settings\Alex.WINTER\Työpöytä\ComboFix.exe * Resident AV is active . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-19 to 2008-10-19 ))))))))))))))))) . 2008-10-19 21:01 . 2008-10-19 21:01 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-19 21:01 . 2008-10-19 21:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-19 21:01 . 2008-10-19 21:01 <KANSIO> d-------- C:\Documents and Settings\Alex.WINTER\Application Data\Malwarebytes 2008-10-19 21:01 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-19 21:01 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-19 20:59 . 2008-10-19 20:59 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-10-19 18:27 . 2008-10-19 18:27 <KANSIO> d-------- C:\Program Files\Lavasoft 2008-10-19 18:27 . 2008-10-19 18:27 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-19 18:27 . 2008-10-19 18:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-19 16:12 . 2008-10-19 20:34 <KANSIO> d-------- C:\Documents and Settings\Alex.WINTER\Application Data\F-Secure 2008-10-19 16:09 . 2008-10-19 16:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-10-19 16:09 . 2007-05-25 16:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-10-19 16:09 . 2007-05-25 16:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-10-19 16:07 . 2008-03-25 19:28 10,718 --a------ C:\WINDOWS\NPFFILE.NDF_B 2008-10-19 16:06 . 2008-10-19 16:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-10-19 12:40 . 2008-10-19 12:40 <KANSIO> d-------- C:\Documents and Settings\Hannele\Application Data\TmpRecentIcons 2008-10-19 12:37 . 2005-11-19 04:50 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö 2008-10-19 12:37 . 2005-11-19 04:50 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö 2008-10-19 12:37 . 2005-11-19 04:50 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä 2008-10-19 12:37 . 2005-11-19 04:50 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä 2008-10-19 12:37 . 2005-11-19 04:50 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö 2008-10-19 12:37 . 2005-11-19 04:50 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö 2008-10-19 12:37 . 2005-11-19 02:58 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit 2008-10-19 12:37 . 2005-11-19 02:58 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit 2008-10-19 12:37 . 2005-11-19 02:58 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot 2008-10-19 12:37 . 2005-11-19 02:58 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot 2008-10-19 12:37 . 2005-11-19 02:53 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit 2008-10-19 12:37 . 2005-11-19 02:53 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit 2008-10-19 12:37 . 2005-11-19 04:50 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko 2008-10-19 12:37 . 2005-11-19 04:50 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko 2008-10-19 12:37 . 2005-11-19 03:35 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\ATI 2008-10-19 12:37 . 2008-10-19 12:37 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja 2008-10-17 23:59 . 2008-10-17 23:59 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-17 22:46 . 2008-10-17 23:35 <KANSIO> d-------- C:\Documents and Settings\Alex.WINTER\Application Data\GetRightToGo 2008-10-15 14:29 . 2008-08-14 16:25 2,191,488 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 14:29 . 2008-08-14 16:25 2,068,352 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 14:29 . 2008-09-15 18:27 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-09 18:22 . 2008-10-09 18:22 <KANSIO> d-------- C:\Program Files\EA GAMES 2008-10-08 22:35 . 2008-10-09 15:18 <KANSIO> d-------- C:\WINDOWS\system32\Adobe 2008-10-05 12:50 . 2008-10-05 12:50 <KANSIO> d-------- C:\Takuu laput 2008-10-01 16:31 . 2008-10-04 15:43 <KANSIO> d-------- C:\Program Files\EurobetPoker . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-19 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-19 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\NPF 2008-10-18 17:28 --------- d-----w C:\Program Files\Red Kings Poker 2008-10-18 17:28 --------- d-----w C:\Program Files\PAFPoker 2008-10-18 17:28 --------- d-----w C:\Program Files\NextPoker 2008-10-18 16:44 --------- d-----w C:\Program Files\Winamp 2008-10-15 18:46 --------- d-----w C:\Program Files\Full Tilt Poker 2008-10-14 12:32 --------- d-----w C:\Program Files\Betsson Poker 2008-10-09 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\NFS Underground 2008-10-07 15:13 --------- d-----w C:\Documents and Settings\Alex.WINTER\Application Data\Microgaming 2008-10-05 10:19 --------- d-----w C:\Documents and Settings\Alex.WINTER\Application Data\Canon 2008-10-02 21:44 138,240 -c--a-w C:\WINDOWS\system32\taskmgr.exe 2008-09-22 22:28 1,576 -c--a-w C:\Documents and Settings\Hannele\Application Data\wklnhst.dat 2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-10 21:31 --------- d-----w C:\Program Files\BitComet 2008-09-10 21:26 --------- d-----w C:\Program Files\ToniArts 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-02 17:20 --------- d-----w C:\Program Files\CCleaner 2008-09-02 09:48 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-08-30 13:16 --------- d-----w C:\Documents and Settings\Hannele\Application Data\Logitech 2008-08-28 18:32 --------- d-----w C:\Documents and Settings\Alex.WINTER\Application Data\Logitech 2008-08-28 18:31 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-08-28 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-08-28 18:31 --------- d-----w C:\Documents and Settings\Alex.WINTER\Application Data\InstallShield 2008-08-28 18:24 130,208 ------r C:\WINDOWS\bwUnin-8.1.1.87-8876480SL.exe 2008-08-28 18:24 --------- d-----w C:\Program Files\Logitech 2008-08-28 18:08 --------- d-----w C:\Program Files\Common Files\Logitech 2008-08-26 08:12 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-25 20:21 --------- d-----w C:\Program Files\Canon 2008-08-20 17:00 --------- d-----w C:\Program Files\PAF Diamond Poker 2008-08-14 13:25 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:24 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-02-12 15:06 852 -c--a-w C:\Documents and Settings\Alex.WINTER\Application Data\wklnhst.dat 2007-02-21 19:36 1,430 -c--a-w C:\Documents and Settings\Alex\Application Data\wklnhst.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-09-29 1279216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSM32.EXE" [2007-05-25 183208] "F-Secure TNB"="C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 740208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I263"= I263_32.drv "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "msacm.imc"= imc32.acm "msacm.avis"= ff_acm.acm "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\Msmsgs.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11197:TCP"= 11197:TCP:BitComet 11197 TCP "11197:UDP"= 11197:UDP:BitComet 11197 UDP "20059:TCP"= 20059:TCP:BitComet 20059 TCP "20059:UDP"= 20059:UDP:BitComet 20059 UDP R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 58128] R1 F-Secure HIPS;F-Secure HIPS;C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\HIPS\fshs.sys [2008-10-19 41184] R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 59760] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512] R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488] S2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [ ] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224] S4 F-Secure Filter;F-Secure File System Filter;C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 40048] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 25456] . 'Ajoitetut tehtävät'-kansion sisältö 2008-10-19 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2008-10-19 C:\WINDOWS\Tasks\Scheduled scanning task.job - C:\DOCUME~1\ALEX~1.WIN\TYPYT~1\F-Secure Internet Security\Anti-Virus\fsav.exe [2007-05-24 15:41] . . ------- Täydentävä tarkistus ------- . FireFox -: Profile - C:\Documents and Settings\Alex.WINTER\Application Data\Mozilla\Firefox\Profiles\eebe0zd6.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fi/ FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-20 00:59:00 Windows 5.1.2600 Service Pack 3 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . ------------------------ Muut prosessit ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Norman\npm\bin\elogsvc.exe C:\Norman\npm\bin\Zanda.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSMA32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsgk32.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSMB32.EXE C:\Norman\npm\bin\Njeeves.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FCH32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FAMEH32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FWES\program\fsdfwd.exe C:\WINDOWS\system32\ati2evxx.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Valmistumisajankohta: 2008-10-20 1:08:38 - kone käynnistettiin uudelleen ComboFix-quarantined-files.txt 2008-10-19 22:08:15 ComboFix2.txt 2008-10-19 17:49:32 Ennen ajoa: 30 437 294 080 tavua vapaana Ajon jälkeen: 30,418,710,528 tavua vapaana 204 --- E O F --- 2008-10-11 08:59:15
Malwarebytes' Anti-Malware 1.29 Tietokantaversio: 1290 Windows 5.1.2600 Service Pack 3 20.10.2008 7:47:37 mbam-log-2008-10-20 (07-47-37).txt Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 171484 Kulunut aika: 1 hour(s), 57 minute(s), 50 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 0 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 0 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: (Haitallisia kohteita ei löydetty)
F-Secure ilmoittaa kummiskin että haitallista koodia on löytynyt jostain ja se on Trojan-Downloader.JS.Agent.cx.
Vastatkaa joku että onko kone nyt kunnossa vai vieläkö siellä joku pöpö vaivaa? Itse olen aivan ulalla.
Lataa työpöydälle ja aja Norman poisto: TÄÄLTÄ Poista kansio: C:\Norman ------------------------------------------------- Katsotaan Kuka siellä F-Securea kiusaa: Lataa Atribunen ATF Cleaner Ohjeet; Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi) ---------------------------------------------- Skannaa koneesi Kaspersky Online Skannerilla * Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept. * Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run. * Kun lataus on valmis, klikkaa Settings. * Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta. * Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report. * Näet listan saastuneista kohteista. Klikkaa Save Report As.... * Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save. * Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera ------------------------------------------------------------ Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * Kaperskyn raportti * *
IE7 lähti toimimaan. Myös igooglen etusivu on outo. Esim. telkku.com ja päivän sää eivät näy. Osaakohan joku sanoa myös tähän apua?
Poistin comodon mutta se näkyy kuitekin HiJack listassa. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:32:13, on 21.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSMA32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FCH32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FAMEH32.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [F-Secure TNB] "C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60 O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing) O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing) O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Documents and Settings\Alex.WINTER\Työpöytä\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7283 bytes -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, October 21, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, October 21, 2008 13:35:48 Records in database: 1331601 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 128778 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:49:32 No malware has been detected. The scan area is clean. The selected area was scanned.
