Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:14:31, on 28.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\Fmctrl.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\V0230Mon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\winudspm.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{56DCA603-3691-4C57-8EBE-D34EF56F8790}: NameServer = 193.167.100.37,193.167.100.40 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - D:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9810 bytes
En tunnistanut palomuuria koneeltasi. Asennukset on syytä tehdä Järjestelmänvalvojan tunnuksilla Asenna koneellesi YKSI palomuuriohjelma NYT: 1) ZoneAlarm 2) Agnitum 3) Sunbelt/Kerio 4) Comodo Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei estä koneelta ulosmeneviä yhteyksiä. Muista käyttää vain yhtä palomuuria kerrallaan. ----------- 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix.exe combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti *
Morjesta taas! Tää mun kone ei suostu aukasemaan tuota comboFix muistiota ollenakaan joten en voi tehdä nuiden ohjeiden mukaan. Tulee vaan että comboFix.exe ei ole kelvollinen win32-sovellus kun yrittää aukaista sitä.
Mene vikasietotilaan siten että otat Networkin mukaan ja siellä koko-operaatio. Tämmöiseksi se mesemato on muuttunut. Ei naurata &¤%#"&%¤#"
Nonii sain tehtyä kaiken kun latasin sen combofix ohjelman eri linkistä! Yksi ainut mutka tuli matkaan kun siinä oli ne 4 kohtaa mitkä piti sitten poistaa sen skannauksen jälkeen, niin yhtä niistä ei löynyt. Mutta ainakin tähän mennessä kone on toiminut moitteettomasti!
Vielä on pöjä !!! Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti
ComboFix 08-06-01.6 - Käyttäjä 2008-06-02 19:55:22.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1434 [GMT 3:00] Running from: C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Työpöytä\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bot.exe C:\d.exe C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\inst.exe C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\macromedia\Flash Player\#SharedObjects\NUB4N96T\iforex.com C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\macromedia\Flash Player\#SharedObjects\NUB4N96T\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\macromedia\Flash Player\#SharedObjects\NUB4N96T\www.broadcaster.com C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\setup.exe C:\WINDOWS\service.exe C:\WINDOWS\system32\urqnnoLd.dll . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-02 to 2008-06-02 ))))))))))))))))) . 2008-06-02 19:10 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys 2008-06-02 19:09 . 2008-06-02 19:09 <KANSIO> d-------- C:\WINDOWS\LastGood 2008-06-02 19:09 . 2008-06-02 19:09 <KANSIO> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-06-02 19:03 . 2008-06-02 19:04 22,528 --a------ C:\d1.exe 2008-06-02 19:02 . 2008-06-02 19:02 5,120 --a------ C:\rpqlvo.exe 2008-06-02 19:02 . 2008-06-02 19:02 2 --a------ C:\-464806253 2008-06-02 19:00 . 2008-06-02 19:01 2,048 --a------ C:\uucn.exe 2008-06-02 18:58 . 2008-06-02 18:59 6,144 --a------ C:\hldtlwe.exe 2008-06-02 18:57 . 2008-06-02 18:57 6,144 --a------ C:\mgoilhuqomfmnhs.exe 2008-06-02 17:35 . 2008-06-02 19:29 60,114 --a------ C:\bot1.exe 2008-05-30 19:23 . 2008-05-30 22:12 60,132 --a------ C:\dcsi.exe 2008-05-30 16:55 . 2008-05-30 19:08 86,498 --a------ C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\setup.exe 2008-05-30 16:55 . 2008-05-30 19:08 86,498 --a------ C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\setup.exe 2008-05-30 05:32 . 2008-05-30 05:34 86,498 --a------ C:\com.com 2008-05-29 23:08 . 2008-05-29 23:08 86,340 --a------ C:\profile.com 2008-05-29 19:37 . 2008-05-29 19:37 40,960 --a------ C:\dsdc.exe 2008-05-29 17:04 . 2008-05-30 02:02 60,132 --a------ C:\ddc.exe 2008-05-29 17:03 . 2008-05-29 18:12 56,832 --a------ C:\fa.com 2008-05-29 13:08 . 2008-05-29 13:08 <KANSIO> d-------- C:\Program Files\ZoneAlarmSB 2008-05-29 13:07 . 2008-05-29 13:07 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier 2008-05-29 13:07 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-05-29 13:07 . 2008-05-29 13:08 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-05-28 20:26 . 2008-05-28 20:26 40,960 --a------ C:\dczi.exe 2008-05-28 20:14 . 2008-05-28 20:14 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-05-28 19:27 . 2008-05-28 20:10 56,832 --a------ C:\sxy1.com 2008-05-28 19:21 . 2008-05-28 19:21 56,832 --a------ C:\sxy.com 2008-05-27 23:36 . 2008-05-27 23:36 40,960 --a------ C:\dcis.exe 2008-05-27 23:24 . 2008-05-28 16:10 40,960 --a------ C:\dciz.exe 2008-05-27 22:52 . 2008-05-28 14:46 56,832 --a------ C:\sexy.com 2008-05-27 19:44 . 2008-05-27 19:46 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-05-27 19:38 . 2008-05-27 19:39 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center 2008-05-27 19:07 . 2008-05-27 20:37 40,960 --a------ C:\dchi.exe 2008-05-27 18:50 . 2008-05-30 22:47 60,132 --a------ C:\dci.exe 2008-05-27 18:49 . 2008-05-27 18:49 56,832 -r-hs---- C:\WINDOWS\winudspm.exe 2008-05-23 19:25 . 2008-05-23 19:25 <KANSIO> d-------- C:\Program Files\GoldWave 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 16:48 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\uTorrent 2008-06-02 16:48 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\uTorrent 2008-06-02 16:48 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\uTorrent 2008-06-02 16:10 --------- d-----w C:\Program Files\Windows Live 2008-06-02 16:06 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-06-02 16:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-02 16:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-05-29 21:10 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\Skype 2008-05-29 21:10 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\Skype 2008-05-29 21:10 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\Skype 2008-05-27 16:45 --------- d-----w C:\Program Files\Lavasoft 2008-05-27 16:45 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\Lavasoft 2008-05-27 16:45 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\Lavasoft 2008-05-27 16:45 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\Lavasoft 2008-05-27 16:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-23 18:17 --------- d-----w C:\Program Files\oDC 2008-05-18 17:28 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-15 00:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-05-13 19:13 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\dvdcss 2008-05-13 19:13 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\dvdcss 2008-05-13 19:13 --------- d-----w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\dvdcss 2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-20 20:10 --------- d-----w C:\Program Files\Microsoft Works 2008-04-20 20:09 --------- d-----w C:\Program Files\MSBuild 2008-04-20 20:08 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-20 20:07 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-04-20 20:03 --------- d-----w C:\Program Files\UltraISO 2008-04-20 20:03 --------- d-----w C:\Program Files\Common Files\EZB Systems 2008-04-16 14:50 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-16 06:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU 2008-04-16 05:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-05 10:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU Networks 2008-04-05 10:54 --------- d-----w C:\Program Files\TVUPlayer 2008-04-03 06:25 --------- d-----w C:\Program Files\Java 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2007-12-06 12:41 22,328 ----a-w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\PnkBstrK.sys 2007-12-06 12:41 22,328 ----a-w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\PnkBstrK.sys 2007-12-06 12:41 22,328 ----a-w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\PnkBstrK.sys 2007-09-14 12:15 47,360 ----a-w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\pcouffin.sys 2007-09-14 12:15 47,360 ----a-w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\pcouffin.sys 2007-09-14 12:15 47,360 ----a-w C:\Documents and Settings\Käyttäjä.BBF9AF74D06E419\Application Data\pcouffin.sys 2006-09-18 18:08 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2004-10-01 12:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2006-11-07 19:03 33,792 ----a-w C:\Program Files\mozilla firefox\plugins\custsat.dll 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll 2006-11-15 08:39 96,256 ----a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll 2004-09-15 12:00 221,184 ----a-w C:\Program Files\mozilla firefox\plugins\wmpns.dll 2006-11-15 08:40 198,144 ----a-w C:\Program Files\mozilla firefox\plugins\wmpnssci.dll . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-10-17 13:53 57384 --a------ C:\Program Files\Windows Live\Perheturva\fssbho.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-05-29 13:08 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 13:48 157592] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-23 00:31 25388584] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872] "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 10:42 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 17:45 385024] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 19:07 843776] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 20:38 35328] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-02 20:19 185896] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 13:48 157592] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "FmctrlTray"="Fmctrl.EXE" [2001-11-16 17:10 270336 C:\WINDOWS\system32\fmctrl.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-08-16 02:12 24576] "V0230Mon.exe"="C:\WINDOWS\V0230Mon.exe" [2006-09-06 20:01 32768] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 10:09 200704] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Windows UDP Control"="winudspm.exe" [2008-05-27 18:49 56832 C:\WINDOWS\winudspm.exe] "Windows svchost"="service.exe" [] "fssui"="C:\Program Files\Windows Live\Perheturva\fssui.exe" [2007-10-17 13:53 243240] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] --a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] --a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-01-20 10:09 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\StreamerOne\\streamerone.exe"= "C:\\Program Files\\TVAnts\\Tvants.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "D:\\Pelit\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "C:\\Program Files\\PPStream\\PPStream.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"= "C:\\Program Files\\PPMate\\ppmate.exe"= "C:\\Program Files\\PPMate\\ppmnet.exe"= "C:\\Program Files\\oDC\\oDC.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "D:\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "D:\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"= "H:\\PELIT\\sega\\SEGA Rally.exe"= "D:\\Pelit\\Conflict Denied Ops\\ConflictDeniedOps.exe"= "C:\\Program Files\\SightSpeed\\SightSpeed.exe"= "D:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17481:TCP"= 17481:TCP:BitComet 17481 TCP "17481:UDP"= 17481:UDP:BitComet 17481 UDP R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20] R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 16:22] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-04-10 08:06] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16] R2 BBDemon;Backbone Service;"D:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service [] R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 20:00] R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-28 20:01] S2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53] S2 fsssvc;Windows Live OneCare – perheturva;"C:\Program Files\Windows Live\Perheturva\fsssvc.exe" [2007-10-17 13:53] S3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-11-02 11:49] S3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-12-26 10:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d5ed969-867a-11dc-b4f7-001731859885}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f2fa30c-71ce-11dc-b4ef-001731859885}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e1395c5-ab9a-11db-b49d-81a6a1a2fead}] \Shell\AutoRun\command - G:\USBNB.exe *Newly Created Service* - CATCHME *Newly Created Service* - USNJSVC *Newly Created Service* - WLSETUPSVC . 'Ajoitetut tehtävät'-kansion sisältö "2008-06-02 16:06:46 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 19:57:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-02 19:58:45 ComboFix-quarantined-files.txt 2008-06-02 16:58:06 Pre-Run: 4,351,840,256 tavua vapaana Post-Run: 6,554,996,736 tavua vapaana 248 --- E O F --- 2008-05-28 12:08:50
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:01:48, on 2.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\Fmctrl.EXE C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\V0230Mon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Windows Live\installer\WLSetupSvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Perheturva\fssbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKLM\..\Run: [Windows svchost] service.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Perheturva\fssui.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{56DCA603-3691-4C57-8EBE-D34EF56F8790}: NameServer = 193.167.100.37,193.167.100.40 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - D:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10762 bytes
****************************************** Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK *************************************************************************** En tunnistanut palomuuria koneeltasi. Asennukset on syytä tehdä Järjestelmänvalvojan tunnuksilla Asenna koneellesi YKSI palomuuriohjelma NYT: 1) ZoneAlarm 2) Agnitum 3) Sunbelt/Kerio 4) Comodo Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei estä koneelta ulosmeneviä yhteyksiä. Muista käyttää vain yhtä palomuuria kerrallaan. ----------------------------------------------------------------------------- Tämä eilähtenyt: Käynnistä kone vikasietotilaan => OHJE Laita piilotiedostot näkyviin =>vikasiedossa OHJE Poista tiedosto: C:\WINDOWS\winudspm.exe Käynnistä normaalitilaan. ***********************' Fixaa nämä HJT:llä pois: O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKLM\..\Run: [Windows svchost] service.exe -------------------------------------------------------------------- Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. * Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki. .