HJT-logi, pari virusta siinä.

qwerty_01 · Jun 15, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:27, on 15.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7BA04B27-9843-44F1-864D-B87607C277A6} - C:\WINDOWS\system32\mlJCUKca.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FAAF4503-E52D-4B3B-9B12-D408F13AD817} - C:\WINDOWS\system32\opnnnkHY.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BMe3c0c1e0] Rundll32.exe "C:\WINDOWS\system32\rnmwegbo.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: opnnnkHY - opnnnkHY.dll (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6147 bytes

yaht · Jun 15, 2008

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\system32\rnmwegbo.dll
C:\WINDOWS\system32\mlJCUKca.dll

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {7BA04B27-9843-44F1-864D-B87607C277A6} - C:\WINDOWS\system32\mlJCUKca.dll
O2 - BHO: (no name) - {FAAF4503-E52D-4B3B-9B12-D408F13AD817} - C:\WINDOWS\system32\opnnnkHY.dll (file missing)
O4 - HKLM\..\Run: [BMe3c0c1e0] Rundll32.exe "C:\WINDOWS\system32\rnmwegbo.dll",s
O20 - Winlogon Notify: opnnnkHY - opnnnkHY.dll (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

qwerty_01 · Jun 15, 2008

ComboFix 08-06-12.2 - ----- 2008-06-15 15:23:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1532 [GMT 3:00]
Running from: C:\Documents and Settings\-----\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\-----\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\mlJCUKca.dll
C:\WINDOWS\system32\rnmwegbo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe3c0c1e0.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acKUCJlm.ini
C:\WINDOWS\system32\acKUCJlm.ini2
C:\WINDOWS\system32\dhwbybef.ini
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\bcm43xx.cat
C:\WINDOWS\system32\driver\RNDISMP.sys
C:\WINDOWS\system32\driver\RNDISMPK.sys
C:\WINDOWS\system32\driver\usb8023.sys
C:\WINDOWS\system32\driver\usb8023k.sys
C:\WINDOWS\system32\lgqmiajj.dll
C:\WINDOWS\system32\mlJCUKca.dll
C:\WINDOWS\system32\mulboqqx.dll
C:\WINDOWS\system32\nwnfrbes.ini
C:\WINDOWS\system32\onhxosiv.dll
C:\WINDOWS\system32\rnmwegbo.dll
C:\WINDOWS\system32\rolidgoq.dll
C:\WINDOWS\system32\sebrfnwn.dll
C:\WINDOWS\system32\visoxhno.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-15 01:43 . 2008-06-15 01:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-14 19:29 . 2008-06-15 00:09 <DIR> d-------- C:\Documents and Settings\-----\Application Data\Publish Providers
2008-06-14 19:28 . 2008-06-14 19:28 <DIR> d-------- C:\Documents and Settings\-----\Application Data\Sony
2008-06-14 19:28 . 2008-06-15 01:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 19:24 . 2008-06-14 19:24 <DIR> d-------- C:\Program Files\Vstplugins
2008-06-14 19:24 . 2008-06-14 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-14 19:23 . 2008-06-14 19:23 <DIR> d-------- C:\Program Files\Sony
2008-06-14 19:22 . 2008-06-14 19:22 <DIR> d-------- C:\Program Files\Sony Setup
2008-06-13 01:32 . 2008-06-13 01:33 <DIR> d-------- C:\vcs5BGEffects
2008-06-13 01:31 . 2008-06-13 01:35 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-06-12 22:22 . 2008-06-12 22:22 <DIR> d-------- C:\Program Files\Google
2008-06-11 11:34 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 11:33 . 2008-04-14 15:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 03:25 . 2008-06-11 03:29 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2008-06-10 20:48 . 2008-06-10 20:48 <DIR> d-------- C:\Program Files\sXe Injected
2008-06-10 20:35 . 2008-06-10 20:48 <DIR> d-------- C:\Program Files\Counter-Strike 1.6 V31
2008-06-04 22:59 . 2008-06-08 01:56 66 --a------ C:\WINDOWS\videotoaudio.ini
2008-06-04 22:58 . 2008-06-04 23:01 <DIR> d-------- C:\My Music
2008-06-04 22:57 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-06-04 22:57 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-06-04 22:57 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-06-04 22:57 . 2008-06-08 01:56 5 --a------ C:\WINDOWS\system32\SySVid.dat
2008-06-04 22:56 . 2008-06-04 22:56 <DIR> d-------- C:\Program Files\AudioToolsFactory
2008-06-03 23:14 . 2008-06-03 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-06-03 23:13 . 2008-06-03 23:13 <DIR> d-------- C:\Program Files\Last.fm
2008-06-02 15:38 . 2008-06-02 15:38 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-06-01 12:01 . 2008-06-01 12:01 <DIR> d-------- C:\Documents and Settings\-----\Application Data\Nokia Multimedia Player
2008-05-31 11:52 . 2008-04-13 21:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-05-31 11:52 . 2008-04-13 21:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-31 11:52 . 2008-05-31 11:52 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-31 11:51 . 2008-05-31 11:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-31 11:51 . 2008-05-31 11:51 <DIR> d-------- C:\Program Files\DIFX
2008-05-31 11:51 . 2008-05-31 11:51 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-31 11:51 . 2008-05-31 11:51 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-31 11:51 . 2008-05-31 11:53 <DIR> d-------- C:\Documents and Settings\-----\Application Data\PC Suite
2008-05-31 11:51 . 2008-05-31 11:51 <DIR> d-------- C:\Documents and Settings\-----\Application Data\Nokia
2008-05-31 11:51 . 2008-05-31 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-31 11:51 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-31 11:51 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-05-31 11:51 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-05-31 11:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-05-31 11:50 . 2008-05-31 11:51 <DIR> d-------- C:\Program Files\Nokia
2008-05-31 11:50 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-31 11:49 . 2008-05-31 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-31 11:12 . 2008-05-31 11:12 <DIR> d-------- C:\Program Files\Red Kawa
2008-05-30 13:15 . 2008-05-30 13:15 <DIR> d-------- C:\Program Files\eRightSoft
2008-05-30 13:15 . 2008-05-30 13:15 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-05-26 21:47 . 2008-06-15 00:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-26 21:46 . 2008-05-26 21:46 <DIR> d-------- C:\Program Files\URUSoft
2008-05-25 11:46 . 2008-05-25 11:46 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-25 11:46 . 2008-05-25 11:46 <DIR> d-------- C:\Program Files\Ahead
2008-05-25 11:46 . 2004-07-26 16:16 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-05-25 11:46 . 2004-07-26 16:16 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-05-25 11:46 . 2004-07-26 16:16 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-05-25 11:46 . 2004-07-09 08:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-05-25 11:46 . 2004-07-26 16:16 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-05-25 11:46 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-25 11:46 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-25 11:44 . 2008-05-25 11:45 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2008-05-25 11:44 . 2008-05-25 11:44 <DIR> d-------- C:\Program Files\CyberLink
2008-05-25 11:44 . 2008-05-25 11:44 <DIR> d-------- C:\MyWorks
2008-05-25 11:44 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-05-25 03:05 . 2008-05-25 03:05 <DIR> d-------- C:\Program Files\IrfanView
2008-05-25 02:48 . 2008-06-08 22:46 <DIR> d-------- C:\Documents and Settings\-----\Application Data\ZoomBrowser EX
2008-05-25 02:47 . 2008-05-25 02:47 <DIR> d-------- C:\Documents and Settings\-----\Application Data\CANON INC
2008-05-25 02:47 . 2008-06-08 22:46 <DIR> d-------- C:\Documents and Settings\-----\Application Data\CameraWindowDC
2008-05-25 02:43 . 2008-05-25 02:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-23 17:04 . 2008-05-23 17:04 <DIR> d-------- C:\Program Files\Webteh
2008-05-19 15:19 . 2008-06-03 13:00 <DIR> d-------- C:\Program Files\Duke Nukem 3D
2008-05-18 17:30 . 2008-05-18 22:06 <DIR> d-------- C:\Program Files\Duke3D
2008-05-18 17:27 . 2008-05-20 18:21 <DIR> d-------- C:\Program Files\JFDuke3D
2008-05-18 15:55 . 2008-05-18 17:15 <DIR> d-------- C:\DUKE3D
2008-05-18 13:42 . 2008-05-18 13:42 <DIR> d-------- C:\Program Files\Drempels
2008-05-18 13:36 . 2008-05-18 13:41 <DIR> d-------- C:\Temp\MB
2008-05-18 13:36 . 2008-05-30 13:10 <DIR> d-------- C:\Temp
2008-05-18 13:33 . 2008-05-18 13:33 <DIR> d-------- C:\mbhh98
2008-05-18 13:25 . 2008-05-18 13:25 <DIR> d-------- C:\WINDOWS\HMCDB
2008-05-18 13:25 . 2008-05-18 13:25 <DIR> d-------- C:\MB98
2008-05-18 13:24 . 1997-02-24 17:04 766 --a------ C:\WINDOWS\MBICO98.ICO
2008-05-18 12:54 . 1998-07-30 12:51 305,152 --a------ C:\WINDOWS\IsUninst.exe
2008-05-18 12:52 . 2008-05-18 12:53 <DIR> d-------- C:\Program Files\EACOM
2008-05-18 12:48 . 2008-05-18 12:48 <DIR> d-------- C:\Program Files\EA SPORTS
2008-05-18 12:47 . 2008-05-18 12:47 <DIR> d-------- C:\Documents and Settings\-----\WINDOWS
2008-05-18 12:47 . 1997-05-29 16:25 312,832 --a------ C:\WINDOWS\IsUn040b.exe
2008-05-17 09:00 . 2008-05-25 02:44 <DIR> d-------- C:\Program Files\Canon
2008-05-15 14:37 . 2008-05-15 14:37 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-15 14:33 . 2008-05-15 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 12:20 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-15 12:12 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-06-15 12:12 --------- d-----w C:\Program Files\Steam
2008-06-14 22:24 --------- d-----w C:\Program Files\SpeedFan
2008-06-14 20:29 --------- d-----w C:\Program Files\Fraps
2008-06-14 17:18 --------- d-----w C:\Documents and Settings\-----\Application Data\uTorrent
2008-06-14 16:24 --------- d-----w C:\Program Files\Vstplugins
2008-06-12 22:56 --------- d-----w C:\Documents and Settings\-----\Application Data\OpenOffice.org2
2008-06-12 18:27 --------- d-----w C:\Program Files\Winamp
2008-06-01 13:42 --------- d-----w C:\Program Files\WS_FTP
2008-05-27 18:41 --------- d---a-w C:\Program Files\ElastoMania 1.2
2008-05-25 08:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 23:42 --------- d-----w C:\Program Files\Common Files\Canon
2008-05-23 11:18 --------- d-----w C:\Program Files\PowerStrip
2008-05-21 12:09 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 10:55 --------- d-----w C:\Documents and Settings\-----\Application Data\mIRC
2008-05-18 08:25 --------- d-----w C:\Program Files\mIRC
2008-05-14 05:10 --------- d-----w C:\Program Files\Power Tab Software
2008-05-11 15:50 --------- d-----w C:\Program Files\ArtMoney
2008-05-11 10:08 1,284,008 ----a-w C:\Program Files\WoW-2.3.0.7561-enGB-downloader.exe
2008-05-11 10:08 --------- d-----w C:\Program Files\WoW-2.3.0.7561-enGB
2008-05-11 10:08 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-11 09:50 --------- d-----w C:\Program Files\TVUPlayer
2008-05-11 09:50 --------- d-----w C:\Documents and Settings\-----\Application Data\TVU Networks
2008-05-11 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-05-11 08:33 --------- d-----w C:\Documents and Settings\-----\Application Data\LimeWire
2008-05-11 08:02 --------- d-----w C:\Program Files\LimeWire
2008-05-10 20:38 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-10 20:37 --------- d-----w C:\Program Files\NVIDIA nTune Performance Application
2008-05-10 20:15 --------- d-----w C:\Program Files\Lavalys
2008-05-10 11:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-10 11:26 --------- d-----w C:\Program Files\MTA San Andreas
2008-05-10 11:22 --------- d-----w C:\Program Files\PowerISO
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 19:48 --------- d-----w C:\Program Files\Common Files\IviSDK
2008-05-06 19:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-06 19:48 --------- d-----w C:\Program Files\anysee
2008-05-06 15:17 --------- d-----w C:\Program Files\San Andreas Mod Installer
2008-05-05 18:11 --------- d-----w C:\Documents and Settings\Guest\Application Data\Logitech
2008-05-05 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2008-05-05 12:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-05 12:09 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-05-05 12:09 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-05 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-05 12:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-05 12:07 --------- d-----w C:\Program Files\Microsoft SDKs
2008-05-05 12:06 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-05 12:06 --------- d-----w C:\Program Files\MSBuild
2008-05-05 12:03 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-05 10:18 --------- d-----w C:\Program Files\-------- Programs
2008-05-03 11:47 --------- d-----w C:\Program Files\Rockstar Games
2008-05-03 11:22 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-03 11:22 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-05-03 11:22 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-03 03:24 --------- d-----w C:\Program Files\Audacity
2008-05-02 21:48 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-05-02 21:46 --------- d-----w C:\Program Files\Java
2008-05-02 21:45 --------- d-----w C:\Program Files\Common Files\Java
2008-05-02 21:22 --------- d-----w C:\Program Files\Futuremark
2008-04-29 19:18 --------- d-----w C:\Documents and Settings\-----\Application Data\FileZilla
2008-04-27 12:20 --------- d-----w C:\Program Files\OtsTurntables
2008-04-23 12:18 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-21 12:17 --------- d-----w C:\Program Files\TGTSoft
2008-04-21 12:00 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-21 09:14 --------- d-----w C:\Program Files\GoldWave
2008-04-21 08:08 --------- d-----w C:\Program Files\Guitar Pro 5
2008-04-20 22:57 --------- d-----w C:\Documents and Settings\-----\Application Data\Logitech
2008-04-20 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-20 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-20 22:47 --------- d-----w C:\Program Files\Logitech
2008-04-20 22:47 --------- d-----w C:\Documents and Settings\-----\Application Data\InstallShield
2008-04-20 16:26 --------- d-----w C:\Program Files\Illustrate
2008-04-20 16:05 --------- d-----w C:\Program Files\uTorrent
2008-04-19 13:54 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-19 12:19 --------- d-----w C:\Documents and Settings\-----\Application Data\fretsonfire
2008-04-19 12:18 --------- d-----w C:\Documents and Settings\-----\Application Data\Winamp
2008-04-19 12:11 --------- d-----w C:\Program Files\Emulaattorit
2008-04-19 12:01 --------- d-----w C:\Program Files\Frets On Fire
2008-04-19 11:57 --------- d-----w C:\Program Files\HyCam2
2008-04-18 20:22 --------- d-----w C:\Program Files\SecondLife
2008-04-18 20:20 --------- d-----w C:\Documents and Settings\-----\Application Data\SecondLife
2008-04-18 19:20 --------- d-----w C:\Program Files\Windows Live
2008-04-18 19:07 --------- d-----w C:\Program Files\BUFFALO
2008-04-18 18:03 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-18 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-18 17:16 --------- d-----w C:\Program Files\Sygate
2008-04-18 17:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 17:16 --------- d-----w C:\Program Files\Avira
2008-04-18 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-04-18 17:14 --------- d-----w C:\Program Files\CCleaner
2008-04-18 17:00 --------- d-----w C:\Program Files\My Company Name
2008-04-18 16:59 --------- d-----w C:\Program Files\ASUS
2008-04-18 16:53 --------- d-----w C:\Program Files\Marvell
2008-04-18 16:52 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-18 16:52 --------- d-----w C:\Program Files\Realtek
2008-04-18 16:51 --------- d-----w C:\Program Files\Intel
2008-04-18 16:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-04-18 20:11 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-20 02:02 262401]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/21/2008 1:48:14 AM 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Steam\\steamapps\\-------\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BUFFALO\\Client Manager3\\cm3_tray.exe"=
"C:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"=
"C:\\Program Files\\mIRC\\mIRC - English.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Steam\\steamapps\\--------\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\--------\\condition zero\\hl.exe"=
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"C:\\Documents and Settings\\-----\\My Documents\\Debbo_v3.5\\Debbo v3.5\\Debbo V3.5.exe"=
"C:\\Program Files\\MTA San Andreas\\Server2\\MTA Server.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Duke3D\\duke3d_w32.exe"=
"C:\\Program Files\\JFDuke3D\\duke3d.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\ElastoMania 1.2\\belma.exe"=
"C:\\Program Files\\Duke Nukem 3D\\MasterServer\\masterserver.exe"=
"C:\\Documents and Settings\\-----\\Desktop\\ElastoMania\\belma.exe"=
"C:\\Program Files\\Counter-Strike 1.6 V31\\hl.exe"=
"C:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"C:\\Program Files\\Steam\\steamapps\\--------\\day of defeat\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2007-01-11 10:19]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\PStrip.sys [2001-07-24 03:31]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10:03]
S1 AMTBDA_P861F;anysee Capture Service;C:\WINDOWS\system32\DRIVERS\anyseeTU.SYS [2007-07-24 11:51]
S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
S3 u2kg54l;BUFFALO WLI-U2-KG54L Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\u2kg54l.sys [2006-08-24 07:44]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 15:33:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-15 15:46:47 - machine was rebooted [-----]
ComboFix-quarantined-files.txt 2008-06-15 12:46:10

Pre-Run: 66,233,143,296 bytes free
Post-Run: 66,142,830,592 bytes free

330 --- E O F --- 2008-06-11 09:02:06

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:17, on 15.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5776 bytes

yaht · Jun 15, 2008

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

qwerty_01 · Jun 15, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:53:44, on 16.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5786 bytes

Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 857

18:19:37 15.6.2008
mbam-log-6-15-2008 (18-19-37).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 205423
Kulunut aika: 1 hour(s), 6 minute(s), 50 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 20

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-014522-429.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-015846-163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-020313-614.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-020325-845.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-020420-415.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-020934-137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-021447-363.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-021505-359.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-021521-820.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-021540-260.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-021554-789.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-021610-525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-150132-738.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080615-150228-920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJCUKca.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\onhxosiv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68BF6448-C17F-4FD4-A164-02867070D04F}\RP73\A0030321.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68BF6448-C17F-4FD4-A164-02867070D04F}\RP76\A0030596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68BF6448-C17F-4FD4-A164-02867070D04F}\RP76\A0030601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

yaht · Jun 15, 2008

Poista alla oleva kansio.

C:\Program Files\Trend Micro\HijackThis\backups\

Uudelleen nimeä hijackthis.exe --> skonneri.exe :si

Järjestelmän palauttamisen poistaminen käytöstä
Voit poistaa järjestelmän palauttamisen käytöstä seuraavasti:

1.Napsauta Käynnistä-painiketta, napsauta Oma tietokone -kuvaketta hiiren kakkospainikkeella ja valitse sitten Ominaisuudet.

2.Valitse Järjestelmän palauttaminen -välilehti.

3.Valitse Poista järjestelmän palauttaminen käytöstä -valintaruutu (tai Poista järjestelmän palauttaminen käytöstä kaikissa asemissa -valintaruutu) ja valitse sitten OK.

4.Valitse Kyllä, kun näyttöön tulee kehote järjestelmän palauttamisen poistamisesta käytöstä.

Lähetä uusi hijackthis logi ja skannaa kertaallee malwarebytesillä.

Log in or Sign up

HJT-logi, pari virusta siinä.

qwerty_01 Member

yaht Regular member

qwerty_01 Member

yaht Regular member

qwerty_01 Member

yaht Regular member

Share This Page

Log in or Sign up

HJT-logi, pari virusta siinä.

qwerty_01 Member

yaht Regular member

qwerty_01 Member

yaht Regular member

qwerty_01 Member

yaht Regular member

Share This Page

Useful Searches