HJT logi, täällä on joku...

eikö sinne tullut listaa mitään tähän tyyliin

A-Squared Generic.Trojan-Dropper.SEH!IK
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV Trojan.Downloader.Tibs.Gen-1
CPsecure Troj.Downloader.W32.Small.dam
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA X
Ikarus Generic.Trojan-Dropper.SEH
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Troj/FreeVid-A
VirusBuster X
VBA32 X

 

Ei tullu listaa. Lätkäisee samantien vaan ton tekstin ruutuun.

 

Jos laitan jonkun muun tiedoston siihen niin rupee lataamaan ja näyttää listan. Eli ei anna tarkistaa tota blade tiedostoa. En pystä avastillakaan sitä tiedostoa skannaamaan. Ilmottaa vaan erroria.

 

Klikkaa sitä hiiren oikeanpuoleisella napilla > ominaisuudet

kato mille se kuuluu firma mikä se oikeen on

 

http://img255.imageshack.us/my.php?image=bladbv6.png

Klikka tuosta.

 

Laita piilotiedostot pois näkyvistä.

scannaa hjt:llä merkkaa paina Fix checked

O20 - Winlogon Notify: 1_blade_1reg - C:\Documents and Settings\All Users\Tiedostot\Settings\1_blade_1.dll

===============

scannaa uusi combofix loki

 

ComboFix 08-12-09.02 - Juhani1 2008-12-10 14:35:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.56 [GMT 2:00]
Sijainti: c:\documents and settings\Juhani1\Työpöytä\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-10 to 2008-12-10 )))))))))))))))))
.

2008-12-09 18:32 . 2008-12-09 18:32 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-09 18:29 . 2008-12-09 18:30 <KANSIO> d-------- c:\windows\ERUNT
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\Juhani1\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 15:06 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-09 14:24 . 2008-12-09 14:24 <KANSIO> d-------- c:\program files\Trend Micro
2008-11-12 13:23 . 2008-11-12 13:23 <KANSIO> d-------- c:\program files\MSXML 4.0
2008-11-12 12:32 . 2008-09-04 19:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 12:32 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 12:43 24,473,632 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-09 23:20 290,192 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-09 22:44 1,848,320 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-08 17:21 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-08 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-11 15:26 --------- d-----w c:\documents and settings\Juhani1\Application Data\Image Zone Express
2008-11-11 15:10 --------- d-----w c:\documents and settings\Juhani1\Application Data\Printer Info Cache
2008-10-25 14:35 --------- d-----w c:\documents and settings\Juhani1\Application Data\Nokia
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 18:31 --------- d-----w c:\program files\Maxis
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2003-06-01 08:45 67,376 ----a-w c:\documents and settings\Juhani1\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-12-09_16.59.19,58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-12-09 16:30:15 7,348,224 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-12-09 16:30:15 28,672 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-12-09 16:30:05 7,348,224 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-12-09 16:30:05 28,672 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-12-10 09:42:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4f8.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 188416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"nwiz"="nwiz.exe" [2003-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1_blade_1reg]
2006-05-01 09:58 13624 c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.xvid"= xvid.dll
"aux1"= ctwdm32.dll
"aux2"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Juhani1^Käynnistä-valikko^Ohjelmat^Käynnistys^PowerReg Scheduler.exe]
path=c:\documents and settings\Juhani1\Käynnistä-valikko\Ohjelmat\Käynnistys\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-10 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-10 20560]
R3 FastNIC;SMC EZ Card 10/100 (SMC1244TX V2) Driver;c:\windows\system32\DRIVERS\FastNIC.sys [2003-07-09 35840]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Juhani1\Application Data\Mozilla\Firefox\Profiles\0znvna09.default\
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 14:42:01
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
.
Valmistumisajankohta: 2008-12-10 14:47:57
ComboFix-quarantined-files.txt 2008-12-10 12:47:48
ComboFix2.txt 2008-12-09 15:00:32

Ennen ajoa: 5 029 793 792 tavua vapaana
Ajon jälkeen: 5,018,189,824 tavua vapaana

146 --- E O F --- 2008-11-12 11:27:19
--------------------------------------------------------------------------------------

Ei se tainnu vieläkään lähteä iexplore pyörii edelleen taustalla.

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:26, on 10.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for ¸æ×: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1189089126887
O20 - Winlogon Notify: 1_blade_1reg - C:\Documents and Settings\All Users\Tiedostot\Settings\1_blade_1.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5397 bytes

 

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

sitten siintä ala luukusta virusloki

 

File C:\WINDOWS\w.hta infected by "Trojan-Downloader.HTML.Agent.ae" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\cmd.ftp infected by "Trojan-Downloader.BAT.Ftp.cq" Virus. Action Taken: File Deleted.

File C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004 infected by "Backdoor.Win32.SdBot.mb" Virus. Action Taken: File to be renamed on reboot.

File C:\System Volume Information\_restore{907664AF-AE3B-4B20-8494-9AECE3FB2138}\RP821\A0428603.hta infected by "Trojan-Downloader.HTML.Agent.ae" Virus. Action Taken: File Deleted.

 

Tarkista Kaspersky Online Skannerilla

1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
3. Kun lataus on valmis, klikkaa Settings.
4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
7. Näet listan saastuneista kohteista. Klikkaa Save Report As....
8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

 

Starting java applet has failed! Please go online to use this program.

Eli ei lähde ohjelma pyörimään. Mitäs nyt?

 

Lataa Lop S&D täältä

Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

 

Päivitin javan niin kaspersky rupesi toimimaan.

 

sitten pystyy noi molemmat ajaan

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:51, on 12.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Juhani1\Local Settings\temp\jkos-Juhani1\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for ¸æ×: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1189089126887
O20 - Winlogon Notify: 1_blade_1reg - C:\Documents and Settings\All Users\Tiedostot\Settings\1_blade_1.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6174 bytes
-------------------------------------------------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 12, 2008 09:01:27
Records in database: 1454144
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 62270
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:36:42


File name / Threat name / Threats count
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004 Infected: Backdoor.Win32.SdBot.mb 1

The selected area was scanned.

 

sitten tuo Lop S&D

 

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Duron(tm) Processor )
BIOS : Version 1.00
USER : Juhani1 ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081212-0] 4.8.1296 (Activated)
Firewall : ZoneAlarm Firewall 7.0.408.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:12 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:12 Go (Free:4 Go)
E:\ (Local Disk) - NTFS - Total:12 Go (Free:11 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( la 13.12.2008|11:39 )

--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1

[12.03.2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[27.10.2007|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[29.09.2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[08.10.2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14.12.2007|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[09.12.2008|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[02.12.2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15.06.2002|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[29.09.2008|13:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[29.09.2008|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[19.05.2003|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[05.02.2006|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[08.12.2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[15.06.2003|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06.09.2007|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[17|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana


[14.06.2002|08:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana

[17.03.2008|11:35] C:\DOCUME~1\Juhani1\APPLIC~1\Adobe
[05.08.2008|12:21] C:\DOCUME~1\Juhani1\APPLIC~1\gtk-2.0
[09.10.2007|17:49] C:\DOCUME~1\Juhani1\APPLIC~1\gtopala
[06.03.2003|11:01] C:\DOCUME~1\Juhani1\APPLIC~1\Help
[30.11.2007|16:11] C:\DOCUME~1\Juhani1\APPLIC~1\HP
[14.06.2002|08:42] C:\DOCUME~1\Juhani1\APPLIC~1\Identities
[11.11.2008|17:26] C:\DOCUME~1\Juhani1\APPLIC~1\Image Zone Express
[31.07.2002|17:27] C:\DOCUME~1\Juhani1\APPLIC~1\InterTrust
[10.02.2003|15:56] C:\DOCUME~1\Juhani1\APPLIC~1\Jasc
[13.03.2005|12:48] C:\DOCUME~1\Juhani1\APPLIC~1\Keyhole
[17.07.2008|17:05] C:\DOCUME~1\Juhani1\APPLIC~1\Looney Tunes
[03.01.2005|22:07] C:\DOCUME~1\Juhani1\APPLIC~1\Macromedia
[09.12.2008|15:06] C:\DOCUME~1\Juhani1\APPLIC~1\Malwarebytes
[30.01.2008|20:47] C:\DOCUME~1\Juhani1\APPLIC~1\Microsoft
[07.07.2003|18:09] C:\DOCUME~1\Juhani1\APPLIC~1\Microsoft Web Folders
[01.09.2008|11:18] C:\DOCUME~1\Juhani1\APPLIC~1\Mozilla
[15.06.2002|16:09] C:\DOCUME~1\Juhani1\APPLIC~1\MSN6
[25.10.2008|16:35] C:\DOCUME~1\Juhani1\APPLIC~1\Nokia
[08.10.2008|15:54] C:\DOCUME~1\Juhani1\APPLIC~1\PC Suite
[11.11.2008|17:10] C:\DOCUME~1\Juhani1\APPLIC~1\Printer Info Cache
[05.09.2007|15:29] C:\DOCUME~1\Juhani1\APPLIC~1\Skype
[08.04.2006|15:46] C:\DOCUME~1\Juhani1\APPLIC~1\Sun
[14.10.2002|02:15] C:\DOCUME~1\Juhani1\APPLIC~1\Symantec
[02.01.2003|17:14] C:\DOCUME~1\Juhani1\APPLIC~1\Syntrillium
[04.12.2007|21:17] C:\DOCUME~1\Juhani1\APPLIC~1\Thunderbird
[0|tiedosto(a)] C:\DOCUME~1\Juhani1\APPLIC~1\tavua
[27|kansio(ta)] C:\DOCUME~1\Juhani1\APPLIC~1\tavua vapaana

[10.02.2008|19:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana

[31.08.2008|22:39] C:\DOCUME~1\M&~1\APPLIC~1\Adobe
[07.08.2008|16:01] C:\DOCUME~1\M&~1\APPLIC~1\HP
[07.08.2008|10:23] C:\DOCUME~1\M&~1\APPLIC~1\Identities
[29.09.2008|16:04] C:\DOCUME~1\M&~1\APPLIC~1\Image Zone Express
[07.08.2008|10:30] C:\DOCUME~1\M&~1\APPLIC~1\Macromedia
[29.09.2008|14:20] C:\DOCUME~1\M&~1\APPLIC~1\Microsoft
[31.08.2008|16:44] C:\DOCUME~1\M&~1\APPLIC~1\Mozilla
[29.09.2008|12:34] C:\DOCUME~1\M&~1\APPLIC~1\Nokia
[29.09.2008|12:22] C:\DOCUME~1\M&~1\APPLIC~1\PC Suite
[07.08.2008|16:27] C:\DOCUME~1\M&~1\APPLIC~1\Printer Info Cache
[02.12.2008|23:33] C:\DOCUME~1\M&~1\APPLIC~1\Sun
[07.08.2008|16:31] C:\DOCUME~1\M&~1\APPLIC~1\Thunderbird
[0|tiedosto(a)] C:\DOCUME~1\M&~1\APPLIC~1\tavua
[14|kansio(ta)] C:\DOCUME~1\M&~1\APPLIC~1\tavua vapaana

[06.09.2007|16:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana

[15.06.2003|19:58] C:\DOCUME~1\VIERAS~1.JOH\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\VIERAS~1.JOH\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\VIERAS~1.JOH\APPLIC~1\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks

[13.12.2008 11:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09.10.2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files

[02.07.2008|14:23] C:\Program Files\Adobe
[12.05.2004|19:57] C:\Program Files\Alwil Software
[29.06.2003|21:47] C:\Program Files\AnalogX
[03.03.2008|19:29] C:\Program Files\Arkhimedes3
[08.10.2002|07:33] C:\Program Files\BSPlayer
[10.12.2008|14:39] C:\Program Files\Common Files
[14.06.2002|08:27] C:\Program Files\ComPlus Applications
[01.12.2002|17:57] C:\Program Files\Creative
[29.09.2008|11:45] C:\Program Files\DIFX
[03.09.2002|15:28] C:\Program Files\directx
[13.10.2002|08:12] C:\Program Files\DirectX9
[08.10.2002|07:25] C:\Program Files\DivX
[12.03.2008|18:58] C:\Program Files\GIMP-2.0
[12.12.2008|12:19] C:\Program Files\InstallShield Installation Information
[22.10.2008|21:02] C:\Program Files\Internet Explorer
[12.12.2008|12:38] C:\Program Files\Java
[04.12.2007|22:27] C:\Program Files\Lavasoft
[13.10.2002|08:12] C:\Program Files\license
[12.12.2008|12:19] C:\Program Files\Logitech
[09.12.2008|15:06] C:\Program Files\Malwarebytes' Anti-Malware
[23.10.2008|20:31] C:\Program Files\Maxis
[22.10.2008|19:06] C:\Program Files\Messenger
[16.12.2003|21:12] C:\Program Files\microsoft frontpage
[16.07.2002|13:32] C:\Program Files\Microsoft Hardware
[02.12.2008|12:44] C:\Program Files\Microsoft Office
[06.03.2003|11:05] C:\Program Files\Microsoft Visual Studio
[22.10.2008|18:43] C:\Program Files\Movie Maker
[13.12.2008|11:36] C:\Program Files\Mozilla Firefox
[08.12.2008|19:21] C:\Program Files\Mozilla Thunderbird
[14.06.2002|08:26] C:\Program Files\MSN
[14.06.2002|08:26] C:\Program Files\MSN Gaming Zone
[12.11.2008|13:23] C:\Program Files\MSXML 4.0
[29.09.2008|12:54] C:\Program Files\MSXML 6.0
[10.07.2002|19:18] C:\Program Files\MusicMatch
[22.10.2008|18:30] C:\Program Files\NetMeeting
[29.09.2008|12:55] C:\Program Files\Nokia
[03.03.2008|19:50] C:\Program Files\Note Shot Finance
[21.01.2005|08:24] C:\Program Files\OfficeUpdate11
[14.06.2002|08:29] C:\Program Files\Online Services
[29.06.2003|20:49] C:\Program Files\OpenOffice
[29.06.2003|20:55] C:\Program Files\OpenOffice.org1.0
[22.10.2008|18:30] C:\Program Files\Outlook Express
[29.09.2008|11:44] C:\Program Files\PC Connectivity Solution
[15.06.2003|19:58] C:\Program Files\QuickTime
[12.02.2004|22:24] C:\Program Files\ScreenMates
[14.06.2002|14:58] C:\Program Files\TEXTware
[06.09.2007|16:36] C:\Program Files\ToniArts
[09.12.2008|14:24] C:\Program Files\Trend Micro
[14.08.2003|20:55] C:\Program Files\Uninstall Information
[30.01.2008|20:58] C:\Program Files\Windows Media Connect 2
[22.10.2008|18:30] C:\Program Files\Windows Media Player
[22.10.2008|18:30] C:\Program Files\Windows NT
[06.09.2007|16:36] C:\Program Files\WindowsUpdate
[14.06.2002|08:31] C:\Program Files\xerox
[08.10.2002|07:26] C:\Program Files\XviD
[25.01.2006|17:13] C:\Program Files\Zone Labs
[0|tiedosto(a)] C:\Program Files\tavua
[58|kansio(ta)] C:\Program Files\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[12.03.2008|18:53] C:\Program Files\Common Files\Adobe
[03.03.2008|19:25] C:\Program Files\Common Files\Designer
[23.06.2002|12:03] C:\Program Files\Common Files\DirectX
[09.07.2003|14:37] C:\Program Files\Common Files\EPSON
[16.01.2005|18:18] C:\Program Files\Common Files\GST
[27.10.2007|15:15] C:\Program Files\Common Files\Hewlett-Packard
[06.09.2007|16:35] C:\Program Files\Common Files\InstallShield
[05.04.2006|19:57] C:\Program Files\Common Files\Java
[08.10.2002|09:07] C:\Program Files\Common Files\LHSPF
[10.07.2002|19:16] C:\Program Files\Common Files\Logitech
[29.09.2008|12:52] C:\Program Files\Common Files\Microsoft Shared
[14.06.2002|08:27] C:\Program Files\Common Files\MSSoap
[29.09.2008|12:52] C:\Program Files\Common Files\Nokia
[14.06.2002|09:09] C:\Program Files\Common Files\ODBC
[29.09.2008|11:46] C:\Program Files\Common Files\PCSuite
[01.09.2002|14:41] C:\Program Files\Common Files\Services
[14.06.2002|09:09] C:\Program Files\Common Files\SpeechEngines
[22.10.2008|18:30] C:\Program Files\Common Files\System
[08.10.2002|09:07] C:\Program Files\Common Files\WexTech Shared
[04.12.2007|22:26] C:\Program Files\Common Files\Wise Installation Wizard
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[22|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 35 Processes )

IEXPLORE.EXE ~ [PID:936]

--------------------\\ Etsii S_Lopilla

Lopin kansioita ei löytynyt !

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

..... OK !

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS


--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 11:52:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Tarkistaa muita infektioita


Muita infektiota ei löytynyt !

[F:934][D:15]-> C:\DOCUME~1\Juhani1\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\Juhani1\Cookies
[F:6][D:4]-> C:\DOCUME~1\Juhani1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - la 13.12.2008|11:54 - Option : [1]

--------------------\\ Tarkistus valmistui 11:54:39

 

Avaa Muistio ja kopioi/liitä lainauksen sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.