HJT-logi, virus koneel, millä ohjelmal lähtee?

LoBer · Nov 7, 2007

Jäi eilen virus koneelle, ku ajoin yhen ohjelman minkä otin netist, vaik muistin et oli ihan roska virus ohjelma... Tuli tuttu ikkuna

HJT-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:09, on 6.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe
C:\Program Files\HijackThis\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {4AA49418-D47E-47EB-AAD9-3FA5155F3025} - (no file)
O2 - BHO: (no name) - {644067D9-EF01-45BF-9928-1BF05754AED3} - C:\WINDOWS\system32\pmkhh.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BC0CEBB4-401B-44CF-B4D3-57008FD39B70} - C:\WINDOWS\system32\jkkljkl.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcex.dll,startup
O4 - HKLM\..\Run: [wvidmzgn] rundll32.exe "C:\Program Files\wvidmzgn\kpkjmhar.dll",Init
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: byxywwt - byxywwt.dll (file missing)
O20 - Winlogon Notify: jkkljkl - C:\WINDOWS\SYSTEM32\jkkljkl.dll
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech QuickCam Manager - Unknown owner - C:\WINDOWS\System32\dllcache\mlqm.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

--
End of file - 8303 bytes

Teenkö vaan AVG skannaus ?

EDIT: Kuva näkyy nyt!

LoBer · Nov 7, 2007

Lähtikö kokonaan ku Panda löys jotain?

Panda Antivirus + Firewall 2007 tapahtumaraportti

TAPAHTUMA PÄIVÄ Tulokset VAPAAEHTOINEN TIETO
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Tarkistus päättynyt 06/11/07 22:53:09 Tarkista: Koko tietokone
Virus havaittu: Trj/Downloader.QZH 06/11/07 22:37:25 Tiedotettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc140.rar[install.exe]
Mainos havaittu: Adware/WinAntiSpyware 06/11/07 22:37:25 Tiedotettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc140.rar[crack.exe]
Vakoiluohjelma havaittu: Spyware/Virtumonde 06/11/07 22:37:25 Tiedotettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc140.rar[keygen.exe]
Virus havaittu: Trj/Downloader.QZH 06/11/07 22:37:25 Tiedotettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc139.rar[install.exe]
Vakoiluohjelma havaittu: Spyware/Virtumonde 06/11/07 22:37:25 Tiedotettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc139.rar[keygen.exe]
Virus havaittu: Trj/Downloader.QZH 06/11/07 22:37:25 Puhdistettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc138.exe
Mainos havaittu: Adware/WinAntiSpyware 06/11/07 22:37:25 Eliminoitu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc136.exe
Virus havaittu: Trj/Downloader.QZH 06/11/07 22:37:25 Tiedotettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc134.exe[install.exe]
Virus havaittu: Trj/Inject.K 06/11/07 22:37:25 Tiedotettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc134.exe[crack.exe]
Mainos havaittu: Adware/WinAntiSpyware 06/11/07 22:37:25 Tiedotettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc139.rar[crack.exe]
Vakoiluohjelma havaittu: Spyware/Virtumonde 06/11/07 22:37:24 Tiedotettu Sijainti: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc134.exe[keygen.exe]
Epäilyttävä tiedosto 06/11/07 22:37:24 Nimetty uudelleen Tiedosto: C:\RECYCLER\S-1-5-21-2514184539-2036797540-4085420433-1007\Dc131.vir
Tarkistus aloitettu 06/11/07 22:11:17 Tarkista: Koko tietokone
Tarkistus päättynyt 31/10/07 22:51:47 Tarkista: Koko tietokone
Mainos havaittu: Adware/Startpage.CXE 31/10/07 22:50:20 Eliminoitu Sijainti: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q06YCROX\inf[1].exe
Epäilyttävä tiedosto 31/10/07 22:17:50 Nimetty uudelleen Tiedosto: C:\Documents and Settings\HP_Omistaja\Työpöytä\installer-36520-864-Messenger-Plus-Live.exe
Tarkistus aloitettu 31/10/07 22:12:59 Tarkista: Koko tietokone
Tarkistus päättynyt 30/09/07 22:55:50 Tarkista: Koko tietokone
Virus havaittu: W32/Sdbot.LET.worm 30/09/07 22:54:39 Puhdistettu Sijainti: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9ATH9AO3\f[1].exe
Tarkistus aloitettu 30/09/07 22:27:37 Tarkista: Koko tietokone
Tarkistus päättynyt 25/09/07 22:23:53 Tarkista: Koko tietokone
Vakoiluohjelma havaittu: Spyware/Virtumonde 25/09/07 22:22:09 Eliminoitu Sijainti: C:\WINDOWS\system32\ssqnllj.dll
Tracking -ohjelma poistettu: Application/KillApp.B 25/09/07 22:02:43 Eliminoitu Sijainti: C:\hp\bin\KillIt.exe
Virus havaittu: Trj/Downloader.OZB 25/09/07 22:01:32 Puhdistettu Sijainti: C:\Documents and Settings\Jusu\Local Settings\Temporary Internet Files\Content.IE5\Q06YCROX\valera[1]
Tarkistus aloitettu 25/09/07 21:59:42 Tarkista: Koko tietokone

Ja sit HJT-logi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:14, on 7.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {4AA49418-D47E-47EB-AAD9-3FA5155F3025} - (no file)
O2 - BHO: (no name) - {644067D9-EF01-45BF-9928-1BF05754AED3} - C:\WINDOWS\system32\pmkhh.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BC0CEBB4-401B-44CF-B4D3-57008FD39B70} - C:\WINDOWS\system32\jkkljkl.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcex.dll,startup
O4 - HKLM\..\Run: [wvidmzgn] rundll32.exe "C:\Program Files\wvidmzgn\kpkjmhar.dll",Init
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: byxywwt - byxywwt.dll (file missing)
O20 - Winlogon Notify: jkkljkl - C:\WINDOWS\SYSTEM32\jkkljkl.dll
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech QuickCam Manager - Unknown owner - C:\WINDOWS\System32\dllcache\mlqm.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

--
End of file - 8257 bytes

tomato71 · Nov 7, 2007

no ei

Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

O2 - BHO: (no name) - {4AA49418-D47E-47EB-AAD9-3FA5155F3025} - (no file)
O2 - BHO: (no name) - {644067D9-EF01-45BF-9928-1BF05754AED3} - C:\WINDOWS\system32\pmkhh.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BC0CEBB4-401B-44CF-B4D3-57008FD39B70} - C:\WINDOWS\system32\jkkljkl.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcex.dll,startup
O4 - HKLM\..\Run: [wvidmzgn] rundll32.exe "C:\Program Files\wvidmzgn\kpkjmhar.dll",Init
O20 - Winlogon Notify: byxywwt - byxywwt.dll (file missing)
O20 - Winlogon Notify: jkkljkl - C:\WINDOWS\SYSTEM32\jkkljkl.dll
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Lähetä C:\vundofix.txt + C:\ComboFix.txt + uusi hjt-loki

LoBer · Nov 12, 2007

Anteeksi, tuli vähän äkkilähtö tuonne, ja en oikein ole kerennyt noita laitella. Toivon vielä että katsoisit tämän;

VundoFix V6.5.0

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 22:27:28 20.9.2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.0

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 7:00:59 21.9.2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 21:43:10 7.11.2007

Listing files found while scanning....

C:\windows\system32\hhkmp.bak1
C:\windows\system32\hhkmp.bak2
C:\windows\system32\hhkmp.ini
C:\windows\system32\hhkmp.ini2
C:\windows\system32\pmkhh.dll

Beginning removal...

Attempting to delete C:\windows\system32\hhkmp.bak1
C:\windows\system32\hhkmp.bak1 Has been deleted!

Attempting to delete C:\windows\system32\hhkmp.bak2
C:\windows\system32\hhkmp.bak2 Has been deleted!

Attempting to delete C:\windows\system32\hhkmp.ini
C:\windows\system32\hhkmp.ini Has been deleted!

Attempting to delete C:\windows\system32\hhkmp.ini2
C:\windows\system32\hhkmp.ini2 Has been deleted!

Attempting to delete C:\windows\system32\pmkhh.dll
C:\windows\system32\pmkhh.dll Has been deleted!

Performing Repairs to the registry.
Done!

ComboFix:

ComboFix 07-11-07.3 - HP_Omistaja 2007-11-11 22:19:38.1 - NTFSx86
Running from: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\system32\pskill.exe
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-10-11 to 2007-11-11 )))))))))))))))))
.

2007-11-11 09:02 <KANSIO> d-------- C:\Program Files\Ultima Online Mondain's Legacy
2007-11-10 13:19 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-09 17:03 <KANSIO> d-------- C:\Program Files\Windows Live
2007-11-09 17:03 <KANSIO> d-------- C:\Program Files\Messenger Plus! Live
2007-11-07 21:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 21:43 <KANSIO> d-------- C:\VundoFix Backups
2007-11-07 17:34 <KANSIO> d-------- C:\Program Files\Infogrames
2007-11-05 18:22 <KANSIO> d-------- C:\Program Files\wvidmzgn
2007-11-05 18:22 35,328 --a------ C:\WINDOWS\system32\jkkljkl.dll
2007-11-05 18:21 104,960 --a------ C:\WINDOWS\system32\drvcex.dll
2007-11-05 18:21 20,480 --a------ C:\WINDOWS\system32\winwim32.dll
2007-11-05 18:13 2,193,536 --a------ C:\WINDOWS\system32\kernel1.exe
2007-11-05 18:10 <KANSIO> d-------- C:\Program Files\TGTSoft
2007-11-05 16:10 <KANSIO> d-------- C:\Program Files\Cheat Engine
2007-11-05 16:10 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-11-05 16:10 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-11-04 10:42 <KANSIO> d-------- C:\WINDOWS\system32\VIRepair
2007-11-04 10:18 <KANSIO> d-------- C:\WINDOWS\system32\VITrans
2007-11-04 10:17 <KANSIO> d-------- C:\VTPFiles
2007-11-04 10:17 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-11-04 10:17 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-11-04 10:17 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-10-24 20:42 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Nero
2007-10-24 20:38 <KANSIO> d-------- C:\Program Files\Nero
2007-10-24 20:38 <KANSIO> d-------- C:\Program Files\Common Files\Nero
2007-10-24 20:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-22 18:57 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-22 18:50 <KANSIO> d-------- C:\Program Files\LucasArts
2007-10-20 11:18 <KANSIO> d-------- C:\Program Files\Canon
2007-10-20 11:16 <KANSIO> d-------- C:\Program Files\DC++
2007-10-20 07:48 <KANSIO> d-------- C:\Program Files\Giant
2007-10-14 17:43 681 --a------ C:\WINDOWS\mozver.dat
2007-10-13 21:15 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\.onnet
2007-10-13 21:12 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 07:15 274,160 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2007-11-11 07:15 274,160 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-11-11 07:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 19:19 1,284 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2007-11-10 19:19 1,284 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-11-09 15:03 --------- d-----w C:\Program Files\MSN Messenger
2007-11-05 22:40 --------- d-----w C:\Program Files\BitComet
2007-10-18 10:06 --------- d-----w C:\Program Files\Counter-Strike 1.6
2007-10-13 19:08 --------- d-----w C:\Program Files\Java
2007-10-10 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-10 13:47 --------- d-----w C:\Program Files\EA GAMES
2007-10-10 13:24 --------- d-----w C:\Program Files\CannonCruise
2007-10-09 18:59 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-08 16:33 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\MSN6
2007-10-05 13:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-02 10:58 --------- d-----w C:\Program Files\7-Zip
2007-10-01 17:34 --------- d-----w C:\Program Files\Logitech
2007-10-01 17:34 --------- d-----w C:\Program Files\Common Files\FotoWire
2007-10-01 17:34 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\FotoWire
2007-09-29 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-09-28 04:48 --------- d-----w C:\Program Files\Google
2007-09-25 03:58 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\gtk-2.0
2007-09-24 18:51 --------- d-----w C:\Program Files\DAEMON Tools
2007-09-24 18:33 --------- d-----w C:\Program Files\CCleaner
2007-09-24 18:16 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-24 18:15 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-09-24 15:29 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\AdobeUM
2007-09-24 06:36 --------- d-----w C:\Program Files\GIMP-2.0
2007-09-24 06:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 06:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-24 05:28 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-09-22 08:47 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-21 18:56 --------- d-----w C:\Program Files\Guitar Pro 5
2007-09-21 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-20 06:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 06:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 06:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-18 14:07 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-17 20:57 --------- d-----w C:\Program Files\MSBuild
2007-09-17 20:53 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-17 19:34 --------- d-----w C:\Program Files\Common Files\Logitech
2007-09-17 07:48 --------- d-----w C:\Program Files\Panda Software
2007-09-17 07:22 --------- d-----w C:\Program Files\Common Files\Panda Software
2007-09-17 07:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-17 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-16 19:41 3,468 --sha-r C:\WINDOWS\system32\drivers\HP_PS125AA-ABX a730.fi_YC_Pavi_QCZB445_E44FIh1BLF1_4_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH1_L40B_M1024_J160_7AMD_8Sempron 3000+_92_111063044_N11063065_P_Z_K_A11063059_U11063038_G10DE0326.MRK
2007-09-16 19:37 --------- d-----w C:\Program Files\InterVideo
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B61513-7B6B-456D-92B6-5BA67761553C}]
C:\WINDOWS\system32\pmkhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC0CEBB4-401B-44CF-B4D3-57008FD39B70}]
2007-11-05 18:22 35328 --a------ C:\WINDOWS\system32\jkkljkl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2007-10-13 21:08]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-01 23:12]
"nwiz"="nwiz.exe" [2004-07-01 23:12 C:\WINDOWS\system32\nwiz.exe]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-20 09:47]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-17 23:31]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.exe" [2007-03-30 14:52]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 18:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BC0CEBB4-401B-44CF-B4D3-57008FD39B70}"= C:\WINDOWS\system32\jkkljkl.dll [2007-11-05 18:22 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkljkl]
jkkljkl.dll 2007-11-05 18:22 35328 C:\WINDOWS\system32\jkkljkl.dll

R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
R1 ShldDrv;Panda File Shield Driver;\??\C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys
R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys
S2 Logitech QuickCam Manager;Logitech QuickCam Manager;"C:\WINDOWS\System32\dllcache\mlqm.exe"

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 22:23:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 22:24:16
.
--- E O F ---

Ja HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:46, on 12.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\scanner.exe.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {95B61513-7B6B-456D-92B6-5BA67761553C} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BC0CEBB4-401B-44CF-B4D3-57008FD39B70} - C:\WINDOWS\system32\jkkljkl.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: jkkljkl - C:\WINDOWS\SYSTEM32\jkkljkl.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech QuickCam Manager - Unknown owner - C:\WINDOWS\System32\dllcache\mlqm.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

--
End of file - 7672 bytes

P.S: Ja mitähän tapahtui kun Panda huomasi käytön aikana, Vaarallinen tiedosto löydetty estetty. C:\Program Files\HiJackThis\Scanner.exe.exe

Ihmettelin noita kahta .exe filu juttuu...

tomato71 · Nov 12, 2007

jaahans....örkejä riittää

Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

O2 - BHO: (no name) - {95B61513-7B6B-456D-92B6-5BA67761553C} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: (no name) - {BC0CEBB4-401B-44CF-B4D3-57008FD39B70} - C:\WINDOWS\system32\jkkljkl.dll
O20 - Winlogon Notify: jkkljkl - C:\WINDOWS\SYSTEM32\jkkljkl.dll

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne(katkoviivojen välissä oleva):

File::
C:\WINDOWS\SYSTEM32\jkkljkl.dll
C:\WINDOWS\system32\drvcex.dll
C:\WINDOWS\system32\winwim32.dll

Folder::
C:\Program Files\wvidmzgn

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

ja nämä pitäis tarkistaa...

Varmistu ensin, että piilotiedostot on näkyvillä.

Piilotiedostot näkyviin

Mene --> tänne

Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.(Huom!!! Vain yksi tiedosto kerralla!!!!Huom

C:\WINDOWS\system32\kernel1.exe
C:\WINDOWS\system32\Uharc.exe
C:\WINDOWS\system32\reico.exe

Lähetä skannin tulokset seuraavassa viestissäsi.

Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html

Lähetä combofix.txt-tiedoston + uusi hjt-loki + Virustota/Jotti tulokset

LoBer · Nov 19, 2007

Moi!

Ku tuon CFScript tiedoston laittaa tuohon ComboFixiin, se käynnisty, ja tulee ilmotus, jossa lukee Päivämäärä 18.11.07 (eilen tuli tuo) ComboFix on vanhentunut, poista edellinen versio ennen uutta. Sitten se poistaa koko ComboFixin pois koneelt. Oon yrittäny monta kertaa tehä tuo tekstin uusiks ja tallentanu ihan tiedostona ja .txt tiedostona ja ComboFixinkin uusiks koneelle.

Virustotalis C:\WINDOWS\system32\Uharc.exe ei menny puhtain paperein läpi. Ainut oli eSafe joka epäili että voisi olla virus/troijalainen. Muut meniki ihan hyvin.

Sitten, nuo fixasin mitä sanoit, täs uus HjT-logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:53, on 19.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BC0CEBB4-401B-44CF-B4D3-57008FD39B70} - C:\WINDOWS\system32\jkkljkl.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: jkkljkl - C:\WINDOWS\SYSTEM32\jkkljkl.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech QuickCam Manager - Unknown owner - C:\WINDOWS\System32\dllcache\mlqm.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

--
End of file - 7451 bytes

tomato71 · Nov 20, 2007

moi
siinä on ilmeisesti ollut combofixis joku vika
poista koneelta kaikki combofixit ja lataa uusi
Kun olet saanut sen uuden koneelle niin skannaa ja lähetä loki
Sulle on tullu se vundo takas
Poista myös vundofixit koneelta

Log in or Sign up

HJT-logi, virus koneel, millä ohjelmal lähtee?

LoBer Regular member

LoBer Regular member

tomato71 Regular member

LoBer Regular member

tomato71 Regular member

LoBer Regular member

tomato71 Regular member

Share This Page

Log in or Sign up

HJT-logi, virus koneel, millä ohjelmal lähtee?

LoBer Regular member

LoBer Regular member

tomato71 Regular member

LoBer Regular member

tomato71 Regular member

LoBer Regular member

tomato71 Regular member

Share This Page

Useful Searches