Jos joku viitseliäs jaksaisi tämän katsoa, niin olisin kiitollinen! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:21: VIRUS ALERT!, on 2.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\AVG8\avgwdsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MagicTune Premium\MagicTuneEngine.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Trojan Remover\Trjscan.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\MagicTune Premium\MagicTune.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CAB70FA-952A-46BA-838B-25314C2250DA} - (no file) O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: winhost_app.winhost_appdll - {5E06398E-3017-467B-A399-18425A20F655} - C:\WINDOWS\winhost_app.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - (no file) O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll O2 - BHO: (no name) - {DF986C2C-446C-49B7-913D-DBB1BAE4DC17} - (no file) O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5312/mcfscan.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\AVG8\avgwdsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9301 bytes
Asenna AVG8 uudelleen ei ole actiivinen. ------------------------------------------- Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. * Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki. ------------------------------------------------------------------ 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix.exe combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Folder:: ----------------------------------------------------------------- Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O2 - BHO: (no name) - {1CAB70FA-952A-46BA-838B-25314C2250DA} - (no file) O2 - BHO: winhost_app.winhost_appdll - {5E06398E-3017-467B-A399-18425A20F655} - C:\WINDOWS\winhost_app.dll O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - (no file) O2 - BHO: (no name) - {DF986C2C-446C-49B7-913D-DBB1BAE4DC17} - (no file) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti * Malwarebytes' Anti-Malware\Logs\log-päiväys.txt *
Noin, HJT-loki on tässäse ei muuten löytänyt mitään noita mainitsemiasi punaisia tideostoja.) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:20, on 3.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MagicTune Premium\MagicTuneEngine.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Spamihilator\spamihilator.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MagicTune Premium\MagicTune.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.elisa.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Installer) - http://t1.battlefield-heroes.com/patcher/westpatcher.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5312/mcfscan.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9222 bytes ------------------------------ ComboFix.txt raportti: ComboFix 08-08-01.05 - Lasse 2008-08-03 10:52:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1503 [GMT 3:00] Running from: C:\Documents and Settings\Lasse\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Lasse\Työpöytä\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\winhost_app.dll . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Lasse\Application Data\macromedia\Flash Player\#SharedObjects\MKYPZWCM\interclick.com C:\Documents and Settings\Lasse\Application Data\macromedia\Flash Player\#SharedObjects\MKYPZWCM\interclick.com\ud.sol C:\Documents and Settings\Lasse\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Lasse\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\system32\cdbbddcfd_z.dll C:\WINDOWS\system32\phkqchno.ini C:\WINDOWS\system32\tbjktvsj.ini C:\WINDOWS\system32\TDdfOqru.ini C:\WINDOWS\system32\TDdfOqru.ini2 C:\WINDOWS\winhost_app.dll . ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-03 to 2008-08-03 ))))))))))))))))) . 2008-08-02 17:03 . 2008-08-02 17:03 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-02 17:03 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-02 17:03 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-02 15:55 . 2008-08-02 23:48 <KANSIO> d--h----- C:\$AVG8.VAULT$ 2008-08-02 13:20 . 2008-08-03 10:40 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-02 13:20 . 2008-08-02 13:20 <KANSIO> d-------- C:\Program Files\AVG 2008-08-02 13:20 . 2008-08-02 13:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-02 13:20 . 2008-08-02 13:20 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-02 13:20 . 2008-08-02 13:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-02 13:14 . 2008-08-02 13:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-02 10:37 . 2008-08-02 10:37 <KANSIO> d-------- C:\Documents and Settings\Lasse\Application Data\Simply Super Software 2008-08-02 00:02 . 2008-08-03 11:02 1,849,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-02 00:02 . 2008-08-03 11:02 14,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-01 23:55 . 2008-08-01 23:55 <KANSIO> d-------- C:\Program Files\Trojan Remover 2008-08-01 23:55 . 2008-08-01 23:58 <KANSIO> d-------- C:\Program Files\Spyware Terminator 2008-08-01 23:55 . 2008-08-01 23:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-08-01 23:55 . 2008-08-01 23:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-08-01 23:55 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-08-01 23:55 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-08-01 23:55 . 2008-08-01 23:55 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-08-01 23:55 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-08-01 23:55 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-08-01 23:55 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-08-01 23:48 . 2008-08-01 23:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-08-01 23:48 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-08-01 23:48 . 2008-08-01 23:51 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-08-01 23:47 . 2008-08-01 23:47 <KANSIO> d-------- C:\Program Files\Zone Labs 2008-08-01 23:45 . 2008-08-03 11:04 <KANSIO> d-------- C:\WINDOWS\Internet Logs 2008-08-01 23:42 . 2008-08-01 23:42 <KANSIO> d-------- C:\Program Files\Windows Defender 2008-08-01 11:30 . 2008-08-01 11:30 110 --a------ C:\WINDOWS\AISmooth11.INI 2008-07-31 13:33 . 2008-07-31 13:33 <KANSIO> d-------- C:\Program Files\VideoLAN 2008-07-30 17:48 . 2008-07-30 17:48 <KANSIO> d-------- C:\Program Files\NaturalWorld 2008-07-30 15:47 . 2008-07-30 15:47 <KANSIO> d-------- C:\CalibreSoftware 2008-07-28 19:33 . 2008-08-01 23:06 <KANSIO> d-------- C:\Starcraft 2008-07-28 16:31 . 2008-08-02 13:52 <KANSIO> d-------- C:\Program Files\EA GAMES 2008-07-28 14:27 . 2008-07-28 14:27 <KANSIO> d-------- C:\WINDOWS\nview 2008-07-28 14:27 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-07-28 14:27 . 2008-07-28 14:27 163,353 --a------ C:\WINDOWS\system32\nvapps.xml 2008-07-28 14:27 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-07-28 14:22 . 2008-07-28 14:22 <KANSIO> d-------- C:\NVIDIA 2008-07-28 14:05 . 2008-07-28 14:09 <KANSIO> d-------- C:\Program Files\Driver Cleaner Pro 2008-07-26 16:53 . 2008-07-26 16:55 <KANSIO> d-------- C:\Flight one Software 2008-07-24 16:40 . 2008-07-24 16:40 <KANSIO> d-------- C:\Program Files\Cielosim 2008-07-22 15:04 . 2006-03-02 15:00 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2008-07-22 15:04 . 2006-03-02 15:00 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys 2008-07-22 12:26 . 2008-07-22 12:26 <KANSIO> d-------- C:\Logs 2008-07-19 19:13 . 2008-07-19 19:13 <KANSIO> d-------- C:\Program Files\Virtual Earth 3D 2008-07-18 21:38 . 2008-07-18 21:40 <KANSIO> d-------- C:\Program Files\BRL-CAD 2008-07-18 16:46 . 2008-07-19 11:03 <KANSIO> d-------- C:\Program Files\wings3d_0.99.02 2008-07-18 16:23 . 2008-07-18 16:23 <KANSIO> d-------- C:\Program Files\Microsoft WSE 2008-07-18 16:19 . 2008-07-22 22:16 <KANSIO> d-------- C:\Program Files\Autodesk 2008-07-18 16:19 . 2008-07-22 22:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk 2008-07-17 16:20 . 2008-07-17 16:20 <KANSIO> d-------- C:\Program Files\TeamViewer3 2008-07-16 22:31 . 2008-07-16 22:31 268 --ah----- C:\sqmdata08.sqm 2008-07-16 22:31 . 2008-07-16 22:31 244 --ah----- C:\sqmnoopt08.sqm 2008-07-15 15:07 . 2008-07-15 15:07 <KANSIO> d-------- C:\Program Files\Aerosoft 2008-07-15 15:07 . 1999-12-10 14:00 11,536 --a------ C:\WINDOWS\system32\INDICDLL.dll 2008-07-15 14:31 . 2008-07-15 14:31 42 --a------ C:\WINDOWS\WeatherSet.ini 2008-07-14 22:03 . 2008-07-14 22:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe 2008-07-11 18:09 . 2008-07-11 18:09 <KANSIO> d-------- C:\Program Files\Virgin Interactive 2008-07-10 19:04 . 2008-07-10 19:04 <KANSIO> d-------- C:\Program Files\SEGA 2008-07-09 11:19 . 2008-07-09 11:19 23 --a------ C:\WINDOWS\system32\faebbde_z.ocx 2008-07-07 16:59 . 2008-07-07 16:59 <KANSIO> d-------- C:\Program Files\EA SPORTS 2008-07-07 16:59 . 2008-07-28 16:43 655 --a------ C:\WINDOWS\eReg.dat 2008-07-06 14:18 . 2008-07-06 14:18 <KANSIO> d-------- C:\Program Files\NovaLogic 2008-07-05 21:37 . 2008-07-15 12:40 <KANSIO> d-------- C:\WINDOWS\Boeing 757 Professional 2006 2008-07-05 21:29 . 2008-07-26 16:55 2,048 --a------ C:\WINDOWS\lvld67.lic 2008-07-04 13:22 . 2008-07-04 13:22 34 --a------ C:\loc.CFG 2008-07-04 13:22 . 2008-07-04 13:22 7 --a------ C:\user.CFG 2008-07-04 13:21 . 2008-07-07 11:26 <KANSIO> d-------- C:\Program Files\Fuel Calc 2008-07-03 11:46 . 2008-07-03 11:46 <KANSIO> d-------- C:\Program Files\Shockwave 3D Lights Redux . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-03 07:39 --------- d-----w C:\Documents and Settings\Lasse\Application Data\Spamihilator 2008-08-02 17:26 176,640 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-08-02 17:26 1,391,104 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-08-02 10:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-02 08:20 --------- d-----w C:\Program Files\7-Zip 2008-08-01 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-01 20:12 --------- d-----w C:\Program Files\FS2004 2008-08-01 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-01 11:28 --------- d-----w C:\Program Files\Steam 2008-07-31 08:28 --------- d-----w C:\Program Files\FSBuild 2008-07-30 14:37 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-07-29 10:14 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-07-27 17:29 --------- d-----w C:\Program Files\Garena 2008-07-23 11:14 --------- d-----w C:\Documents and Settings\Lasse\Application Data\OpenOffice.org2 2008-07-22 09:32 --------- d-----w C:\Program Files\World of Warcraft 2008-07-19 16:12 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-07-19 16:12 --------- d-----w C:\Program Files\OpenAL 2008-07-12 11:35 4,599,867,262 ----a-w C:\Program Files\rFactor.rar 2008-07-12 08:44 --------- d-----w C:\Program Files\rFactor 2008-07-09 06:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-03 12:18 1,328 ----a-w C:\FSUIPC_reg.bin 2008-07-02 19:32 --------- d-----w C:\Program Files\Nostalgia 2008-07-02 16:45 --------- d-----w C:\Program Files\Razer 2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-15 16:52 --------- d-----w C:\Program Files\GetRight 2008-06-15 14:55 --------- d-----w C:\Program Files\TGPS 2008-06-15 12:05 --------- d-----w C:\Program Files\Teamspeak2_RC2server 2008-06-15 09:11 --------- d-----w C:\Program Files\RegCleaner 2008-06-14 17:59 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-13 17:26 --------- d-----w C:\Program Files\Java 2008-06-13 17:26 --------- d-----w C:\Program Files\Common Files\Java 2008-06-12 10:56 --------- d-----w C:\Program Files\HiFi 2008-06-11 14:33 --------- d-----w C:\Program Files\HiFiUninstaller 2008-06-10 14:57 --------- d-----w C:\Program Files\Ubisoft 2008-06-10 10:35 --------- d-----w C:\Program Files\Ken Salter 2008-06-10 10:20 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-06-10 10:20 --------- d-----w C:\Documents and Settings\Lasse\Application Data\SUPERAntiSpyware.com 2008-06-10 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-10 10:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-10 07:34 --------- d-----w C:\Program Files\Uniblue 2008-06-10 07:34 --------- d-----w C:\Documents and Settings\Lasse\Application Data\Uniblue 2008-06-10 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue 2008-06-09 15:02 --------- d-----w C:\Program Files\SuperAdBlocker.com 2008-06-09 15:02 --------- d-----w C:\Documents and Settings\Lasse\Application Data\SuperAdBlocker.com 2008-06-09 10:04 --------- d-----w C:\Program Files\LimeWire 2008-06-08 16:13 --------- d-----w C:\Program Files\Trend Micro 2008-06-08 16:07 --------- d-----w C:\Program Files\Google 2008-06-08 09:02 --------- d-----w C:\Program Files\Lavasoft 2008-06-08 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-08 08:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-08 08:00 --------- d-----w C:\Documents and Settings\Lasse\Application Data\Malwarebytes 2008-06-07 18:09 --------- d-----w C:\Program Files\uTorrent 2008-06-06 16:36 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-06-06 16:33 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-05 14:01 --------- d-----w C:\Program Files\Futuremark 2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-16 08:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-05-14 18:36 640,957 --sh--r C:\WINDOWS\system32\sysfhr.sys 2008-05-10 08:04 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-05-10 08:04 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-13 16:12 71,275,856 ----a-w C:\Program Files\sapi.exe 2008-03-08 12:18 61 -csh--w C:\WINDOWS\cnerolf.dat . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-02 13:20 1232152] "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2008-04-21 21:00 1081856] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxf07.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma.lnk] path=C:\Documents and Settings\Käyttäjä\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2006-03-02 15:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpt] --a------ 2008-07-14 22:03 58594 c:\WINDOWS\system32\mpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spamihilator] --a------ 2008-04-21 21:00 1081856 C:\Program Files\Spamihilator\spamihilator.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tarantula] --a------ 2006-09-30 16:48 176128 C:\Program Files\Razer\Tarantula\razerhid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2006-03-02 15:00 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Steam\\steamapps\\pulukkiset\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Steam\\steam.exe"= "C:\\winsampo\\SAMLINK.EXE"= "C:\\winsampo\\Trf_W32.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"= "C:\\Program Files\\Outlook Express\\msimn.exe"= "C:\\Program Files\\Steam\\steamapps\\pulukkiset\\source sdk base\\hl2.exe"= "C:\\Program Files\\Teamspeak2_RC2server\\server_windows.exe"= "C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\rFactor\\rFactor.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\rFactor\\rFactor Dedicated.exe"= "C:\\Program Files\\Steam\\steamapps\\pulukkiset\\counter-strike\\hl.exe"= "C:\\Program Files\\rFactor\\Support\\HostingTest.exe"= "C:\\Program Files\\Steam\\steamapps\\pulukkiset\\team fortress 2\\hl2.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Octoshape Streaming Services\\Lasse\\OctoshapeClient.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Warcraft III\\Warcraft III.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\FS2004\\fs9.exe"= "C:\\Program Files\\GetRight\\getright.exe"= "C:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"= "C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"= "C:\\Program Files\\Spamihilator\\dccproc.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Garena\\Garena.exe"= "C:\\Program Files\\Windows Defender\\MSASCui.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\TeamViewer3\\TeamViewer.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21:UDP"= 21:UDPortti2 "6112:TCP"= 6112:TCP:6112 "6112:UDP"= 6112:UDP:6112 "24157:TCP"= 24157:TCP:BitComet 24157 TCP "24157:UDP"= 24157:UDP:BitComet 24157 UDP "8671:TCP"= 8671:TCP:BitComet 8671 TCP "8671:UDP"= 8671:UDP:BitComet 8671 UDP "17096:TCP"= 17096:TCP:BitComet 17096 TCP "17096:UDP"= 17096:UDP:BitComet 17096 UDP "23380:TCP"= 23380:TCP:BitComet 23380 TCP "23380:UDP"= 23380:UDP:BitComet 23380 UDP "26280:TCP"= 26280:TCP:BitComet 26280 TCP "26280:UDP"= 26280:UDP:BitComet 26280 UDP "21887:TCP"= 21887:TCP:BitComet 21887 TCP "21887:UDP"= 21887:UDP:BitComet 21887 UDP "21738:TCP"= 21738:TCP:BitComet 21738 TCP "21738:UDP"= 21738:UDP:BitComet 21738 UDP "19655:TCP"= 19655:TCP:BitComet 19655 TCP "19655:UDP"= 19655:UDP:BitComet 19655 UDP "10475:TCP"= 10475:TCP:BitComet 10475 TCP "10475:UDP"= 10475:UDP:BitComet 10475 UDP "3102:TCP"= 3102:TCP:Limewire "3102:UDP"= 3102:UDP:UDP R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-02 13:20] R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;C:\Program Files\ASTRA32\ASTRA32.sys [2007-02-22 11:28] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-02 13:20] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-02 13:20] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-02 13:20] R2 sysdrv;sysdrv;C:\WINDOWS\system32\drivers\sysdrv.sys [2004-02-05 12:26] S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [] S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys [] S3 TarFltr;Razer Tarantula USB Keyboard;C:\WINDOWS\system32\Drivers\UsbFltr.sys [2006-09-27 15:48] S3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 10:54] . 'Ajoitetut teht„v„t'-kansion sis„lt” 2008-08-03 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - BHO-{1CAB70FA-952A-46BA-838B-25314C2250DA} - (no file) BHO-{5E06398E-3017-467B-A399-18425A20F655} - (no file) ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file) MSConfigStartUp-AVG8_TRAY - C:\AVG8\avgtray.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-03 11:03:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MagicTune Premium\MagicTuneEngine.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MagicTune Premium\MagicTune.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-08-03 11:12:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-03 08:12:24 Pre-Run: 73,615,704,064 tavua vapaana Post-Run: 74,199,961,600 tavua vapaana 344 --- E O F --- 2008-07-08 09:15:20 ------------------------------------ Malwarebytes' Anti-Malware-loki: Malwarebytes' Anti-Malware 1.24 Database version: 1015 Windows 5.1.2600 Service Pack 2 23:48:39 2.8.2008 mbam-log-8-2-2008 (23-48-39).txt Scan type: Full Scan (C:\|) Objects scanned: 380897 Time elapsed: 2 hour(s), 34 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 2 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6258ca6-2028-4cdd-b496-cacc18721a60} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df986c2c-446c-49b7-913d-dbb1bae4dc17} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fdkowvbp.bnxe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d6258ca6-2028-4cdd-b496-cacc18721a60} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76404-OEM-0074782-27012) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Käyttäjä\Local Settings\Temp\tem144.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9090BF3-E6D8-43A7-800D-127B432651EC}\RP2\A0001007.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9090BF3-E6D8-43A7-800D-127B432651EC}\RP2\A0001018.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9090BF3-E6D8-43A7-800D-127B432651EC}\RP6\A0004178.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\ebxl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mpxa.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Käyttäjä\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Käyttäjä\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Oikein hyvä !!! AVG8 on nyt OK ****************************************** Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK ************************************************************* ****************************************** Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat. ********************************************************** Loppuiko ei toivotut mainokset ??? Toimiiko kone OK ???
Joo AVG toimii tosiaan nyt niinkuin pitääkin ja muutenkin näyttää siltä,että virukset lähti pois koneelta! Kiitos vielä vaivannäöstäsi!!
