hjt loki. löytyisikö apua?

hei. norman löysi mun koneelta 2 troijalaista ja heitti ne karanteeniin. kone silti ei oo entisensä. katoin malwarebytes anti-malwarella koneen ja kaks troijalaista löysi sekin. poistin ne, mutta ei auta. kahtokaa näkyykö tossa jotain.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:22, on 8.1.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yle.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 8138 bytes

 

troijalaiset on edelleen koneella enkä saa niitä pois.

netti on alakanut pätkimään, joutuu käynnistelemään vähä väliä uudestaan ja se hakee aina uudestaan välityspalvelimen asetukset.

auttakaa ny jo ihimeesä.

 

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

=================

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

malware ei löytäny mitään, mutta aikasemmin norman (norton) löysi 2.
testaan ne vielä myöhemmin.







Malwarebytes' Anti-Malware 1.32
Tietokantaversio: 1648
Windows 6.0.6001 Service Pack 1

13.1.2009 20:10:55
mbam-log-2009-01-13 (20-10-55).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 105218
Kulunut aika: 31 minute(s), 32 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

norton löysi taas sen troijalaisen ( w32/Dloader.dam ), mutta ei pysty poistamaan sitä.
se näky ennen tätä combofixin ajoa.



ComboFix 09-01-13.04 - erik 2009-01-14 23:23:25.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1035.18.894.306 [GMT 2:00]
Sijainti: c:\users\erik\Desktop\ComboFix.exe
AV: Norman Virus Control ver. 5.99 *On-access scanning disabled* (Outdated)
* Uusi palautuspiste luotu
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-14 to 2009-01-14 )))))))))))))))))
.

2009-01-13 23:12 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 16:01 . 2008-07-06 11:12 114,555 --------- c:\windows\hpqins13.dat.temp
2009-01-08 18:32 . 2009-01-08 18:32 <KANSIO> d-------- c:\program files\Trend Micro
2009-01-02 18:46 . 2009-01-02 18:46 <KANSIO> d-------- c:\users\erik\AppData\Roaming\Malwarebytes
2009-01-02 18:46 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-02 18:45 . 2009-01-02 18:45 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-01-02 18:45 . 2009-01-02 18:45 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-01-02 18:45 . 2009-01-13 19:36 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 18:45 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 16:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-14 16:00 --------- d-----w c:\program files\Norton Security Scan
2009-01-14 10:04 --------- d-----w c:\program files\Norman
2009-01-13 21:21 2,842 ----a-w c:\users\erik\AppData\Roaming\wklnhst.dat
2009-01-13 21:15 --------- d-----w c:\program files\Windows Mail
2009-01-10 16:21 --------- d-----w c:\program files\Google
2009-01-09 21:14 138,384 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-09 21:13 187,536 ----a-w c:\windows\System32\PnkBstrB.exe
2008-12-27 15:03 --------- d-----w c:\program files\Common Files\Adobe
2008-12-26 20:49 70,968 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-08 19:00 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-08 19:00 --------- d-----w c:\program files\Java
2008-11-30 16:45 --------- d-----w c:\programdata\Symantec
2008-11-27 08:33 --------- d-----w c:\program files\MSN Messenger
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 12:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 11:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-04-16 18:04 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 219520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-12 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72C1D0D4-9076-41BD-A2C7-8BA8AE67D14E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{63E21B54-25D1-4B36-BA88-370128CA3763}c:\\program files\\novalogic\\delta force black hawk down\\dfbhd.exe"= UDP:c:\program files\novalogic\delta force black hawk down\dfbhd.exe:dfbhd
"UDP Query User{390455C8-3A05-44D7-A824-2EF97070A433}c:\\program files\\novalogic\\delta force black hawk down\\dfbhd.exe"= TCP:c:\program files\novalogic\delta force black hawk down\dfbhd.exe:dfbhd
"TCP Query User{47A82542-0794-479E-983E-32819B446148}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= UDP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"UDP Query User{9649E913-D1FE-4D9F-AD1B-3FD7B5288A3C}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= TCP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"TCP Query User{F4EA2214-B4A0-44C0-AD84-5DA60FBE3226}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{58C9748F-A807-42FA-87EE-613A2C28698E}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{F445E7B9-20E1-4CE7-AD98-A7966EE3E933}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{957A38B9-FE15-44AF-B927-3313B0A656FA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{BF404466-AFD2-416B-8623-3DA2259FF773}c:\\users\\erik\\counter-strike\\mspaint.exe\\hl.exe"= UDP:c:\users\erik\counter-strike\mspaint.exe\hl.exe:hl.exe
"UDP Query User{25280A5D-FB81-442D-8D01-CB33EF2AF528}c:\\users\\erik\\counter-strike\\mspaint.exe\\hl.exe"= TCP:c:\users\erik\counter-strike\mspaint.exe\hl.exe:hl.exe

R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [2008-06-30 322616]
R3 NvcMFlt;NvcMFlt;c:\windows\System32\drivers\nvcv32mf.sys [2008-09-06 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\NVC\bin\Nvcoas.exe [2008-01-14 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\NVC\bin\Nvcsched.exe [2007-05-23 146488]
R4 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [2007-04-15 20448]
S3 nvcfsr;nvcfsr;c:\program files\Norman\NVC\bin\Nvcfsr.sys [2007-05-02 6712]
S3 nvcoafl4;nvcoafl4;c:\program files\Norman\NVC\bin\Nvcoafl4.sys [2007-05-02 36472]
S3 nvcoaft4;nvcoaft4;c:\program files\Norman\NVC\bin\Nvcoaft4.sys [2007-05-02 104288]
S3 nvcoarc4;nvcoarc4;c:\program files\Norman\NVC\bin\Nvcoarc4.sys [2007-05-02 25528]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - mchInjDrv
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0181d03-a9b5-11dc-9d2a-001a9254b1dd}]
\shell\AutoRun\command - g:\setup\rsrc\autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-01-14 c:\windows\Tasks\Norton Security Scan for erik.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://yle.fi/
Trusted Zone: www.adobe.com
.
.
------- Tiedostokytkennät -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 23:28:26
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-01-14 23:31:31
ComboFix-quarantined-files.txt 2009-01-14 21:31:26

Ennen ajoa: 72 223 784 960 tavua vapaana
Ajon jälkeen: 72,300,957,696 tavua vapaana

151 --- E O F --- 2009-01-13 21:15:36

 

Nyt tuon alla olevan Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



combofix työstää tulee sininen taulu paina numeroa 1 ja enter

Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

en oo varma menikö tuo combofixin työstö oikein, ku en ehtiny painella 1 ja enter vaan se alako itestään tarkistelemaan.


ComboFix 09-01-16.02 - erik 2009-01-16 23:39:07.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1035.18.894.251 [GMT 2:00]
Sijainti: c:\users\erik\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\erik\Desktop\CFScript.txt
AV: Norman Virus Control ver. 5.99 *On-access scanning disabled* (Outdated)
* Uusi palautuspiste luotu
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\ccL70U.dll
c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\instopts.dat
c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe
c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\Setup.msi
c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\SymHTML.dll
c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\SymTheme.dll
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\ccL70U.dll
c:\program files\Norton Security Scan\ccScanw.dll
c:\program files\Norton Security Scan\ccVrTrst.dll
c:\program files\Norton Security Scan\dec_abi.dll
c:\program files\Norton Security Scan\DefUtDCD.dll
c:\program files\Norton Security Scan\ecmldr32.dll
c:\program files\Norton Security Scan\help.htm
c:\program files\Norton Security Scan\Microsoft.VC80.CRT.manifest
c:\program files\Norton Security Scan\msl.dll
c:\program files\Norton Security Scan\msvcp80.dll
c:\program files\Norton Security Scan\msvcr80.dll
c:\program files\Norton Security Scan\Nss.exe
c:\program files\Norton Security Scan\patch25d.dll
c:\program files\Norton Security Scan\SAUpdt.dll
c:\program files\Norton Security Scan\ScanCore.dll
c:\program files\Norton Security Scan\ScanRes.dll
c:\program files\Norton Security Scan\SKURes.dll
c:\program files\Norton Security Scan\SymHTML.dll
c:\programdata\Symantec
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\CATALOG.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\CCERASER.DLL
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\ECMSVR32.DLL
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\EECTRL.SYS
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\ERASER.GRD
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\ERASER.SIG
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\ERASER.SPM
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\ERASER.SYS
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\ESRDEF.BIN
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\HH
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\hub.scr
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\NAVENG.SYS
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\NAVENG32.DLL
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\NAVEX15.SYS
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\NAVEX32A.DLL
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\NCSACERT.TXT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\SCRAUTH.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\SYMAVENG.CAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\SYMAVENG.INF
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\SYMERASE.CAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\SYMERASE.INF
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TCDEFS.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TCSCAN7.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TCSCAN8.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TCSCAN9.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TECHNOTE.TXT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TINF.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TINFIDX.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TINFL.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TSCAN1.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\TSCAN1HD.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\V.GRD
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\V.SIG
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\WHATSNEW.TXT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN.INF
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN1.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN2.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN3.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN4.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN5.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN6.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN7.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN8.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCAN9.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\VIRSCANT.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\vscanmsx.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090113.024\ZDONE.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\CATALOG.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\CCERASER.DLL
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\ECMSVR32.DLL
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\EECTRL.SYS
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\ERASER.GRD
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\ERASER.SIG
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\ERASER.SPM
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\ERASER.SYS
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\ESRDEF.BIN
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\HH
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\hub.scr
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\NAVENG.SYS
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\NAVENG32.DLL
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\NAVEX15.SYS
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\NAVEX32A.DLL
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\NCSACERT.TXT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\SCRAUTH.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\SYMAVENG.CAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\SYMAVENG.INF
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\SYMERASE.CAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\SYMERASE.INF
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TCDEFS.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TCSCAN7.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TCSCAN8.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TCSCAN9.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TECHNOTE.TXT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TINF.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TINFIDX.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TINFL.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TSCAN1.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\TSCAN1HD.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\V.GRD
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\V.SIG
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\WHATSNEW.TXT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN.INF
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN1.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN2.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN3.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN4.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN5.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN6.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN7.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN8.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCAN9.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\VIRSCANT.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\vscanmsx.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090115.004\ZDONE.DAT
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\catalog.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.grd
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sig
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.spm
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\esrdef.bin
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\hh
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\scrauth.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\symaveng.cat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\symaveng.inf
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\SymErase.cat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\SymErase.inf
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcdefs.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan7.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan8.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan9.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\technote.txt
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinf.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinfl.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tscan1.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tscan1hd.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\v.grd
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\v.sig
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\whatsnew.txt
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan.inf
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan1.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan2.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan3.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan4.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan5.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan6.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan7.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan8.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan9.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\zdone.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\definfo.dat
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\usage.dat

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-16 to 2009-01-16 )))))))))))))))))
.

2009-01-13 23:12 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 16:01 . 2008-07-06 11:12 114,555 --------- c:\windows\hpqins13.dat.temp
2009-01-08 18:32 . 2009-01-08 18:32 <KANSIO> d-------- c:\program files\Trend Micro
2009-01-02 18:46 . 2009-01-02 18:46 <KANSIO> d-------- c:\users\erik\AppData\Roaming\Malwarebytes
2009-01-02 18:46 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-02 18:45 . 2009-01-02 18:45 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-01-02 18:45 . 2009-01-02 18:45 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-01-02 18:45 . 2009-01-13 19:36 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 18:45 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 10:29 2,944 ----a-w c:\users\erik\AppData\Roaming\wklnhst.dat
2009-01-16 09:03 --------- d-----w c:\program files\Norman
2009-01-13 21:15 --------- d-----w c:\program files\Windows Mail
2009-01-10 16:21 --------- d-----w c:\program files\Google
2009-01-09 21:14 138,384 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-09 21:13 187,536 ----a-w c:\windows\System32\PnkBstrB.exe
2008-12-27 15:03 --------- d-----w c:\program files\Common Files\Adobe
2008-12-26 20:49 70,968 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-08 19:00 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-08 19:00 --------- d-----w c:\program files\Java
2008-11-27 08:33 --------- d-----w c:\program files\MSN Messenger
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 12:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 11:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-04-16 18:04 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2009-01-14_23.29.21,13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-16 21:14:59 10,134 ----a-r c:\windows\Installer\{36FDBE6E-6684-462B-AE98-9A39A1B200CC}\ARPPRODUCTICON.exe
- 2009-01-14 10:04:03 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-16 09:03:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-14 10:04:03 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-16 09:03:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-14 21:13:31 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-16 09:05:04 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-16 09:05:04 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-14 21:13:25 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-16 09:05:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-16 09:05:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-14 10:04:23 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-16 21:24:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-14 10:04:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 21:24:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-14 10:04:23 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-16 21:24:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-14 21:22:48 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-16 21:38:06 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2007-03-28 11:57:34 274,944 ----a-w c:\windows\System32\spool\prtprocs\w32x86\1_hpzpp5ha.dll
- 2009-01-14 10:12:00 9,262 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1098233164-1175757859-2552283982-1000_UserData.bin
+ 2009-01-16 09:06:23 9,394 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1098233164-1175757859-2552283982-1000_UserData.bin
- 2009-01-14 10:12:00 67,546 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-16 09:06:22 67,686 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-14 10:11:59 36,622 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-16 09:06:15 36,654 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 219520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-12 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72C1D0D4-9076-41BD-A2C7-8BA8AE67D14E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{63E21B54-25D1-4B36-BA88-370128CA3763}c:\\program files\\novalogic\\delta force black hawk down\\dfbhd.exe"= UDP:c:\program files\novalogic\delta force black hawk down\dfbhd.exe:dfbhd
"UDP Query User{390455C8-3A05-44D7-A824-2EF97070A433}c:\\program files\\novalogic\\delta force black hawk down\\dfbhd.exe"= TCP:c:\program files\novalogic\delta force black hawk down\dfbhd.exe:dfbhd
"TCP Query User{47A82542-0794-479E-983E-32819B446148}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= UDP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"UDP Query User{9649E913-D1FE-4D9F-AD1B-3FD7B5288A3C}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= TCP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"TCP Query User{F4EA2214-B4A0-44C0-AD84-5DA60FBE3226}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{58C9748F-A807-42FA-87EE-613A2C28698E}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{F445E7B9-20E1-4CE7-AD98-A7966EE3E933}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{957A38B9-FE15-44AF-B927-3313B0A656FA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{BF404466-AFD2-416B-8623-3DA2259FF773}c:\\users\\erik\\counter-strike\\mspaint.exe\\hl.exe"= UDP:c:\users\erik\counter-strike\mspaint.exe\hl.exe:hl.exe
"UDP Query User{25280A5D-FB81-442D-8D01-CB33EF2AF528}c:\\users\\erik\\counter-strike\\mspaint.exe\\hl.exe"= TCP:c:\users\erik\counter-strike\mspaint.exe\hl.exe:hl.exe

R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [2008-06-30 322616]
R3 NvcMFlt;NvcMFlt;c:\windows\System32\drivers\nvcv32mf.sys [2008-09-06 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\NVC\bin\Nvcoas.exe [2008-01-14 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\NVC\bin\Nvcsched.exe [2007-05-23 146488]
R4 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [2007-04-15 20448]
S3 nvcfsr;nvcfsr;c:\program files\Norman\NVC\bin\Nvcfsr.sys [2007-05-02 6712]
S3 nvcoafl4;nvcoafl4;c:\program files\Norman\NVC\bin\Nvcoafl4.sys [2007-05-02 36472]
S3 nvcoaft4;nvcoaft4;c:\program files\Norman\NVC\bin\Nvcoaft4.sys [2007-05-02 104288]
S3 nvcoarc4;nvcoarc4;c:\program files\Norman\NVC\bin\Nvcoarc4.sys [2007-05-02 25528]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - mchInjDrv
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0181d03-a9b5-11dc-9d2a-001a9254b1dd}]
\shell\AutoRun\command - g:\setup\rsrc\autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-01-16 c:\windows\Tasks\Norton Security Scan for erik.job
- c:\program files\Norton Security Scan\Nss.exe []
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://yle.fi/
Trusted Zone: www.adobe.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 23:45:48
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-01-16 23:48:46
ComboFix-quarantined-files.txt 2009-01-16 21:48:42
ComboFix2.txt 2009-01-14 21:31:33

Ennen ajoa: 70 653 906 944 tavua vapaana
Ajon jälkeen: 70,993,772,544 tavua vapaana

338 --- E O F --- 2009-01-16 09:49:16

 

norman löytää edelleen troijalaisen, mutta ei voi poistaa sitä

 

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

=============

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)