Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:22:27, on 22.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Opera\Opera.exe D:\Program Files\MSN Messenger\msnmsgr.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=C:\WINDOWS\system32\svchost1.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CatalystRegistration] "D:\Program Files\ATI\CatalystRegistration\dolce.exe" O4 - HKLM\..\Run: [Name of App] D:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe -- End of file - 4282 bytes On ollut virus tässä nyt äsköttäin ja yritetty poistaa, en sit tiedä.
En pääse normaalitilaan, ei lataa mitään pikakuvakkeita eikä mitään, nytkin kirjottelen vikasietotilasta :'(
OK Tee uusi hjt-scannaus Do a System scan only Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=C:\WINDOWS\system32\svchost1.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix.exe combofix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Lähetä uusi hjt-loki ja C:\ComboFix.txt
Combo loki: ComboFix 07-11-19.3 - Administrator 2007-11-22 21:53:24.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1774 [GMT 2:00] Running from: D:\Documents and Settings\Administrator.LOL-27A229407A9\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\WINDOWS\system32\pskill.exe . ((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 ))))))))))))))))))))))))))))))) . 2007-11-22 21:07 <DIR> d-------- D:\musat 2007-11-22 21:07 <DIR> d-------- D:\Leffat 2007-11-22 21:06 <DIR> d-------- D:\Program Files\Winamp 2007-11-22 21:06 <DIR> d-------- D:\Program Files\Star Wars Jedi Knight Jedi Academy Demo 2007-11-22 21:06 <DIR> d-------- D:\DC++ 2007-11-22 20:30 <DIR> d-------- D:\Program Files\Yahoo! 2007-11-22 20:29 <DIR> d-------- D:\Program Files\CCleaner 2007-11-22 17:00 <DIR> d-------- D:\Documents and Settings\Administrator.LOL-27A229407A9\Application Data\vlc 2007-11-22 16:05 <DIR> d-------- D:\Program Files\Incomplete 2007-11-20 18:30 <DIR> d-------- D:\Program Files\FlvRecorder 2007-11-20 10:22 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\vlc 2007-11-20 10:18 <DIR> d-------- D:\Program Files\VLC 2007-11-20 08:32 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Test Drive Unlimited 2007-11-20 08:09 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\SecuROM 2007-11-20 07:37 <DIR> d-------- D:\Program Files\ffdshow 2007-11-20 07:37 6,144 --a------ D:\WINDOWS\system32\ff_acm.acm 2007-11-20 07:37 5,120 --a------ D:\WINDOWS\system32\ff_vfw.dll 2007-11-20 07:37 547 --a------ D:\WINDOWS\system32\ff_vfw.dll.manifest 2007-11-19 22:50 98,304 --a------ D:\WINDOWS\system32\CmdLineExt.dll 2007-11-19 22:44 <DIR> d-------- D:\Program Files\LucasArts 2007-11-19 22:43 <DIR> d---s---- D:\Program Files\Xfire 2007-11-19 22:43 <DIR> d-------- D:\Program Files\GameSpy Arcade 2007-11-19 22:43 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\Xfire 2007-11-19 21:18 <DIR> d-------- D:\Incomplete 2007-11-19 20:51 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Shared 2007-11-19 20:51 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Incomplete 2007-11-19 20:45 <DIR> d-------- D:\Program Files\BitComet 2007-11-19 20:45 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\LimeWire 2007-11-19 20:43 <DIR> d-------- D:\Program Files\LimeWire 2007-11-19 15:56 <DIR> d-------- D:\Simpsonit 2007-11-19 14:23 162,551 --a------ D:\Documents and Settings\T0nDe.LOL-27A229407A9\stub.exe 2007-11-19 12:33 <DIR> d-------- D:\WINDOWS\Sun 2007-11-18 10:43 <DIR> d-------- D:\Program Files\SAMSUNG 2007-11-18 10:19 <DIR> d-------- D:\Program Files\DAEMON Tools 2007-11-17 23:30 <DIR> d--h----- D:\WINDOWS\PIF 2007-11-17 22:40 <DIR> d-------- D:\Keskeneräset lataukset 2007-11-16 16:24 <DIR> d-------- D:\Program Files\ViOrb 2007-11-16 16:21 111,104 --a------ D:\WINDOWS\system32\Uharc.exe 2007-11-16 16:21 19,968 --a------ D:\WINDOWS\system32\reico.exe 2007-11-16 15:02 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\DivX 2007-11-16 15:01 <DIR> d-------- D:\Program Files\DivX 2007-11-15 21:21 <DIR> d-------- D:\Program Files\Java 2007-11-15 21:21 <DIR> d-------- D:\Program Files\Common Files\Java 2007-11-15 15:13 <DIR> d-------- D:\Program Files\SystemRequirementsLab 2007-11-14 22:45 <DIR> d-------- D:\Fraps 2007-11-14 22:45 <DIR> d-a------ D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2007-11-14 22:21 <DIR> d-------- D:\Program Files\SpeedFan 2007-11-14 22:21 45 --a------ D:\WINDOWS\system32\initdebug.nfo 2007-11-14 21:00 <DIR> d-------- D:\Program Files\uTorrent 2007-11-14 18:46 <DIR> d-------- D:\Program Files\Electronic Arts 2007-11-14 18:13 1,902,019,901 --a------ D:\nzd_crysis_spdemo.exe 2007-11-14 17:34 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav 2007-11-14 17:01 31,616 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys 2007-11-14 17:01 14,848 --a------ D:\WINDOWS\system32\drivers\kbdhid.sys 2007-11-13 18:50 593,920 --------- D:\WINDOWS\system32\ati2sgag.exe 2007-11-13 18:44 3,727,720 --a------ D:\WINDOWS\system32\d3dx9_35.dll 2007-11-13 18:44 267,112 --a------ D:\WINDOWS\system32\xactengine2_9.dll 2007-11-13 18:37 81,768 --a------ D:\WINDOWS\system32\xinput1_3.dll 2007-11-13 18:37 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll 2007-11-13 18:29 <DIR> d-------- D:\Program Files\Common Files\Adobe 2007-11-13 18:21 <DIR> d-------- D:\Program Files\ABIT 2007-11-13 18:21 1,466,368 --a------ D:\WINDOWS\system32\drivers\FlashMenuCHS.dll 2007-11-13 18:21 23,612 --a------ D:\WINDOWS\system32\FlashMenu.sys 2007-11-13 18:21 10,752 --a------ D:\WINDOWS\system32\drivers\uGuru.SYS 2007-11-13 18:21 6,528 --a------ D:\WINDOWS\system32\nvoclock.sys 2007-11-13 18:21 5,960 --a------ D:\WINDOWS\system32\drivers\HWDRV.SYS 2007-11-13 18:21 5,018 --a------ D:\WINDOWS\system32\drivers\HWIOCTL.SYS 2007-11-13 18:21 4,608 --a------ D:\WINDOWS\system32\drivers\ProcObsrv.sys 2007-11-13 18:21 3,548 --a------ D:\WINDOWS\system32\WINFLASH.SYS 2007-11-13 18:21 3,548 --a------ D:\WINDOWS\system32\drivers\WINFLASH.SYS 2007-11-13 17:42 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\Winamp 2007-11-13 17:42 43,528 --------- D:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-13 17:16 <DIR> d-------- D:\Program Files\ATI 2007-11-13 16:50 <DIR> d-------- D:\mpc2kxp6490 2007-11-13 16:50 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\Media Player Classic 2007-11-13 16:37 <DIR> d-------- D:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP 2007-11-13 16:33 <DIR> d-------- D:\Program Files\ATI Technologies 2007-11-13 16:31 <DIR> d-------- D:\Program Files\direct x9 2007-11-12 17:02 <DIR> d-------- D:\Program Files\BSplayer 2007-11-11 23:26 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\Apple Computer 2007-11-11 23:23 <DIR> d-------- D:\Program Files\QuickTime 2007-11-11 23:23 <DIR> d-------- D:\Program Files\Apple Software Update 2007-11-11 22:17 <DIR> d-------- D:\Documents and Settings\Administrator.LOL-27A229407A9\Contacts 2007-11-11 21:18 664 --a------ D:\WINDOWS\system32\d3d9caps.dat 2007-11-11 21:12 <DIR> d-------- D:\Program Files\Activision 2007-11-11 20:33 34,920 --a------ D:\WINDOWS\system32\omega_drivers.bmp 2007-11-11 19:46 <DIR> d-------- D:\Peli Demot 2007-11-11 19:44 <DIR> d-------- D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\uTorrent 2007-11-11 19:36 552 --a------ D:\WINDOWS\system32\d3d8caps.dat 2007-11-11 19:30 <DIR> d-------- D:\Documents and Settings\Administrator.LOL-27A229407A9\an817 2007-11-11 17:11 143,360 --a------ D:\WINDOWS\system32\atipdlxx.dll 2007-11-11 17:11 122,880 --a------ D:\WINDOWS\system32\Oemdspif.dll 2007-11-11 17:10 3,130,720 --a--c--- D:\WINDOWS\system32\dllcache\ati3duag.dll 2007-11-11 17:10 3,130,720 --a------ D:\WINDOWS\system32\ati3duag.dll 2007-11-11 17:10 1,593,600 --a--c--- D:\WINDOWS\system32\dllcache\ativvaxx.dll 2007-11-11 17:10 1,593,600 --a------ D:\WINDOWS\system32\ativvaxx.dll 2007-11-11 17:10 499,712 --a--c--- D:\WINDOWS\system32\dllcache\ati2cqag.dll 2007-11-11 17:10 499,712 --a------ D:\WINDOWS\system32\ati2cqag.dll 2007-11-11 17:10 268,800 --a--c--- D:\WINDOWS\system32\dllcache\ati2dvag.dll 2007-11-11 17:10 268,800 --a------ D:\WINDOWS\system32\ati2dvag.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-22 19:09 --------- d-----w D:\Program Files\VLC 2007-11-22 15:00 --------- d-----w D:\Documents and Settings\Administrator.LOL-27A229407A9\Application Data\vlc 2007-11-20 08:22 --------- d-----w D:\Documents and Settings\T0nDe.LOL-27A229407A9\Application Data\vlc 2007-11-19 20:44 --------- d--h--w D:\Program Files\InstallShield Installation Information 2007-11-18 08:10 685,816 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2007-11-16 14:24 --------- d-----w D:\Program Files\ViOrb 2007-11-11 14:07 --------- d-----w D:\Program Files\AvRack 2007-11-11 13:10 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard 2007-11-11 13:08 --------- d-----w D:\Program Files\Opera 2007-11-09 17:43 --------- d-----w D:\Program Files\Lavalys 2007-11-09 17:36 --------- d-----w D:\Program Files\Common Files\InstallShield 2007-11-09 17:32 --------- d-----w D:\Program Files\Avira 2007-11-09 16:31 --------- d-----w D:\Program Files\microsoft frontpage 2007-10-20 00:56 524,288 ----a-w D:\WINDOWS\system32\DivXsm.exe 2007-10-20 00:56 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll 2007-10-20 00:56 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 129,784 ------w D:\WINDOWS\system32\pxafs.dll 2007-10-20 00:56 120,056 ------w D:\WINDOWS\system32\pxcpyi64.exe 2007-10-20 00:56 118,520 ------w D:\WINDOWS\system32\pxinsi64.exe 2007-10-20 00:56 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll 2007-10-20 00:54 823,296 ----a-w D:\WINDOWS\system32\divx_xx0c.dll 2007-10-20 00:54 823,296 ----a-w D:\WINDOWS\system32\divx_xx07.dll 2007-10-20 00:54 81,920 ----a-w D:\WINDOWS\system32\dpl100.dll 2007-10-20 00:54 802,816 ----a-w D:\WINDOWS\system32\divx_xx11.dll 2007-10-20 00:54 739,840 ----a-w D:\WINDOWS\system32\DivX.dll 2007-10-20 00:54 196,608 ----a-w D:\WINDOWS\system32\dtu100.dll 2007-10-18 09:06 156,992 ----a-w D:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-18 09:03 593,920 ----a-w D:\WINDOWS\system32\dpuGUI11.dll 2007-10-18 09:03 57,344 ----a-w D:\WINDOWS\system32\dpv11.dll 2007-10-18 09:03 53,248 ----a-w D:\WINDOWS\system32\dpuGUI10.dll 2007-10-18 09:03 344,064 ----a-w D:\WINDOWS\system32\dpus11.dll 2007-10-18 09:03 294,912 ----a-w D:\WINDOWS\system32\dpu11.dll 2007-10-18 09:03 294,912 ----a-w D:\WINDOWS\system32\dpu10.dll 2007-10-18 09:02 12,288 ----a-w D:\WINDOWS\system32\DivXWMPExtType.dll 2007-09-29 05:46 47,376 ----a-w D:\WINDOWS\system32\drivers\ativvpxx.vp 2007-09-29 03:21 9,854,976 ----a-w D:\WINDOWS\system32\atioglx2.dll 2007-09-29 03:07 356,352 ----a-w D:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 03:05 2,456,064 ----a-w D:\WINDOWS\system32\drivers\ati2mtag.sys 2007-09-29 02:58 43,520 ----a-w D:\WINDOWS\system32\ati2edxx.dll 2007-09-29 02:58 26,112 ----a-w D:\WINDOWS\system32\Ati2mdxx.exe 2007-09-29 02:56 483,328 ----a-w D:\WINDOWS\system32\ati2evxx.exe 2007-09-29 02:55 53,248 ----a-w D:\WINDOWS\system32\ATIDDC.DLL 2007-09-29 02:49 307,200 ----a-w D:\WINDOWS\system32\atiiiexx.dll 2007-09-29 02:47 172,032 ----a-w D:\WINDOWS\system32\atiok3x2.dll 2007-09-29 02:23 5,435,392 ----a-w D:\WINDOWS\system32\atioglxx.dll 2007-09-29 02:22 376,832 ----a-w D:\WINDOWS\system32\atikvmag.dll 2007-09-29 02:20 17,408 ----a-w D:\WINDOWS\system32\atitvo32.dll 2007-09-29 02:19 49,152 ----a-w D:\WINDOWS\system32\drivers\ati2erec.dll 2007-09-11 11:02 81,920 ----a-w D:\WINDOWS\system32\frapsvid.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00] "msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-09 19:33] "SmcService"="D:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 D:\WINDOWS\soundman.exe] "StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "CatalystRegistration"="D:\Program Files\ATI\CatalystRegistration\dolce.exe" [2007-07-27 12:04] "Name of App"="D:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2005-12-01 14:13] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00] D:\Documents and Settings\T0nDe.LOL-27A229407A9\Start Menu\Programs\Startup\ Xfire.lnk - D:\Program Files\Xfire\Xfire.exe [2005-09-28 23:32:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL R0 uGuru;uGuru;D:\WINDOWS\system32\Drivers\uGuru.sys S1 atitray;atitray;\??\C:\ati tray tools\atitray.sys S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\D:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt S3 Memctl;Memctl;\??\D:\Program Files\ABIT\ABIT uGuru\Memctl.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\setup.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-11-22 10:27:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-22 21:54:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Name of App = D:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe?D~??A~??????A~??A~??k???????????A~???????????????????????????????|????]?A~????)?E??????!????D???J??????bD????????????? ???/?F?????b?@?????]?A~ ???)?E???????????????????A~??G~????????????????????????????(?G scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-22 21:55:16 . --- E O F --- HiJackThis loki Logfile of HijackThis v1.99.1 Scan saved at 21:58:17, on 22.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\Documents and Settings\Administrator.LOL-27A229407A9\Desktop\hijackthis\HijackThis.exe D:\WINDOWS\explorer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CatalystRegistration] "D:\Program Files\ATI\CatalystRegistration\dolce.exe" O4 - HKLM\..\Run: [Name of App] D:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
ja sitten... Tee uusi hjt-scannaus Do a System scan only Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked O4 - HKLM\..\Run: [Name of App] D:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa CFScript ComboFix.exeen kuten alla. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. * Lataa Dr.Web Cureit työpöydällesi: Dr.Web (jos toimii vikasietotilassa,en muista ) Tupla klikkaa drweb-cureit.exe ja anna ohjelman tehdä *muistin- /koneen pikatarkistus. (tämä on vain lyhyt tarkistus) Kun tarkistus on valmis, pistä ruksi kohtaan *Complete scan*. Klikkaa vihreää nuolta Dr.Web:in logon alta ,jotta tarkistus käynnistyy. Kun tarkistus on loppu. Paina *select all*-nappia. Sen jälkeen paina *move*-nappia. Kohteet siirtyvät karanteeniin seuraavaan %userprofile%\DoctorWeb\quarantine-hakemistoon. Avaa Dr.Webin työkalurivistä *file* ja paina *Save report list* Tallenna raportti työpöydälle.Tallenna se nimellä *DrWeb*. Sulje Dr.web. Käynnistä kone uudelleen!!Jotta valitut tiedostot poistetaan/siirretään käynnistyksen yhteydessä, karanteeniin. Kun olet uudelleen käynnistänyt tietokoneesesi, liitä Dr.Web-lokin, sisältö seuraavaan vastaukseesi. Lähetä combofix.txt-tiedoston + DrWeb loki + uusi hjt-loki
