Hjt loki

Kertoisko joku näkyykö tässä lokissa mitään ylimääräistä?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:22, on 7.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.05\RivaTuner.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Heikki\Työpöytä\Lataukset\ewido_micro.exe
C:\HiJackThis_v2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: RADIO_USA Toolbar - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - C:\Program Files\RADIO_USA\tbRADI.dll
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: RADIO_USA Toolbar - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - C:\Program Files\RADIO_USA\tbRADI.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: RADIO_USA Toolbar - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - C:\Program Files\RADIO_USA\tbRADI.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /T
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8404 bytes

 

Tuo pöpö on senverran arveluttava, että tutkitaan.

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
--------------------------------------------------------------
Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

* Tallenna työpöydällesi.
* Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
* Valitse:* Delete on Reboot* sitten klikkaa All Files valintaa.
* Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\WINDOWS\system32\winsys2.exe

* Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.
* Mene Options valikkoon laita ruxit kahteen ylimpään riviin.
* Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).[/list]
Käynnistä koneesi itse jos se ei sitä automaattisesti tee.
Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.
Lopuksi:
KillBoxin Tools välilehdeltä => Delete Temp Files => Delete Selected
-------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* C:\!KillBox\Logs\Kb.log tänne.
* Toimiiko tuo Norton Virustutkana ainoastaan ???

 

Joo nortoni on vaan viruksia vastaan, zonealarm muurina.
tässä hjt- loki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:00, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.05\RivaTuner.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis_v2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /T
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7050 bytes


sitten combo.

ComboFix 08-02.05.3 - Heikki 2008-02-08 12:33:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1537 [GMT 2:00]
Running from: C:\Documents and Settings\Heikki\Työpöytä\Lataukset\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\winsys.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-08 to 2008-02-08 )))))))))))))))))
.

2008-02-08 12:27 . 2008-02-08 12:27 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-08 12:27 . 2008-02-08 12:27 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-07 12:33 . 2008-02-07 12:33 401,720 --a------ C:\HiJackThis_v2.0.2.exe
2008-02-07 12:25 . 2008-02-07 12:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-07 12:24 . 2008-02-07 12:24 <KANSIO> d-------- C:\Documents and Settings\Heikki\Application Data\Uniblue
2008-02-06 12:13 . 2008-02-06 12:13 <KANSIO> d-------- C:\Documents and Settings\Heikki\Application Data\CrystalSpace
2008-02-06 12:13 . 2008-02-06 12:13 <KANSIO> d-------- C:\Documents and Settings\Heikki\Application Data\CrystalApp
2008-02-05 22:13 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-05 22:13 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-05 22:13 . 2004-09-14 15:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-05 22:13 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-05 22:12 . 2008-02-08 12:23 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-02-05 22:09 . 2008-02-05 22:09 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-02-05 22:09 . 2008-02-05 22:10 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-29 15:55 . 2008-01-29 15:55 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-29 15:55 . 2008-01-29 15:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-29 15:47 . 2008-01-29 15:47 <KANSIO> d-------- C:\Documents and Settings\LocalService\Työpöytä
2008-01-29 13:43 . 2008-02-08 12:27 <KANSIO> d-------- C:\Program Files\Live_TV
2008-01-29 13:41 . 2008-02-08 12:27 <KANSIO> d-------- C:\Program Files\RADIO_USA
2008-01-21 15:02 . 2008-01-21 15:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Emotum
2008-01-21 15:01 . 2008-01-21 15:01 <KANSIO> d-------- C:\Program Files\Elisa
2008-01-21 15:01 . 2008-01-21 15:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Elisa
2008-01-19 13:13 . 2008-01-19 13:13 <KANSIO> d-------- C:\Program Files\Lavalys
2008-01-19 12:19 . 2008-01-19 12:19 <KANSIO> d-------- C:\WINDOWS\system32\Futuremark
2008-01-19 12:19 . 2008-01-19 12:19 <KANSIO> d-------- C:\Program Files\Futuremark
2008-01-19 12:19 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-01-19 12:19 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2008-01-14 11:49 . 2008-01-14 11:49 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-01-14 11:45 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-14 11:45 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-14 11:45 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-14 11:45 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-14 11:45 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-14 11:44 . 2008-01-14 11:59 276 --a------ C:\WINDOWS\game.ini
2008-01-09 13:47 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-09 13:47 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-09 13:47 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-09 13:47 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 10:35 17,223,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-08 10:26 211,952 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-07 20:10 --------- d-----w C:\Program Files\RevConnect
2008-02-07 10:16 --------- d-----w C:\Documents and Settings\Heikki\Application Data\uTorrent
2008-02-02 17:34 --------- d-----w C:\Program Files\dvdSanta
2008-02-02 11:22 --------- d-----w C:\Documents and Settings\Heikki\Application Data\Canon
2008-02-02 11:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 11:13 --------- d-----w C:\Program Files\Canon
2008-02-01 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-29 13:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-20 16:03 2,629,120 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-12-10 18:19 --------- d-----w C:\Documents and Settings\Heikki\Application Data\vlc
2007-12-10 18:15 --------- d-----w C:\Program Files\VideoLAN
2007-11-27 17:40 2,923,008 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-11-27 17:40 1,590,272 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-11-09 16:59 2,901,504 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-11-09 16:59 1,571,840 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-10-29 15:53 2,252,800 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-10-29 15:53 1,529,856 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-10-22 21:10 2,651,648 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-10-22 21:10 1,517,568 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-10-07 08:28 43,520 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-10-07 08:28 1,305,088 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-10-05 10:26 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2007-10-05 10:26 1,285,632 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]
"PowerBar"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2002-08-02 22:04 73728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 04:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 04:58 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-12-15 04:59 217088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14 919016]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 19:20 2633728]
"RivaTuner"="C:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 19:20 2633728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 10:38 49152]
"DVD43"="C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" [2004-10-22 14:18 278016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-05-18 15:08 208896]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2007-10-22 15:15 189768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 15:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 14:18 49152]

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-11-22 10:33]
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 16:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 19:03]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-11-22 10:33]
R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-11-29 10:16]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-09-27 19:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1151db6-7cc0-11dc-813e-00508db2aae9}]
\Shell\AutoRun\command - M:\SETUP.EXE /AUTORUN
\Shell\configure\command - M:\SETUP.EXE
\Shell\install\command - M:\SETUP.EXE

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 12:35:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0???????????? pt??6~?????????????????A??0???N???????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\\Program Files\\NavNT\\vptray.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-02-08 12:35:38
ComboFix-quarantined-files.txt 2008-02-08 10:35:35
.
2008-02-07 08:03:52 --- E O F ---


ja killbox.

Pocket Killbox version 2.0.0.648
Running on Windows XP as Heikki(Administrator)
was started @ perjantai, helmikuu 08, 2008, 12:36 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\winsys2.exe


I Rebooted @ 12:40:23 PM
Killbox Closed(Exit) @ 12:40:30 PM
__________________________________________________


Vieläkö näkyy omituisuuksia?

 

Loppu siivousta vailla:

Avaa Muistio ja kopioi/liitä alapuolella Lainauksissa oleva sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
------------------------------------------------------------------------------------------------------
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* combofix.txt raportti
*

 

Entäs nyt?

Hjt loki.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:17, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.05\RivaTuner.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis_v2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /T
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6946 bytes

Ja Combo.

ComboFix 08-02.05.3 - Heikki 2008-02-08 21:16:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1538 [GMT 2:00]
Running from: C:\Documents and Settings\Heikki\Työpöytä\Lataukset\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-08 to 2008-02-08 )))))))))))))))))
.

2008-02-08 12:27 . 2008-02-08 12:27 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-08 12:27 . 2008-02-08 12:27 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-07 12:33 . 2008-02-07 12:33 401,720 --a------ C:\HiJackThis_v2.0.2.exe
2008-02-07 12:25 . 2008-02-07 12:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-07 12:24 . 2008-02-07 12:24 <KANSIO> d-------- C:\Documents and Settings\Heikki\Application Data\Uniblue
2008-02-06 12:13 . 2008-02-06 12:13 <KANSIO> d-------- C:\Documents and Settings\Heikki\Application Data\CrystalSpace
2008-02-06 12:13 . 2008-02-06 12:13 <KANSIO> d-------- C:\Documents and Settings\Heikki\Application Data\CrystalApp
2008-02-05 22:13 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-05 22:13 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-05 22:13 . 2004-09-14 15:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-05 22:13 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-05 22:12 . 2008-02-08 12:23 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-02-05 22:09 . 2008-02-05 22:09 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-02-05 22:09 . 2008-02-05 22:10 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-29 15:55 . 2008-01-29 15:55 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-29 15:55 . 2008-01-29 15:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-29 15:47 . 2008-01-29 15:47 <KANSIO> d-------- C:\Documents and Settings\LocalService\Työpöytä
2008-01-29 13:43 . 2008-02-08 12:27 <KANSIO> d-------- C:\Program Files\Live_TV
2008-01-29 13:41 . 2008-02-08 12:27 <KANSIO> d-------- C:\Program Files\RADIO_USA
2008-01-21 15:02 . 2008-01-21 15:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Emotum
2008-01-21 15:01 . 2008-01-21 15:01 <KANSIO> d-------- C:\Program Files\Elisa
2008-01-21 15:01 . 2008-01-21 15:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Elisa
2008-01-19 13:13 . 2008-01-19 13:13 <KANSIO> d-------- C:\Program Files\Lavalys
2008-01-19 12:19 . 2008-01-19 12:19 <KANSIO> d-------- C:\WINDOWS\system32\Futuremark
2008-01-19 12:19 . 2008-01-19 12:19 <KANSIO> d-------- C:\Program Files\Futuremark
2008-01-19 12:19 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-01-19 12:19 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2008-01-14 11:49 . 2008-01-14 11:49 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-01-14 11:45 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-14 11:45 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-14 11:45 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-14 11:45 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-14 11:45 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-14 11:44 . 2008-01-14 11:59 276 --a------ C:\WINDOWS\game.ini
2008-01-09 13:47 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-09 13:47 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-09 13:47 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-09 13:47 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 19:17 17,301,536 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-08 15:14 212,840 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-07 20:10 --------- d-----w C:\Program Files\RevConnect
2008-02-07 10:16 --------- d-----w C:\Documents and Settings\Heikki\Application Data\uTorrent
2008-02-02 17:34 --------- d-----w C:\Program Files\dvdSanta
2008-02-02 11:22 --------- d-----w C:\Documents and Settings\Heikki\Application Data\Canon
2008-02-02 11:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 11:13 --------- d-----w C:\Program Files\Canon
2008-02-01 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-29 13:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-20 16:03 2,629,120 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-12-10 18:19 --------- d-----w C:\Documents and Settings\Heikki\Application Data\vlc
2007-12-10 18:15 --------- d-----w C:\Program Files\VideoLAN
2007-11-27 17:40 2,923,008 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-11-27 17:40 1,590,272 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-11-09 16:59 2,901,504 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-11-09 16:59 1,571,840 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-10-29 15:53 2,252,800 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-10-29 15:53 1,529,856 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-10-22 21:10 2,651,648 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-10-22 21:10 1,517,568 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-10-07 08:28 43,520 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-10-07 08:28 1,305,088 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-10-05 10:26 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2007-10-05 10:26 1,285,632 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2002-08-02 22:04 73728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 04:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 04:58 69632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14 919016]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 19:20 2633728]
"RivaTuner"="C:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 19:20 2633728]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 10:38 49152]
"DVD43"="C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" [2004-10-22 14:18 278016]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-05-18 15:08 208896]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2007-10-22 15:15 189768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-14 15:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 14:18 49152]

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-11-22 10:33]
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 16:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 19:03]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-11-22 10:33]
R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-11-29 10:16]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-09-27 19:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1151db6-7cc0-11dc-813e-00508db2aae9}]
\Shell\AutoRun\command - M:\SETUP.EXE /AUTORUN
\Shell\configure\command - M:\SETUP.EXE
\Shell\install\command - M:\SETUP.EXE

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 21:17:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-02-08 21:18:12
ComboFix-quarantined-files.txt 2008-02-08 19:18:09
ComboFix2.txt 2008-02-08 10:35:39
.
2008-02-07 08:03:52 --- E O F ---

 

Puhdasta on.
Toimiiko kone OK ???

 

Kyllä se nyt toimii ihan hyvin. Kiitoksia neuvoista.