HjT_loki Muutama troya ei lähde, enkä myöskään saa taustakuvaa vaihdettua .KiitoS

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

 

Esim Malwarebytesin mukaan on Rogue.AntiSpywareBot on 24 kertaa 4 kertaa TrojanAgent 3 kertaa Trojan.BHO.H

a-squared ohjelman mukaan 3 kertaa BackDoor.IRCBoT.ABSW 1 kerta BackDoor.Win32.Rbot.pjg

7 kertaa Trace Registry Helper

12 kertaa Trace Registry Winclear

2 kertaa Trojan Crypt XPACK

2 kertaa Trojan Peed

5 kertaa Troyan.Win32Agent

28 kertaa Win32.Rigel 6468

3 kertaa Win32.SuspectCrc

5 kertaa Virus Trojan.Win32BHO.egw

Siinä muutaman ohjelman "info"

 

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

 

Terve kuomaseni. Olin viikonlopun viihteellä enkä päässyt hommiin....

Mutta kiitoksia edelleen sinulle ja menen asiaan... käytän Avgta virus torjuntaan ja poistin sillä kaikki madot ja virukset karanteenista ( en tiedä oliko asiallinen liike) . Sitten ajoin eScanilla(Virus log oli ainakin tyhjä, numeroita tuli vain kohtaan : Total number of errors 26 haluatko sen sijaa esim mwav.login tai jotain muuta?

Ja esim Malwarebytesin karanteenissa 131 kohdetta täynnä troijia Trojan.Vundo , Trojan.Fakealert , Trojan.BHO.H , Trojan.Agent, ja RogueAntiSpywarea , HijackWallpaperia .... Eli eli poistanko ne kokonaan vai pidänkö karanteeniissa ? Itse scannaus ei löydä kuin TrojanAgentia ja Trojan.BHO.H

A-squaredin karanteenissa Taas täysin erinimisiä Troijia ym ym vaikka kuinka... Kummassakaan ei "heal" vaihtoehtoa eli uskallanko poistaa nämä kylmän viileästi......ja tietenkin uusia konsteja vain tulemaan jos on.PeAcE

 

Juu poista vain kaikki kylmän viilesti karanteenistä

a-squared Anti-Malware <<-- paljos toi vaatii dollareita että poistais

 

Siis AVG antivirus ei löydä enää mitään.....

Malwarebytes löytää 7 , eli 3 x Trojan BHO.H ja 4 x Trojan.Agent Ja scannauksen jälkeen yritän poistaa nämä , mutta ne eivät lähde. Kerrohan mitä teen Hujo..... ja vilpitön kiitos taas vaihteeksi sinulle.

 

Malwarebytes päivitä ja aja uudelleen laita se loki siintä

 

Malwarebytes' Anti-Malware 1.26
Tietokantaversio: 1103
Windows 5.1.2600 Service Pack 3

2.9.2008 16:07:55
mbam-log-2008-09-02 (16-07-55).txt

Tarkistustyyppi: Täysi tarkistus (C:\|F:\|)
Tarkistetut kohteet: 81954
Kulunut aika: 22 minute(s), 20 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a99091b0-d5c1-40df-bf12-8f929063a311} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a99091b0-d5c1-40df-bf12-8f929063a311} (Trojan.BHO.H) -> Delete on reboot.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

 

scannaa uusi combofix loki

 

ComboFix 08-09-01.01 - Sami 2008-09-02 16:57:27.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1402 [GMT 3:00]
Running from: C:\Documents and Settings\Sami\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-02 to 2008-09-02 )))))))))))))))))
.

2008-09-02 16:12 . 2008-09-02 16:12 61,440 --a------ C:\WINDOWS\system32\drivers\znth.sys
2008-09-02 08:54 . 2008-09-02 08:54 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-09-02 08:54 . 2008-09-02 13:18 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-09-02 08:53 . 2008-09-02 08:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-09-02 08:53 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-09-01 19:17 . 2008-09-01 21:17 50 --a------ C:\23990098.$$$
2008-09-01 17:44 . 2008-09-01 18:03 <KANSIO> d-------- C:\Downloads
2008-09-01 17:44 . 2008-09-01 18:01 <KANSIO> d-------- C:\Bases
2008-09-01 17:41 . 2008-09-01 19:26 <KANSIO> d-------- C:\Kaspersky
2008-08-29 16:26 . 2008-08-29 16:26 <KANSIO> d-------- C:\Program Files\DIFX
2008-08-29 00:39 . 2008-08-29 00:39 <KANSIO> d-------- C:\Program Files\RegSeeker
2008-08-29 00:35 . 2008-08-31 20:00 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-08-26 20:56 . 2008-08-29 01:33 98 --a------ C:\index.ini
2008-08-26 16:35 . 2008-09-02 12:10 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 16:35 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 16:35 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 12:04 . 2008-08-26 12:04 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-26 12:03 . 2008-08-26 12:03 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-08-26 01:36 . 2008-08-26 01:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-26 00:16 . 2008-08-26 00:16 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Malwarebytes
2008-08-26 00:16 . 2008-08-26 00:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 23:59 . 2008-08-26 12:52 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 23:59 . 2008-08-26 12:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 19:00 . 2008-08-22 19:00 <KANSIO> d-------- C:\Program Files\Sygate
2008-08-22 19:00 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-08-22 19:00 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-08-22 19:00 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-08-22 16:22 . 18,688 C:\WINDOWS\system32\drivers\vlvmrura.dat
2008-08-22 16:22 . 5,120 C:\WINDOWS\system32\drivers\jkueopxu.dat
2008-08-17 09:10 . 2008-08-17 09:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-08-16 07:58 . 2008-09-02 13:27 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-16 07:58 . 2008-09-02 16:57 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-08-16 05:45 . 2008-08-16 07:57 <KANSIO> d-------- C:\Program Files\RegCure
2008-08-16 00:48 . 2008-08-29 03:12 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-16 00:48 . 2008-08-22 18:19 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-16 00:48 . 2008-08-22 18:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-15 22:01 . 2008-08-15 22:01 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Windows Search
2008-08-15 22:00 . 2008-08-15 22:00 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Windows Desktop Search
2008-08-15 21:59 . 2008-08-15 21:59 <KANSIO> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-15 21:59 . 2008-08-15 21:59 <KANSIO> d-------- C:\Program Files\Windows Desktop Search
2008-08-15 21:59 . 2008-07-22 17:52 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-15 21:59 . 2008-07-22 17:52 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-15 21:59 . 2008-03-07 20:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-15 21:59 . 2008-03-07 20:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-15 21:59 . 2008-03-07 20:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-15 21:59 . 2008-07-22 17:52 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-15 14:16 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 14:16 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 16:22 . 2008-09-02 10:20 12,288 --ahs---- C:\WINDOWS\Thumbs.db
2008-08-07 07:46 . 2008-08-07 07:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2008-08-07 01:46 . 2008-08-07 01:46 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-07 01:46 . 2008-08-07 01:46 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-05 19:04 . 2008-08-05 19:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 10:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 10:19 --------- d-----w C:\Program Files\Nokia
2008-09-02 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-02 09:05 --------- d-----w C:\Documents and Settings\Sami\Application Data\Nokia
2008-09-02 03:47 --------- d-----w C:\Program Files\CCleaner
2008-08-26 15:15 --------- d-----w C:\Program Files\Java
2008-08-22 15:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-22 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-16 22:54 --------- d-----w C:\Program Files\real
2008-08-16 04:58 --------- d-----w C:\Program Files\Skype
2008-08-11 13:22 --------- d-----w C:\Program Files\Windows Media Connect
2008-08-07 05:50 --------- d-----w C:\Documents and Settings\Sami\Application Data\Skype
2008-08-07 05:35 --------- d-----w C:\Documents and Settings\Sami\Application Data\skypePM
2008-08-07 03:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 15:55 --------- d-----w C:\Documents and Settings\Sami\Application Data\U3
2008-08-05 15:54 --------- d-----w C:\Program Files\ATI Technologies
2008-08-05 15:54 --------- d-----w C:\Program Files\ATI
2008-08-05 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI(2)
2008-08-05 15:53 --------- d-----w C:\Program Files\Sygate(2)
2008-08-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-02 17:46 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-01 02:54 --------- d-----w C:\Documents and Settings\Sami\Application Data\PC Suite
2008-07-25 04:11 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-24 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Registry Helper
2008-07-02 21:04 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-02 20:50 --------- d-----w C:\Documents and Settings\Sami\Application Data\OpenOffice.org2
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(9).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(8).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(7).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(6).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(5).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(4).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(3).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(2).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(11).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(10).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(9).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(8).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(7).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(6).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(5).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(4).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(3).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(12).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(11).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(10).dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(9).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(8).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(7).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(6).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(5).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(4).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(3).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(2).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(11).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(10).exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(9).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(8).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(7).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(6).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(5).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(4).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(3).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(12).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(11).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(10).dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(9).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(8).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(7).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(6).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(5).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(4).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(3).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(12).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(11).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(10).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(9).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(8).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(7).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(6).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(5).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(4).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(3).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(12).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(11).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(10).dll
2008-05-14 00:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008051420080515\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A99091B0-D5C1-40DF-BF12-8F929063A311}]
C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

Ok ok eli näyttäisi hiljaa hyvän tulevan toivottavasti..... Kiitos ja lisää tehtävää.. : )


ComboFix 08-09-01.03 - Sami 2008-09-02 22:16:44.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1557 [GMT 3:00]
Running from: C:\Documents and Settings\Sami\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sami\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\23990098.$$$

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-02 to 2008-09-02 )))))))))))))))))
.

2008-09-02 08:54 . 2008-09-02 08:54 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-09-02 08:54 . 2008-09-02 13:18 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-09-02 08:53 . 2008-09-02 08:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-09-02 08:53 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-09-01 17:44 . 2008-09-01 18:03 <KANSIO> d-------- C:\Downloads
2008-09-01 17:44 . 2008-09-01 18:01 <KANSIO> d-------- C:\Bases
2008-09-01 17:41 . 2008-09-01 19:26 <KANSIO> d-------- C:\Kaspersky
2008-08-29 16:26 . 2008-08-29 16:26 <KANSIO> d-------- C:\Program Files\DIFX
2008-08-29 00:39 . 2008-08-29 00:39 <KANSIO> d-------- C:\Program Files\RegSeeker
2008-08-29 00:35 . 2008-08-31 20:00 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-08-26 20:56 . 2008-08-29 01:33 98 --a------ C:\index.ini
2008-08-26 16:35 . 2008-09-02 12:10 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 16:35 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 16:35 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 12:04 . 2008-08-26 12:04 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-26 12:03 . 2008-08-26 12:03 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-08-26 01:36 . 2008-08-26 01:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-26 00:16 . 2008-08-26 00:16 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Malwarebytes
2008-08-26 00:16 . 2008-08-26 00:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 23:59 . 2008-08-26 12:52 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 23:59 . 2008-08-26 12:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 19:00 . 2008-08-22 19:00 <KANSIO> d-------- C:\Program Files\Sygate
2008-08-22 19:00 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-08-22 19:00 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-08-22 19:00 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-08-22 19:00 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-08-22 16:22 . 18,688 C:\WINDOWS\system32\drivers\vlvmrura.dat
2008-08-22 16:22 . 5,120 C:\WINDOWS\system32\drivers\jkueopxu.dat
2008-08-17 09:10 . 2008-08-17 09:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-08-16 07:58 . 2008-09-02 13:27 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-16 07:58 . 2008-09-02 22:16 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-08-16 05:45 . 2008-08-16 07:57 <KANSIO> d-------- C:\Program Files\RegCure
2008-08-16 00:48 . 2008-08-29 03:12 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-16 00:48 . 2008-08-22 18:19 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-16 00:48 . 2008-08-22 18:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-15 22:01 . 2008-08-15 22:01 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Windows Search
2008-08-15 22:00 . 2008-08-15 22:00 <KANSIO> d-------- C:\Documents and Settings\Sami\Application Data\Windows Desktop Search
2008-08-15 21:59 . 2008-08-15 21:59 <KANSIO> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-15 21:59 . 2008-08-15 21:59 <KANSIO> d-------- C:\Program Files\Windows Desktop Search
2008-08-15 21:59 . 2008-07-22 17:52 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-15 21:59 . 2008-07-22 17:52 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-15 21:59 . 2008-03-07 20:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-15 21:59 . 2008-03-07 20:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-15 21:59 . 2008-03-07 20:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-15 21:59 . 2008-07-22 17:52 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-15 14:16 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 14:16 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 16:22 . 2008-09-02 10:20 12,288 --ahs---- C:\WINDOWS\Thumbs.db
2008-08-07 07:46 . 2008-08-07 07:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2008-08-07 01:46 . 2008-08-07 01:46 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-07 01:46 . 2008-08-07 01:46 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-05 19:04 . 2008-08-05 19:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 14:36 --------- d-----w C:\Program Files\CCleaner
2008-09-02 10:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 10:19 --------- d-----w C:\Program Files\Nokia
2008-09-02 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-02 09:05 --------- d-----w C:\Documents and Settings\Sami\Application Data\Nokia
2008-08-26 15:15 --------- d-----w C:\Program Files\Java
2008-08-22 15:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-22 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-16 22:54 --------- d-----w C:\Program Files\real
2008-08-16 04:58 --------- d-----w C:\Program Files\Skype
2008-08-11 13:22 --------- d-----w C:\Program Files\Windows Media Connect
2008-08-07 05:50 --------- d-----w C:\Documents and Settings\Sami\Application Data\Skype
2008-08-07 05:35 --------- d-----w C:\Documents and Settings\Sami\Application Data\skypePM
2008-08-07 03:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 15:55 --------- d-----w C:\Documents and Settings\Sami\Application Data\U3
2008-08-05 15:54 --------- d-----w C:\Program Files\ATI Technologies
2008-08-05 15:54 --------- d-----w C:\Program Files\ATI
2008-08-05 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI(2)
2008-08-05 15:53 --------- d-----w C:\Program Files\Sygate(2)
2008-08-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-02 17:46 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-01 02:54 --------- d-----w C:\Documents and Settings\Sami\Application Data\PC Suite
2008-07-25 04:11 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-24 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Registry Helper
2008-07-02 21:04 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-02 20:50 --------- d-----w C:\Documents and Settings\Sami\Application Data\OpenOffice.org2
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(9).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(8).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(7).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(6).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(5).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(4).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(3).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(2).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(11).dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX(10).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(9).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(8).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(7).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(6).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(5).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(4).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(3).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(12).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(11).dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag(10).dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(9).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(8).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(7).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(6).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(5).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(4).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(3).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(2).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(11).exe
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx(10).exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(9).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(8).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(7).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(6).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(5).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(4).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(3).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(12).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(11).dll
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2(10).dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(9).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(8).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(7).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(6).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(5).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(4).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(3).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(12).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(11).dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag(10).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(9).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(8).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(7).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(6).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(5).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(4).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(3).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(12).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(11).dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx(10).dll
2008-05-14 00:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\MSHist012008051420080515\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A99091B0-D5C1-40DF-BF12-8F929063A311}]
C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 C:\WINDOWS\StartupMonitor.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"F:\\Pelit\\Return to Castle Wolfenstein\\WolfMP.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Kaspersky\\kavupd.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22556:TCP"= 22556:TCP:BitCometBeta 22556 TCP
"22556:UDP"= 22556:UDP:BitCometBeta 22556 UDP
"13824:TCP"= 13824:TCP:BitCometBeta 13824 TCP
"13824:UDP"= 13824:UDP:BitCometBeta 13824 UDP
"8973:TCP"= 8973:TCP:BitComet 8973 TCP
"8973:UDP"= 8973:UDP:BitComet 8973 UDP
"14519:TCP"= 14519:TCP:BitComet 14519 TCP
"14519:UDP"= 14519:UDP:BitComet 14519 UDP

R0 kkgutnpm;kkgutnpm;C:\WINDOWS\system32\drivers\vlvmrura.dat [ ]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-22 76040]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5b062a5-2f54-11dd-a797-00508dc84ead}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 22:18:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kkgutnpm]
"ImagePath"="system32\drivers\vlvmrura.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-09-02 22:19:59
ComboFix-quarantined-files.txt 2008-09-02 19:19:52
ComboFix2.txt 2008-09-02 15:48:47
ComboFix3.txt 2008-09-02 14:00:03
ComboFix4.txt 2008-08-28 22:10:30

Pre-Run: 16,363,417,600 tavua vapaana
Post-Run: 16,348,803,072 tavua vapaana

257 --- E O F --- 2008-08-22 15:59:47

 

scannaa uusi hjt:n loki

 

Hei ja kiitoksia sinnikyydestäsi.....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:01, on 3.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199268633166
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5076 bytes

 

Kun fixsaat tuo rivin hjt:llä

O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing)

kysyykö jokin siihen lupaa poistoon deletointiin.

 

Siis jos fixaan tuon rivin..... se on heti siellä kun scannaan uudelleen.....

 

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

 

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2 - Suomi
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.0
CCleaner (remove only)
DriverAgent by TouchStone Software
DriverAgent Plugin for Netscape by TouchStone Software
Full Tilt Poker
GTA San Andreas
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
Hotfix-päivitys Windows XP:lle (KB952287)
IrfanView (remove only)
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Finnish Language Pack
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0:n suomen kielipaketti
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.1)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
PC Connectivity Solution
Päivitys Windows XP:lle (KB951072-v2)
Päivitys Windows XP:lle (KB951618-v2)
Päivitys Windows XP:lle (KB951978)
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RTL Winter Sports 2008
Skype™ 3.6
StartupMonitor
Steam
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)
Suojauspäivitys Windows Internet Explorer 7:lle (KB953838)
Suojauspäivitys Windows Media Player 11:lle (KB936782)
Suojauspäivitys Windows XP:lle (KB923789)
Suojauspäivitys Windows XP:lle (KB946648)
Suojauspäivitys Windows XP:lle (KB950760)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB950974)
Suojauspäivitys Windows XP:lle (KB951066)
Suojauspäivitys Windows XP:lle (KB951376)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB951698)
Suojauspäivitys Windows XP:lle (KB951748)
Suojauspäivitys Windows XP:lle (KB952954)
Suojauspäivitys Windows XP:lle (KB953839)
Sygate Personal Firewall
Terrorist Takedown 2 (1.01)
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Liven kirjautumisavustaja
Windows Liven sähköposti
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FIN)
Windows Search 4.0
Windows Workflow Foundation FI Language Pack
Windows XP Service Pack 3
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 3.8)
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 7.00.0.1)
Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0)
WinRAR-pakkausohjelma
XML Paper Specification Shared Components Language Pack 1.0


Vai ymmärsinkö mitään :-0

 

Poista lisää poista sovelutuksesta

StartupMonitor

poista C:\WINDOWS\StartupMonitor.exe vikasiedossa

============

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {A99091B0-D5C1-40DF-BF12-8F929063A311} - C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\GACH46F5\3077htsbdjyf[1].dll (file missing)

=============

sammuta ja käynnistä

=============

scannaaa Malwarebytes' Anti-Malware:lla uudelleen täysi scannaus

===================

scannaa uusi hjt:n loki

 

Terve.... Ai niin olen unohtanut sanoa että saan jopa taustakuvia taas laitettua....mutta tein kuten käskit eikä lähde HjTllä .... Huomasin rekisterieditorilla että se sijaitsee kansiossa InProcServer32 En saa sitä sieltä manuaalisesti poistettua..... Malware scannaa joten lähetän sen lokin kuten HJTn mutta Esim Malware on jo löytänyt toijia eli sen Trojan.BHO.H ja Trojan.Agentin. huh huh tää vääntö on pitkä,toivottavasti myös palkitseva