Mulle aukeilee jotain ihmeellisiä ikkunoita vaikka en tekisi mitään koneella... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:28:02, on 16.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Siemens\Gigaset USB Stick 54\Gcc.exe C:\Program Files\Siemens\Gigaset USB Stick 54\OdHost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\TeamViewer\Version4\TeamViewer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [f0f3f234] rundll32.exe "C:\WINDOWS\system32\smffeobn.dll",b O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Janne\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Stick 54\Gcc.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/ O20 - AppInit_DLLs: rwgrec.dll O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Command Service (cmdservice) - Unknown owner - C:\WINDOWS\UGVra2EgVGlpbW8\command.exe (file missing) O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing) -- End of file - 4486 bytes
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi ============= 1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. =============== Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera. ================= Lataa Atribunen ATF Cleaner Ohjeet; Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
Malwarebytes' Anti-Malware 1.31 Tietokantaversio: 1506 Windows 5.1.2600 Service Pack 3 16.12.2008 16:52:10 mbam-log-2008-12-16 (16-52-10).txt Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 78319 Kulunut aika: 25 minute(s), 40 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 3 Saastuneita rekisteriavaimia: 30 Saastuneita rekisteriarvoja: 4 Saastuneita rekisterikohteita: 2 Saastuneita hakemistoja: 4 Saastuneita tiedostoja: 38 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: C:\WINDOWS\system32\ddcCvwvs.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\smffeobn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\rwgrec.dll (Trojan.Vundo) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnooijb (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7cb154a-9a6b-462b-9980-bc5f0f72108c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d7cb154a-9a6b-462b-9980-bc5f0f72108c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec06803a-c8c9-4f46-8bdb-8ce174db9188} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ec06803a-c8c9-4f46-8bdb-8ce174db9188} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\orb.ta (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ec06803a-c8c9-4f46-8bdb-8ce174db9188} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d7cb154a-9a6b-462b-9980-bc5f0f72108c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f0f3f234 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddccvwvs -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddccvwvs -> Delete on reboot. Saastuneita hakemistoja: C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\' (Trojan.Agent) -> Files: 2600 -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. Saastuneita tiedostoja: C:\WINDOWS\system32\nnnoOiJb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rwgrec.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ddcCvwvs.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\svwvCcdd.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\svwvCcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smffeobn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nboeffms.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Delete on reboot. C:\Documents and Settings\Janne\Local Settings\Temp\7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temp\TDSS6aa7.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temp\TDSSfd27.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temp\Temporary Internet Files\Content.IE5\1ZUPK48H\aasuper2[1].htm (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temp\Temporary Internet Files\Content.IE5\1ZUPK48H\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temp\Temporary Internet Files\Content.IE5\GVODY4PF\aasuper0[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temp\Temporary Internet Files\Content.IE5\OYB34KLJ\fymmwnb[1].txt (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temp\Temporary Internet Files\Content.IE5\OYB34KLJ\CAVU6HBB (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temp\Temporary Internet Files\Content.IE5\QWARO7F5\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temporary Internet Files\Content.IE5\6VQ3A5I7\aasuper2[1].htm (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temporary Internet Files\Content.IE5\K9YHI1WF\aasuper0[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temporary Internet Files\Content.IE5\K9YHI1WF\jsphhaxcauoojdi[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6D036AA4-DFD3-49B1-BFA7-5979F89AD586}\RP39\A0009977.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\crypts.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\xbtxcvfx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\30969f35.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\4e33666b.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\a96ea2d.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\Temp\TDSSc445.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\spria.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS46a9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Janne\Local Settings\Temp\TDSS6bc0.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully. Pistän tähän muut logit kuhan kerkiää.
Joo no tässä tää combofix logi ComboFix 08-12-15.05 - Janne 2008-12-16 17:02:57.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1023.638 [GMT 2:00] Sijainti: c:\documents and settings\Janne\Työpöytä\ComboFix.exe * Uusi palautuspiste luotu . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Janne\Local Settings\Temporary Internet Files\fbk.sts c:\temp\1cb c:\temp\1cb\syscheck.log c:\windows\Fonts\a.zip c:\windows\system32\AutoRun.inf c:\windows\system32\TDSSosvd.dat c:\windows\Tasks\omefsmja.job ----- BITS: Mahdollisesti saastuneet sivut ----- hxxp://childhe.com . ((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_icf -------\Legacy_tdssserv.sys -------\Service_tdssserv.sys ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-16 to 2008-12-16 ))))))))))))))))) . 2008-12-16 16:23 . 2008-12-16 16:23 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-16 16:23 . 2008-12-16 16:23 <KANSIO> d-------- c:\documents and settings\Janne\Application Data\Malwarebytes 2008-12-16 16:23 . 2008-12-16 16:23 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-16 16:23 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-16 16:23 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-16 15:27 . 2008-12-16 15:27 <KANSIO> d-------- c:\program files\Trend Micro 2008-12-15 22:02 . 2008-12-15 22:02 <KANSIO> d-------- c:\program files\Alwil Software 2008-12-15 21:43 . 2008-12-15 21:43 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-15 21:43 . 2008-12-15 21:43 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-12-15 21:42 . 2008-12-15 21:42 147,456 --a------ c:\windows\system32\vbzip10.dll 2008-12-15 21:38 . 2008-12-15 22:24 <KANSIO> d--hs---- c:\windows\UGVra2EgVGlpbW8 2008-12-15 21:38 . 2008-12-15 21:38 <KANSIO> d-------- c:\windows\system32\whSLD02 2008-12-15 21:38 . 2008-12-15 22:24 <KANSIO> d-------- c:\windows\system32\sln 2008-12-15 21:38 . 2008-12-15 21:39 <KANSIO> d-------- c:\windows\system32\IW2 2008-12-15 21:38 . 2008-12-15 21:38 <KANSIO> d-------- c:\temp\REX81 2008-12-15 21:38 . 2008-12-16 17:03 <KANSIO> d-------- C:\Temp 2008-12-15 21:38 . 2008-12-15 21:38 70,144 --a------ c:\windows\system32\ddcBRklm.dll 2008-12-15 19:08 . 2008-12-15 19:08 0 -rahs---- C:\ctf 2008-12-14 20:33 . 2008-12-14 20:33 <KANSIO> d-------- c:\program files\TeamViewer 2008-12-14 20:33 . 2008-12-14 20:33 <KANSIO> d-------- c:\documents and settings\Janne\Application Data\TeamViewer 2008-12-14 20:32 . 2008-12-14 20:32 <KANSIO> d-------- c:\documents and settings\Janne\temp 2008-12-13 20:05 . 2008-12-13 20:05 98,304 --a------ c:\windows\system32\CmdLineExt.dll 2008-12-13 18:08 . 2001-10-05 15:59 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2008-12-13 18:08 . 2001-10-05 15:59 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2008-12-13 18:08 . 2008-04-13 20:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2008-12-13 18:08 . 2008-04-13 20:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2008-12-13 12:44 . 2003-07-19 08:17 5,174 --a------ c:\windows\system32\nppt9x.vxd 2008-12-13 12:44 . 2005-01-02 23:43 4,682 --a------ c:\windows\system32\npptNT2.sys 2008-12-13 12:43 . 2008-12-13 12:43 <KANSIO> d-------- c:\program files\Common Files\INCA Shared 2008-12-12 23:18 . 2008-12-12 23:18 <KANSIO> d-------- C:\ijji 2008-12-12 23:18 . 2008-12-13 00:15 <KANSIO> d--h----- c:\documents and settings\Janne\Application Data\ijjigame 2008-12-11 22:37 . 2008-12-11 22:37 42,320 --a------ c:\windows\system32\xfcodec.dll 2008-12-11 15:36 . 2008-12-15 20:21 <KANSIO> d-------- c:\program files\Common Files\Blizzard Entertainment 2008-12-05 14:59 . 2008-12-11 16:21 <KANSIO> d-------- c:\documents and settings\Janne\Application Data\foobar2000 2008-12-05 14:49 . 2008-12-15 21:57 <KANSIO> d-------- c:\documents and settings\Janne\Application Data\LimeWire 2008-11-29 21:13 . 2008-12-15 20:24 <KANSIO> d-------- c:\documents and settings\Janne\Application Data\skypePM 2008-11-29 21:13 . 2008-11-29 21:13 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-29 21:11 . 2008-12-15 21:42 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-11-29 19:21 . 2008-11-29 19:21 13,646 --a------ c:\windows\system32\wpa.bak 2008-11-29 19:21 . 2008-11-29 19:21 5,208 --a------ c:\windows\system32\pid.PNF 2008-11-29 19:05 . 2008-11-29 19:05 <KANSIO> d-------- c:\windows\Logs 2008-11-29 19:04 . 2008-11-29 19:04 682,280 --a------ c:\windows\system32\pbsvc.exe 2008-11-28 22:55 . 2008-11-28 22:55 <KANSIO> d-------- c:\program files\Ventrilo 2008-11-28 22:55 . 2008-11-29 14:21 <KANSIO> d-------- c:\documents and settings\Janne\Application Data\Ventrilo 2008-11-28 22:55 . 2008-11-28 22:55 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2008-11-25 23:09 . 2008-11-25 23:09 <KANSIO> d-------- c:\windows\system32\fi-fi 2008-11-25 23:09 . 2008-11-25 23:09 <KANSIO> d-------- c:\windows\system32\fi 2008-11-25 23:09 . 2008-11-25 23:09 <KANSIO> d-------- c:\windows\system32\bits 2008-11-25 23:09 . 2008-11-25 23:09 <KANSIO> d-------- c:\windows\l2schemas 2008-11-25 23:08 . 2008-11-25 23:08 <KANSIO> d-------- c:\windows\ServicePackFiles 2008-11-25 23:04 . 2008-11-25 23:04 <KANSIO> d-------- c:\windows\EHome 2008-11-25 16:50 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-11-25 16:50 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2008-11-25 16:50 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-24 22:15 . 2008-12-16 16:46 <KANSIO> d-------- c:\documents and settings\Janne\Application Data\Xfire 2008-11-24 22:10 . 2008-11-24 22:10 <KANSIO> d---s---- c:\documents and settings\Janne\UserData 2008-11-24 22:07 . 2008-11-24 22:07 <KANSIO> d-------- c:\program files\Microsoft SQL Server Compact Edition 2008-11-24 22:03 . 2008-11-24 22:03 <KANSIO> d----c--- c:\windows\system32\DRVSTORE 2008-11-24 22:03 . 2008-11-25 17:53 <KANSIO> d-------- c:\documents and settings\Janne\Contacts 2008-11-24 21:59 . 2008-11-25 22:16 <KANSIO> d-------- c:\program files\Windows Live 2008-11-24 21:59 . 2008-11-24 22:00 <KANSIO> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-11-24 21:59 . 2008-11-24 21:59 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-24 21:56 . 2008-11-24 21:56 <KANSIO> d-------- c:\windows\system32\LogFiles 2008-11-24 21:56 . 2008-12-15 20:25 202,040 --a------ c:\windows\system32\PnkBstrB.exe 2008-11-24 21:56 . 2008-12-15 20:25 137,688 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-11-24 21:56 . 2008-11-24 23:08 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-11-24 21:56 . 2008-11-29 19:04 22,328 --a------ c:\documents and settings\Janne\Application Data\PnkBstrK.sys 2008-11-24 21:56 . 2008-11-24 21:56 319 --a------ c:\windows\game.ini 2008-11-24 21:46 . 2008-11-29 19:18 <KANSIO> d-------- c:\program files\Activision 2008-11-24 21:42 . 2008-11-24 21:42 <KANSIO> d--hs---- c:\windows\ftpcache 2008-11-24 21:34 . 2004-08-03 22:29 1,897,408 --------- c:\windows\system32\drivers\nv4_mini.sys 2008-11-24 21:33 . 2004-09-14 16:06 326,912 --------- c:\windows\system32\drivers\ati2mtaa.sys 2008-11-24 21:14 . 2008-09-15 17:27 1,846,656 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-24 21:14 . 2008-09-08 12:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-24 21:14 . 2008-06-14 19:34 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-11-24 21:14 . 2008-06-14 19:34 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-24 21:14 . 2008-08-14 12:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-24 21:12 . 2008-08-14 15:25 2,191,488 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-24 21:12 . 2008-08-14 15:25 2,147,840 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-24 21:12 . 2008-08-14 15:25 2,068,352 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-24 21:12 . 2008-08-14 15:24 2,026,496 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-24 21:11 . 2008-11-24 21:11 <KANSIO> d-------- c:\windows\Sun 2008-11-24 21:11 . 2008-04-11 21:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-24 21:11 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-24 21:11 . 2008-05-08 16:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-11-24 21:08 . 2008-10-15 18:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-24 20:59 . 2008-11-28 22:55 <KANSIO> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-24 20:58 . 2008-11-24 20:58 0 --a------ c:\windows\nsreg.dat 2008-11-24 20:52 . 2008-11-24 20:52 <KANSIO> d-------- c:\documents and settings\NetworkService\Application Data\Xfire 2008-11-24 20:51 . 2008-12-16 16:46 <KANSIO> d-------- c:\program files\Xfire 2008-11-24 20:51 . 2008-11-24 20:52 <KANSIO> d-------- c:\documents and settings\Omistaja\Application Data\Xfire 2008-11-24 17:33 . 2008-11-24 17:33 <KANSIO> d-------- c:\program files\Realtek AC97 2008-11-24 16:12 . 2008-11-24 16:12 0 --a------ c:\windows\ativpsrm.bin 2008-11-24 16:11 . 2008-10-28 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe 2008-11-24 16:10 . 2008-11-24 16:10 <KANSIO> d-------- C:\ATI 2008-11-24 16:07 . 2008-07-10 04:07 7,143 --a------ c:\windows\system32\nvide.nvu 2008-11-24 16:06 . 2008-11-24 16:06 <KANSIO> d-------- C:\NVIDIA 2008-11-24 16:06 . 2008-08-27 13:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE 2008-11-24 16:06 . 2008-07-29 13:33 446,464 --a------ c:\windows\system32\nvunrm.exe 2008-11-24 16:06 . 2008-07-29 13:30 6,045 --a------ c:\windows\system32\nvnrm.nvu 2008-11-24 16:06 . 2008-07-08 01:45 4,984 --a------ c:\windows\system32\drivers\nvphy.bin 2008-11-19 16:46 . 2008-12-05 18:28 <KANSIO> d-------- c:\windows\system32\Adobe 2008-11-19 16:46 . 1998-10-29 14:45 306,688 --a------ c:\windows\IsUninst.exe 2008-11-19 16:26 . 2008-11-19 16:26 <KANSIO> d-------- c:\windows\Downloaded Installations 2008-11-19 16:26 . 2008-11-19 16:26 <KANSIO> d-------- c:\program files\Siemens 2008-11-19 16:26 . 2008-12-15 21:41 <KANSIO> d--h----- c:\program files\InstallShield Installation Information 2008-11-19 16:26 . 2008-11-19 16:26 <KANSIO> d-------- c:\program files\Funk Software 2008-11-19 16:26 . 2008-11-19 16:26 <KANSIO> d-------- c:\program files\Common Files\Funk Software 2008-11-19 16:26 . 2003-07-16 22:43 94,208 --a------ c:\windows\system32\W32N50CT.dll 2008-11-19 16:26 . 2003-05-14 16:01 62,673 -ra------ c:\windows\system32\drivers\odysseyIM3.sys 2008-11-19 16:26 . 2003-07-16 22:28 17,142 --a------ c:\windows\system32\CBTNDIS5.sys 2008-11-19 16:26 . 1998-05-13 00:00 4,716 --a------ c:\windows\system32\VERSION.LIB 2008-11-19 16:25 . 2008-11-24 17:32 <KANSIO> d-------- c:\program files\Common Files\InstallShield 2008-11-19 16:19 . 2008-11-14 17:49 <KANSIO> d--h----- c:\documents and settings\Maritta\Verkkoympäristö 2008-11-19 16:19 . 2008-11-14 15:54 <KANSIO> d-------- c:\documents and settings\Maritta\Työpöytä 2008-11-19 16:19 . 2008-11-14 17:49 <KANSIO> d--h----- c:\documents and settings\Maritta\Tulostinympäristö 2008-11-19 16:19 . 2008-11-19 16:19 <KANSIO> dr------- c:\documents and settings\Maritta\Suosikit 2008-11-19 16:19 . 2008-11-19 16:19 <KANSIO> dr------- c:\documents and settings\Maritta\Omat tiedostot 2008-11-19 16:19 . 2008-11-14 15:52 <KANSIO> d--h----- c:\documents and settings\Maritta\Mallit 2008-11-19 16:19 . 2008-11-14 17:49 <KANSIO> dr------- c:\documents and settings\Maritta\Käynnistä-valikko 2008-11-19 16:19 . 2008-11-19 16:19 <KANSIO> d-------- c:\documents and settings\Maritta . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-15 19:43 --------- d-----w c:\program files\Java 2008-11-14 15:25 --------- d-----w c:\documents and settings\Omistaja\Application Data\InterTrust 2008-11-14 14:50 --------- d-----w c:\program files\Common Files\Adobe 2008-11-14 13:54 --------- d-----w c:\program files\microsoft frontpage 2008-11-14 13:54 --------- d-----w c:\program files\Common Files\Java 2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-12-15 17:17 66,576 ----a-w c:\program files\mozilla firefox\components\dcedfaedd.dll . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416] c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Gigaset WLAN Adapter Monitor.lnk - c:\program files\Siemens\Gigaset USB Stick 54\Gcc.exe [2008-11-19 36864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=rwgrec.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"= R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys [2008-12-15 111184] R2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-15 20560] S1 30969f35;30969f35;c:\windows\system32\drivers\30969f35.sys [] S1 4e33666b;4e33666b;c:\windows\system32\drivers\4e33666b.sys [] S1 a96ea2d;a96ea2d;c:\windows\system32\drivers\a96ea2d.sys [] . . ------- Täydentävä tarkistus ------- . FF - ProfilePath - c:\documents and settings\Janne\Application Data\Mozilla\Firefox\Profiles\e8yeqwp6.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-16 17:10:06 Windows 5.1.2600 Service Pack 3 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . --------------------- Prosesseihin ladatut DLLt --------------------- - - - - - - - > 'winlogon.exe'(916) c:\windows\system32\Ati2evxx.dll . ------------------------ Muut prosessit ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Siemens\Gigaset USB Stick 54\OdHost.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Valmistumisajankohta: 2008-12-16 17:11:56 - kone käynnistettiin uudelleen ComboFix-quarantined-files.txt 2008-12-16 15:11:50 Ennen ajoa: 181 960 667 136 tavua vapaana Ajon jälkeen: 182,045,409,280 tavua vapaana WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 247 --- E O F --- 2008-12-11 05:33:54
No tässä tämä SDFix SDFix: Version 1.240 Run by Janne on ti 16.12.2008 at 17:29 Microsoft Windows XP [versio 5.1.2600] Running From: C:\Documents and Settings\Janne\Ty”p”yt„\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-16 17:34:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB" "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) " "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe" "C:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"="C:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe:*:EnabledurpleBean.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Tue 16 Dec 2008 13,806,828 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5fff50ef3e26a5952aef7b3e0b751b8d\BITF.tmp" Fri 5 Dec 2008 25,754,696 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\78f0cd71f90d172e09db9b83b456d26c\BIT2B.tmp" Finished! __________________________________________________________________ Ja tässä uusi Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:39:47, on 16.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Siemens\Gigaset USB Stick 54\Gcc.exe C:\Program Files\Siemens\Gigaset USB Stick 54\OdHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Stick 54\Gcc.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/ O20 - AppInit_DLLs: rwgrec.dll O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing) -- End of file - 4869 bytes
Joo no nyt on kaikki kohdat suoritettu eli vieläkö pitää tehdä jotain? Edit: tiedän muokkausta ois voinu painaa.. kaveri sähläs ^^
on siinä muutama oikeekin ================ scannaa hjt:llä merkkaa paina Fix checked O20 - AppInit_DLLs: rwgrec.dll ================ tyhjennä Malwarebytes' Anti-Malware karanteeni poista roskat =============== Kirjoita suorita luukkuu ComboFix /u paina ok =============== Lataa OTMoveIt OTMoveIt ja tallenna se työpöydällesi. Tuplaklikkaa OTMoveIt.exe. Klikkaa CleanUp!. Valitse Yes kun kysytään "Begin cleanup Process?". Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse. HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
Juu nyt näyttää kyllä toimivan hyvin.. ja linkkejäkin voi jo painaa xD eikä tule enää ikkunoita itestään
