Kone ja netti tahmaa todella pahasti

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Dermian, May 1, 2008.

  1. Dermian

    Dermian Member

    Joined:
    Jun 2, 2007
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    16
    Tässä HJT loki.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:32:22, on 1.5.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    G:\AVG\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    G:\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    G:\AVG\avgam.exe
    G:\AVG\avgrsx.exe
    G:\AVG\avgnsx.exe
    G:\AVG\avgemc.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    G:\AVG\avgtray.exe
    G:\ScanSoft\OmniPageSE\opware32.exe
    G:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    G:\ZoneAlarm\zlclient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    G:\WhatPulse\WhatPulse.exe
    G:\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    G:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - G:\SnagIt\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\AVG\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - G:\AVG\avgtoolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - G:\SnagIt\SnagItIEAddin.dll
    O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - G:\AVG\avgtoolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "G:\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] G:\AVG\avgtray.exe
    O4 - HKLM\..\Run: [Omnipage] G:\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WhatPulse] G:\WhatPulse\WhatPulse.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
    O4 - Global Startup: Logitech SetPoint.lnk = G:\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Append to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202133751437
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\AVG\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - G:\AVG\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - G:\AVG\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - G:\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 11605 bytes


    Vaihdoin hiljattain F-Securen AVG:hen, jos tieto nyt yhtään auttaa.
     
    Dermian, May 1, 2008
    #1
  2. Dermian

    Dermian Member

    Joined:
    Jun 2, 2007
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    16
    AVG löytää koneelta aika paljon tuollasia "Hidden Driver" nimisiä piilotettuja tiedostja. Viruksia kenties?
     
    Dermian, May 1, 2008
    #2
  3. Hujo

    Hujo Guest

    1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    ========

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi.
     
    Hujo, May 1, 2008
    #3
  4. Dermian

    Dermian Member

    Joined:
    Jun 2, 2007
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    16
    ComboFix loki.

    ComboFix 08-05-01.1 - Jose 2008-05-02 11:21:05.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.359 [GMT 3:00]
    Running from: C:\Documents and Settings\Jose\Työpöytä\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\windxs32.dll
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF


    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-02 to 2008-05-02 )))))))))))))))))
    .

    2008-05-02 10:20 . 2008-05-02 10:57 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
    2008-05-01 18:03 . 2008-05-02 11:28 1,781,792 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-05-01 18:03 . 2008-05-02 11:25 24,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-05-01 18:00 . 2008-05-01 18:00 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-05-01 18:00 . 2007-09-06 16:14 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2008-05-01 18:00 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-05-01 18:00 . 2008-05-01 18:02 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-05-01 17:26 . 2008-05-01 17:26 335 --a------ C:\WINDOWS\mozregistry.dat
    2008-04-22 18:17 . 2008-04-22 18:17 25,601 --a------ C:\WINDOWS\CSTBox.INI
    2008-04-19 21:02 . 2008-04-19 21:02 <KANSIO> d-------- C:\Program Files\Common Files\Control Panels
    2008-04-19 21:01 . 2008-04-19 21:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ALM
    2008-04-19 20:51 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-04-19 20:51 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-04-18 13:55 . 2008-04-22 18:17 <KANSIO> d-------- C:\Documents and Settings\Jose\Application Data\Canon
    2008-04-18 13:54 . 2008-04-18 13:56 <KANSIO> d-------- C:\Documents and Settings\Jose\Application Data\ArcSoft
    2008-04-18 13:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-04-18 13:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-18 13:50 . 2008-04-18 13:50 <KANSIO> d-------- C:\Program Files\Common Files\ScanSoft Shared
    2008-04-18 13:50 . 2008-04-18 13:50 <KANSIO> d-------- C:\Documents and Settings\Jose\Application Data\ScanSoft
    2008-04-18 13:50 . 2008-04-18 13:50 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    2008-04-18 13:50 . 2008-04-18 13:50 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    2008-04-18 13:50 . 2008-04-18 13:50 469 --a------ C:\WINDOWS\MAXLINK.INI
    2008-04-18 13:48 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
    2008-04-18 13:48 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
    2008-04-18 13:47 . 2008-04-18 13:47 <KANSIO> d--h----- C:\CanoScan
    2008-04-18 13:47 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
    2008-04-18 13:47 . 2002-04-12 20:23 339,968 --a------ C:\WINDOWS\system32\N124UFW.dll
    2008-04-18 13:47 . 2002-09-27 14:56 69,632 --a------ C:\WINDOWS\system32\CNQU70.DLL
    2008-04-17 19:57 . 2008-04-17 19:57 <KANSIO> d--h----- C:\Documents and Settings\Jose\Application Data\ACV
    2008-04-17 16:56 . 2008-05-02 11:18 <KANSIO> d--h----- C:\$AVG8.VAULT$
    2008-04-17 16:29 . 2008-05-02 10:09 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-04-17 16:29 . 2008-04-17 16:29 <KANSIO> d-------- C:\Program Files\AVG
    2008-04-17 16:29 . 2008-04-17 16:29 <KANSIO> d-------- C:\Documents and Settings\Jose\Application Data\AVGTOOLBAR
    2008-04-17 16:29 . 2008-04-17 16:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-04-17 16:29 . 2008-04-17 16:29 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-04-17 16:29 . 2008-04-17 19:17 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-04-17 16:29 . 2008-04-17 16:29 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-04-17 16:29 . 2008-04-17 19:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-04-16 15:53 . 2008-04-30 20:45 <KANSIO> d-------- C:\temp
    2008-04-13 13:38 . 2008-04-13 13:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-04-13 12:53 . 2008-04-13 12:53 248 --ahs---- C:\WINDOWS\lfmw.ls
    2008-04-10 16:17 . 2008-04-29 20:24 23 --a------ C:\WINDOWS\BlendSettings.ini
    2008-04-09 18:17 . 2008-04-09 18:20 1,355 --a------ C:\WINDOWS\imsins.BAK
    2008-04-08 20:06 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
    2008-04-08 20:05 . 2008-04-08 20:05 256 --a------ C:\WINDOWS\_delis32.ini
    2008-04-08 19:14 . 2008-04-08 19:14 <KANSIO> d-------- C:\Documents and Settings\Jose\Application Data\vlc
    2008-04-05 20:55 . 2008-04-05 20:55 <KANSIO> d-------- C:\Documents and Settings\Jose\Application Data\Souptoys
    2008-04-05 20:54 . 2008-04-05 20:58 <KANSIO> d-------- C:\Program Files\Oberon Media
    2008-04-05 20:54 . 2008-04-05 20:54 <KANSIO> d-------- C:\Program Files\GamesBar
    2008-04-05 16:27 . 2008-04-05 16:27 <KANSIO> d-------- C:\Documents and Settings\Jose\Application Data\uk.co.planetside
    2008-04-05 14:57 . 2008-04-05 15:02 63 --a------ C:\WINDOWS\Altair_1.250.INI
    2008-04-04 16:38 . 2008-04-04 16:38 239 --a------ C:\Documents and Settings\Morrowind.ini

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-30 18:59 --------- d-----w C:\Documents and Settings\Jose\Application Data\uTorrent
    2008-04-25 15:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-24 11:57 282,624 ----a-r C:\WINDOWS\Setup1.exe
    2008-04-19 17:49 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-15 13:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-11 15:55 --------- d-----w C:\Documents and Settings\Jose\Application Data\Skype
    2008-04-09 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-08 17:06 --------- d-----w C:\Program Files\Common Files\Logitech
    2008-04-08 16:14 --------- d-----w C:\Documents and Settings\Jose\Application Data\vlc
    2008-04-01 13:57 --------- d-----w C:\Program Files\NVIDIA Corporation
    2008-03-30 08:46 --------- d-----w C:\Program Files\Web Publish
    2008-03-29 11:25 --------- d-----w C:\Program Files\BUFFALO
    2008-03-27 12:48 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
    2008-03-25 14:26 --------- d-----w C:\Program Files\Common Files\DirectX
    2008-03-24 10:47 --------- d-----w C:\Program Files\Common Files\SWF Studio
    2008-03-24 07:49 155,995 ----a-w C:\WINDOWS\java\Packages\1NP7F7HN.ZIP
    2008-03-22 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cabela's Big Game Hunter - Alaskan Adventure Saves
    2008-03-22 13:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-03-20 12:35 --------- d-----w C:\Program Files\Java
    2008-03-19 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
    2008-03-17 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cabela's Trophy Bucks Saves
    2008-03-17 14:35 --------- d-----w C:\Program Files\Activision Value
    2008-03-15 11:16 --------- d-----w C:\Documents and Settings\Jose\Application Data\Microsoft Games
    2008-03-15 08:39 --------- d-----w C:\Documents and Settings\Jose\Application Data\Leadertech
    2008-03-08 10:31 --------- d-----w C:\Program Files\Common Files\BCGSoft
    2008-03-08 10:31 --------- d-----w C:\Documents and Settings\Jose\Application Data\ECSoftware
    2008-03-07 16:56 --------- d-----w C:\Program Files\DirectX
    2008-03-07 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-03-06 13:00 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
    2008-03-05 16:05 --------- d-----w C:\Program Files\Common Files\SourceTec
    2008-02-23 19:17 73,216 ------w C:\WINDOWS\ST6UNST.EXE
    2008-02-17 14:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-02-03 20:49 118,842 ------r C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
    .

    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    2008-04-17 19:17 2051328 --a------ G:\AVG\avgtoolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= "G:\AVG\avgtoolbar.dll" [2008-04-17 19:17 2051328]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 16:41 68856]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-02-05 22:05 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
    "WhatPulse"="G:\WhatPulse\WhatPulse.exe" [2006-08-21 20:48 665600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nForce Tray Options"="sstray.exe" [2003-08-13 13:25 73728 C:\WINDOWS\system32\sstray.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NWEReboot"="" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 13:45 49152 C:\WINDOWS\KHALMNPR.Exe]
    "Device Detector"="DevDetect.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Tweak UI"="TWEAKUI.CPL" [2000-06-18 15:03 106544 C:\WINDOWS\system32\TWEAKUI.CPL]
    "GameXL"="" []
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="G:\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "AVG8_TRAY"="G:\AVG\avgtray.exe" [2008-04-17 19:17 1177368]
    "Omnipage"="G:\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
    "Acrobat Assistant 8.0"="G:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
    "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
    "ZoneAlarm Client"="G:\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoChangeAnimation"= 0 (0x0)
    "NoStrCmpLogical"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 0 (0x0)
    "NoStrCmpLogical"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    C:\Program Files\F-Secure\Common\FSM32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "fsbwsys"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "G:\\SmartFTP Client\\SmartFTP.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "F:\\Return to Blockland\\blockLand.exe"=
    "G:\\xchat\\xchat.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "F:\\Age of Empires III\\age3x.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "G:\\uTorrent\\uTorrent.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "G:\\AVG\\avgupd.exe"=
    "G:\\AVG\\avgemc.exe"=
    "G:\\AVG\\avgnsx.exe"=
    "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-17 16:29]
    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 15:01]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-17 16:29]
    R2 avg8emc;AVG8 E-mail Scanner;G:\AVG\avgemc.exe [2008-04-17 16:29]
    R2 avg8wd;AVG8 WatchDog;G:\AVG\avgwdsvc.exe [2008-04-17 19:17]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-17 19:17]
    S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys []
    S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys []
    S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys []
    S4 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c569f788-d29a-11dc-95e1-00112f263d24}]
    \Shell\Auto\command - Cn911.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-02 11:27:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\TEMP\8586d797-2c1f-4798-95da-477e529be15d.tmp 0 bytes

    scan completed successfully
    hidden files: 477

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> G:\Logitech\SetPoint\GameHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    G:\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    G:\AVG\avgam.exe
    G:\AVG\avgrsx.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    G:\AVG\avgnsx.exe
    C:\WINDOWS\system32\rundll32.exe
    G:\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-05-02 11:34:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-02 08:33:54

    Pre-Run: 11,093,880,832 tavua vapaana
    Post-Run: 11,031,207,936 tavua vapaana

    242 --- E O F --- 2008-04-09 15:21:11

    Malwarebytes ei löytänyt mitään.
     
    Dermian, May 2, 2008
    #4
  5. Hujo

    Hujo Guest

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan:

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
     
    Hujo, May 2, 2008
    #5

Share This Page