koneessani on ensimmaista kertaa virus.olen talla hetkella ghanassa (pahoittelen tiettyjen aakkosten puuttumista) ja tarttis hieman apua kotimaan pojilta etta miten toimia. ComboFix antoi seuraavam login, toivottavasti siita on apua: ComboFix 08-03-14.4 - Richard 2008-03-16 19:34:16.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.577 [GMT 2:00] Running from: C:\Documents and Settings\Richard\Ty�p�yt�\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\adober.exe C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_IPRIP -------\Iprip ((((( Tiedostot, jotka on luotu seuraavalla aikav�lill�: 2008-02-16 to 2008-03-16 ))))))))))))))))) . 2008-03-16 19:23 . 2008-03-16 19:27 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware 2008-03-16 19:23 . 2008-03-16 19:28 <KANSIO> d-------- C:\Documents and Settings\Richard\Application Data\SUPERAntiSpyware.com 2008-03-16 19:23 . 2008-03-16 19:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-05 19:39 . 2008-02-29 10:31 105,263 -r-hs---- C:\ekugb3.bat 2008-03-02 19:21 . 2008-03-02 19:21 <KANSIO> d-------- C:\Documents and Settings\Ella\Application Data\vlc 2008-03-02 19:13 . 2007-12-25 15:36 <KANSIO> d--h----- C:\Documents and Settings\Ella\Verkkoymp�rist� 2008-03-02 19:13 . 2007-12-25 15:36 <KANSIO> d-------- C:\Documents and Settings\Ella\Ty�p�yt� 2008-03-02 19:13 . 2007-12-25 15:36 <KANSIO> d--h----- C:\Documents and Settings\Ella\Tulostinymp�rist� 2008-03-02 19:13 . 2008-03-02 19:13 <KANSIO> dr------- C:\Documents and Settings\Ella\Suosikit 2008-03-02 19:13 . 2008-03-11 22:50 <KANSIO> dr------- C:\Documents and Settings\Ella\Omat tiedostot 2008-03-02 19:13 . 2007-12-25 13:45 <KANSIO> d--h----- C:\Documents and Settings\Ella\Mallit 2008-03-02 19:13 . 2007-12-25 15:36 <KANSIO> dr------- C:\Documents and Settings\Ella\K�ynnist�-valikko 2008-03-02 19:13 . 2008-03-02 19:13 <KANSIO> d-------- C:\Documents and Settings\Ella\Application Data\Comodo 2008-03-02 19:13 . 2008-03-15 13:42 <KANSIO> d-------- C:\Documents and Settings\Ella\Application Data\AVG7 2008-03-01 21:22 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-01 21:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-01 21:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-01 21:22 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-02-28 17:32 . 2008-03-06 19:10 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-02-27 19:06 . 2008-02-27 19:46 <KANSIO> d-------- C:\Program Files\Canon 2008-02-27 16:01 . 2008-02-27 16:01 <KANSIO> d-------- C:\Program Files\Common Files\LightScribe 2008-02-27 15:58 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-02-27 15:58 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-02-27 15:57 . 2008-02-27 15:57 <KANSIO> d-------- C:\Program Files\Common Files\Ahead 2008-02-27 15:57 . 2008-02-27 15:57 <KANSIO> d-------- C:\Program Files\Ahead 2008-02-27 15:57 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-02-27 15:57 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-02-27 15:57 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-02-27 15:57 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2008-02-27 15:57 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-02-27 15:57 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-02-27 15:57 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-02-27 14:52 . 2008-02-27 19:06 <KANSIO> d-------- C:\Program Files\Common Files\Canon 2008-02-27 14:36 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-02-27 14:36 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-02-27 14:35 . 2008-03-06 19:06 <KANSIO> d-------- C:\Program Files\Picasa2 2008-02-27 14:35 . 2008-02-27 14:35 <KANSIO> d-------- C:\Program Files\Google 2008-02-25 16:11 . 2008-02-25 16:11 <KANSIO> d-------- C:\Documents and Settings\Richard\Application Data\vlc 2008-02-25 16:09 . 2008-02-25 16:09 <KANSIO> d-------- C:\Program Files\VideoLAN 2008-02-25 16:00 . 2008-02-25 16:00 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2 2008-02-25 15:58 . 2008-02-25 15:58 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles 2008-02-25 15:58 . 2008-02-25 15:59 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-02-25 14:32 . 2008-02-25 14:32 <KANSIO> d-------- C:\Program Files\uTorrent 2008-02-25 14:32 . 2008-02-27 17:22 <KANSIO> d-------- C:\Documents and Settings\Richard\Application Data\uTorrent . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-16 16:28 --------- d-----w C:\Documents and Settings\Richard\Application Data\AVG7 2008-03-02 17:21 --------- d-----w C:\Documents and Settings\Ella\Application Data\vlc 2008-02-27 17:46 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-25 14:11 --------- d-----w C:\Documents and Settings\Richard\Application Data\vlc 2008-02-12 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-12 15:27 --------- d-----w C:\Program Files\CyberLink 2008-02-12 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-02-12 15:07 --------- d-----w C:\Documents and Settings\Richard\Application Data\CyberLink 2008-02-12 14:38 --------- d-----w C:\Program Files\Microsoft.NET 2008-02-12 14:38 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-12 14:21 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((( Rekisterin k�ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhji� arvoja ja laillisia oletusarvoja ei n�ytet� [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ] "SRSTrayApp"="C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe" [2006-02-09 11:17 176128] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 12:30 2295072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-09 20:17 1115728] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-10 08:30 579072] "High Definition Audio -ominaisuussivun pikakuvake"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-09-07 03:44 16262656 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 10:04 2879488 C:\WINDOWS\SkyTel.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-10 08:30 219136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windowsin vertaisj�rjestelm�ryhmittely "3540:UDP"= 3540:UDPNRP (Peer Name Resolution Protocol) "12029:TCP"= 12029:TCP:NortonAV "13913:TCP"= 13913:TCP:NortonAV [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 SRS_PostInstaller;SRS PostInstaller Service;"C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe" [2006-02-09 11:17] R3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;C:\WINDOWS\system32\DRIVERS\AGR1310_51.sys [2005-11-17 10:42] R3 wowfilter;WOW XT Filter Driver;C:\WINDOWS\system32\drivers\wowfilter.sys [2006-02-09 11:17] S3 p2pgasvc;Vertaisverkon ryhm�todennus;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00] S3 p2pimsvc;Vertaisverkon k�ytt�j�tietojen hallinta;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00] S3 p2psvc;Vertaisverkko;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00] S3 PNRPSvc;Vertaiskoneen nimenselvitysprotokolla;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 19:39:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Completion time: 2008-03-16 19:40:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-16 17:40:41 . 2008-03-16 16:32:03 --- E O F --- eli mita teen? kiitos etukateen..
Lataa tästä HJTInstall.exe *Tallenna HJTInstall.exe työpöydällesi. *Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi. *Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis. *Klikkaa Install. *Asennusohjelma luo HijackThis-kuvakkeen työpöydälle. *Kun asennus on valmis, se käynnistää HijackThisin. *Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon. *Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön. *Laita lokin sisältö tänne uuteen topiciin *ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä. *ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia.
