Lieneekö Keylogger Ardamax?

Latasin ja tietenkin tyhmyyttäni menin avaamaan .mp3 tiedoston, josta VirusTotal jälkeenpäin näytti tälläisen tuloksen:
http://www.virustotal.com/analisis/70347bfe8b31c108941661cf8cdc5ab8

Kun kerta avasin kyseisen tiedoston niin luulen että koneellani myös sitten olisi kyseinen keylogger, mutta sitä ei vaan tunnu löytyvän. Googlella koitin etsiä ongelmaan vastausta ja siellä neuvottiin etsimään ohjelma lisää/poista sovelluksesta, joka ei tuottanut tulosta minun tapauksessani.

Tässä vielä tämä HjT-logi tarkistettavaksi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:12, on 12.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\mIRC617\mirc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.59.164.62:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\permeo\e-border driver\s5spi.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asdasd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.27.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FanSpeedNT Service - Unknown owner - C:\Program Files\FanSpeed\fanspeedNT.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 8593 bytes

Kiitoksia sille joka viitsii tuon tarkistaa ja neuvoa minua asiassa eteenpäin.

Muokkaus:

Ajoin KL-Detector nimisen ohjelman koneellani, ohjelman kotisivu on: http://dewasoft.com/privacy/kldetector.htm

Tässä tulokset:

KL-Detector has found some suspicious files:
C:\System Volume Information\_restore{DB9464B5-856E-4796-8833-9EFFB8447B02}\RP550\change.log
C:\Program Files\Opera\profile\global.dat
C:\Program Files\Opera\profile\cache4\opr11922.htm

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\Documents and Settings\Käyttäjä\
C:\WINDOWS\system32\config\
C:\Program Files\Opera\profile\
C:\Program Files\Opera\profile\cache4\

==================================================================

Silmääni osui kohta "C:\System Volume Information\_restore{DB9464B5-856E-4796-8833-9EFFB8447B02}\RP550\change.log", tulisiko minun poistaa System Restore käytöstä ja käynnistää tietokone uudelleen ja laittaa System Restore takaisin päälle, kuten löytämäni ohje F-Securen sivuilla neuvoo?
Mahtaako kyseinen tiedosto olla edes avaamani tiedoston tuottama, vai selviänkö pelkästään tuolla toimenpiteellä?

 

1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-02-13.1 - Käyttäjä 2008-02-13 0:00:10.1 - NTFSx86
Running from: C:\Documents and Settings\Käyttäjä\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx

----- BITS: Possible infected sites -----

hxxp://go.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF


((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-12 to 2008-02-12 )))))))))))))))))
.

2008-02-12 23:48 . 2008-02-12 23:48 <KANSIO> d-------- C:\Program Files\I Hate Keyloggers
2008-02-12 23:47 . 2008-02-12 23:47 209,008 --a------ C:\WINDOWS\system32\kbhookdll.dll
2008-02-12 23:47 . 2008-02-12 23:47 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-12 21:40 . 2008-02-12 21:40 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-12 21:34 . 2008-02-12 21:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:33 . 2008-02-12 21:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:33 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:46 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2008-02-04 23:02 . 2008-02-10 21:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-04 23:02 . 2008-02-04 23:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 15:33 . 2008-02-04 15:33 <KANSIO> d-------- C:\Program Files\TS-AudioToMIDI 3.20
2008-02-04 15:28 . 2008-02-04 15:28 <KANSIO> d-------- C:\Downloads
2008-02-02 22:01 . 2008-02-02 22:05 <KANSIO> d-------- C:\Program Files\Desktop Screen Record 5
2008-02-02 13:52 . 2007-10-20 15:01 <KANSIO> d-------- C:\Program Files\FretsOnFire
2008-01-31 23:25 . 2008-01-31 23:25 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 23:23 . 2008-01-31 23:23 <KANSIO> d-------- C:\Nexon
2008-01-31 16:33 . 2008-01-31 16:33 <KANSIO> d-------- C:\Program Files\Perfect World
2008-01-29 21:31 . 2008-01-29 21:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:31 . 2008-01-29 21:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:31 . 2008-01-29 21:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 308 --a------ C:\WINDOWS\game.ini
2008-01-29 21:26 . 2008-01-31 01:26 <KANSIO> d-------- C:\Program Files\Call of Duty 4 - Modern Warfare
2008-01-29 20:18 . 2008-01-29 20:35 <KANSIO> d-------- C:\Program Files\Crysis
2008-01-28 00:47 . 2008-02-05 14:33 <KANSIO> d-------- C:\Program Files\Multimedia Fusion 2
2008-01-21 17:43 . 2008-01-21 17:43 11,736 --a------ C:\pldecal.wad
2008-01-21 17:39 . 2008-01-21 17:42 <KANSIO> d-------- C:\Program Files\Wally
2008-01-20 15:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 14:55 . 2008-01-20 14:55 <KANSIO> d-------- C:\Program Files\Electronic Arts
2008-01-12 21:54 . 2008-01-12 21:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-12 21:53 . 2008-01-12 21:54 <KANSIO> d-------- C:\Program Files\Peggle
2008-01-12 21:53 . 2008-01-12 21:53 <KANSIO> d-------- C:\Program Files\BFG
2008-01-12 15:06 . 2008-01-13 03:11 23 --a------ C:\WINDOWS\popcinfot.dat

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 22:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 22:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-12 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-12 22:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-12 21:59 --------- d-----w C:\Program Files\mIRC617
2008-02-12 20:54 --------- d-----w C:\Program Files\Cheat Engine
2008-02-12 19:08 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-02-04 13:28 --------- d-----w C:\Program Files\AmazingMIDI
2008-01-31 21:23 --------- d-s---w C:\Program Files\Mabinogi Taiwan
2008-01-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 14:24 --------- d-----w C:\Program Files\Wizet
2008-01-21 21:29 412,906 ----a-w C:\Program Files\AAA Real Recorder.rar
2008-01-20 19:19 --------- d-----w C:\Program Files\Azureus
2008-01-10 20:06 --------- d-----w C:\Program Files\ZSNes
2008-01-10 14:16 --------- d-----w C:\Program Files\TeamViewer3
2008-01-03 14:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-03 14:01 --------- d-----w C:\Program Files\Hamachi
2007-12-26 16:26 --------- d-----w C:\Program Files\DC++
2007-12-24 17:09 --------- d-----w C:\Program Files\Portal
2007-12-22 20:09 --------- d-----w C:\Program Files\Winamp
2007-12-21 18:17 --------- d-----w C:\Program Files\DivX
2007-12-19 22:27 --------- d-----w C:\Program Files\GALA-NET
.

(((((((((((((((((((((((((((((( Rekisterin k&#8222;ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji&#8222; arvoja ja laillisia oletusarvoja ei n&#8222;ytet&#8222;

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"I-Hate-Keyloggers"="C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe" [2006-07-16 19:20 195584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"zzsecagent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"CmPCIaudio"="cmicnfg3.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:35 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:33 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
hblogon.dll 2007-02-12 13:46 20480 C:\WINDOWS\system32\hblogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Iolo Macro Magic.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Iolo Macro Magic.lnk
backup=C:\WINDOWS\pss\Iolo Macro Magic.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Chronice.lnk]
path=C:\Documents and Settings\Käyttäjä\Käynnistä-valikko\Ohjelmat\Käynnistys\Chronice.lnk
backup=C:\WINDOWS\pss\Chronice.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
--a------ 2006-06-06 14:01 1541120 C:\Program Files\1st Security Agent\newadmin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
--a------ 2006-04-27 14:13 148480 C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-Border Credential]
C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 5.5]
--a------ 2007-02-12 13:50 1870848 C:\Program Files\Novosoft\Handy Backup\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
--a------ 2007-11-12 17:45 38128 C:\program files\ncsoft\launcher\NCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]
C:\Program Files\Prevx Home\SAGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2008-02-12 21:08 2115728 C:\Program Files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-05 15:28 1266936 C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 12:27]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-20 22:42]
R2 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-05-16 13:15]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 17:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 17:42]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
S2 anysee;anysee USB type Tuner(2005.04.25.D010313);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-04-25 12:40]
S2 FanSpeedNT Service;FanSpeedNT Service;"C:\Program Files\FanSpeed\fanspeedNT.exe" []
S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 DADriv1;DADriv1;C:\Shared Files\Maple Hacks\DAEngine\DAK32.sys []
S3 danny1;danny1;C:\Shared Files\Maple Hacks\Danny Engine\danny.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;C:\Shared Files\Maple Hacks\UCE\disk_1024.sys []
S3 Dua1;Dua1;F:\Shared Files\Maple Hacks\DualEngine2\DualEngi.sys [2006-10-02 11:43]
S3 EAGLE1;EAGLE1;C:\Shared Files\Maple Hacks\Google Engine\google32.sys []
S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10]
S3 geebers12;geebers12;C:\Shared Files\Maple Hacks\Buffy Engine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Shared Files\Maple Hacks\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1\IlvMoney1129.sys [2007-10-17 21:19]
S3 jamilah;jamilah;C:\Shared Files\Maple Hacks\jamilah.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Shared Files\Maple Hacks\VE5 1032\nvid999.sys []
S3 NUBBER;NUBBER;C:\Shared Files\Maple Hacks\NubEngine\nubbk32.sys []
S3 saruen;saruen;C:\Shared Files\Maple Hacks\saruengang101se\saruen.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-03-31 14:21]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-03-31 14:21]
S3 sejt1;sejt1;C:\Shared Files\Maple Hacks\AkumaEngine33\sejt.sys []
S3 serb1;serb1;F:\Shared Files\Maple Hacks\Serbio Engine\serbio.sys [2006-06-29 19:49]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12]
S3 SoRa01;SoRa01;C:\Shared Files\Maple Hacks\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE\spuce.sys [2006-11-28 21:13]
S3 sys_com001;sys_com001;C:\Shared Files\Maple Hacks\SysComEngine_1059\syscom.sys []
S3 TEMPLEVER;TEMPLEVER;C:\Shared Files\Maple Hacks\Templery Engine\damainzor.sys []
S3 uzeil1;uzeil1;C:\Shared Files\Maple Hacks\Mini Engine\Mini Engine\uzeil.sys []
S3 Visual1;Visual1;C:\Shared Files\Maple Hacks\Visual Engine\Visual.sys []
S3 zenx1;zenx1;C:\Shared Files\Maple Hacks\ZenxEngine_LATEST\zenx.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 00:08:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hblogon.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\kbhookdll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2008-02-13 0:16:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 22:16:40
.
2008-01-22 15:07:46 --- E O F ---

 

Lataa: RegSeeker.zip työpöydälle:

Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.

===============

ota combofix uudestaan

==========

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:34:59, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\mIRC617\mirc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.59.164.62:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asdasd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.27.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FanSpeedNT Service - Unknown owner - C:\Program Files\FanSpeed\fanspeedNT.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 8539 bytes

 

laitoin tuohon ylös lisää ohjetta

scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)


Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop NipSvc
sc delete NipSvc

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

========

Poista vikasiedossa kansio

C:\Norman

 

Tässä logit ylempänä mainittuun asiaan:

ComboFix 08-02-13.1 - Käyttäjä 2008-02-13 1:12:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1590 [GMT 2:00]
Running from: C:\Documents and Settings\Käyttäjä\Työpöytä\Virustorjunta\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-13 to 2008-02-13 )))))))))))))))))
.

2008-02-13 00:59 . 2008-02-13 00:59 <KANSIO> d-------- C:\RegSeeker
2008-02-12 23:48 . 2008-02-12 23:48 <KANSIO> d-------- C:\Program Files\I Hate Keyloggers
2008-02-12 23:47 . 2008-02-12 23:47 209,008 --a------ C:\WINDOWS\system32\kbhookdll.dll
2008-02-12 23:47 . 2008-02-12 23:47 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-12 21:40 . 2008-02-12 21:40 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-12 21:34 . 2008-02-12 21:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:34 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\AVG7
2008-02-12 21:33 . 2008-02-12 21:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:33 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:46 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2008-02-04 15:28 . 2008-02-04 15:28 <KANSIO> d-------- C:\Downloads
2008-02-02 22:01 . 2008-02-02 22:05 <KANSIO> d-------- C:\Program Files\Desktop Screen Record 5
2008-02-02 13:52 . 2007-10-20 15:01 <KANSIO> d-------- C:\Program Files\FretsOnFire
2008-01-31 23:25 . 2008-01-31 23:25 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 23:23 . 2008-01-31 23:23 <KANSIO> d-------- C:\Nexon
2008-01-31 16:33 . 2008-01-31 16:33 <KANSIO> d-------- C:\Program Files\Perfect World
2008-01-29 21:31 . 2008-01-29 21:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:31 . 2008-01-29 21:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:31 . 2008-01-29 21:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\Documents and Settings\Käyttäjä\Application Data\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 308 --a------ C:\WINDOWS\game.ini
2008-01-29 21:26 . 2008-01-31 01:26 <KANSIO> d-------- C:\Program Files\Call of Duty 4 - Modern Warfare
2008-01-29 20:18 . 2008-01-29 20:35 <KANSIO> d-------- C:\Program Files\Crysis
2008-01-28 00:50 . 2008-01-28 00:50 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Clickteam
2008-01-28 00:47 . 2008-02-05 14:33 <KANSIO> d-------- C:\Program Files\Multimedia Fusion 2
2008-01-21 17:43 . 2008-01-21 17:43 11,736 --a------ C:\pldecal.wad
2008-01-21 17:39 . 2008-01-21 17:42 <KANSIO> d-------- C:\Program Files\Wally
2008-01-20 22:24 . 2008-01-20 22:28 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-20 15:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 14:55 . 2008-01-20 14:55 <KANSIO> d-------- C:\Program Files\Electronic Arts

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 23:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-12 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-12 23:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 23:06 --------- d-----w C:\Program Files\mIRC617
2008-02-12 22:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-12 21:11 4,208 ----a-w C:\Documents and Settings\Käyttäjä\Application Data\wklnhst.dat
2008-02-12 20:54 --------- d-----w C:\Program Files\Cheat Engine
2008-02-12 19:08 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-02-12 11:20 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Azureus
2008-02-04 13:28 --------- d-----w C:\Program Files\AmazingMIDI
2008-02-04 13:28 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\GetRightToGo
2008-01-31 21:23 --------- d-s---w C:\Program Files\Mabinogi Taiwan
2008-01-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 14:24 --------- d-----w C:\Program Files\Wizet
2008-01-21 21:29 412,906 ----a-w C:\Program Files\AAA Real Recorder.rar
2008-01-20 19:19 --------- d-----w C:\Program Files\Azureus
2008-01-20 13:03 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-12 19:54 --------- d-----w C:\Program Files\Peggle
2008-01-12 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-12 19:53 --------- d-----w C:\Program Files\BFG
2008-01-10 20:06 --------- d-----w C:\Program Files\ZSNes
2008-01-10 14:19 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\TeamViewer
2008-01-10 14:16 --------- d-----w C:\Program Files\TeamViewer3
2008-01-03 14:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-03 14:01 --------- d-----w C:\Program Files\Hamachi
2008-01-03 14:01 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Hamachi
2007-12-26 16:26 --------- d-----w C:\Program Files\DC++
2007-12-24 17:09 --------- d-----w C:\Program Files\Portal
2007-12-22 20:09 --------- d-----w C:\Program Files\Winamp
2007-12-21 18:17 --------- d-----w C:\Program Files\DivX
2007-12-19 22:27 --------- d-----w C:\Program Files\GALA-NET
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-15 12:47 203,264 ----a-w C:\WINDOWS\system32\zk_sc.scr
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"I-Hate-Keyloggers"="C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe" [2006-07-16 19:20 195584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"zzsecagent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"CmPCIaudio"="cmicnfg3.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:35 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:33 219136]

C:\Documents and Settings\All Users\K&#8222;ynnist&#8222;-valikko\Ohjelmat\K&#8222;ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
hblogon.dll 2007-02-12 13:46 20480 C:\WINDOWS\system32\hblogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Iolo Macro Magic.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Service Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Chronice.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
--a------ 2006-06-06 14:01 1541120 C:\Program Files\1st Security Agent\newadmin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
--a------ 2006-04-27 14:13 148480 C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-Border Credential]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 5.5]
--a------ 2007-02-12 13:50 1870848 C:\Program Files\Novosoft\Handy Backup\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
--a------ 2007-11-12 17:45 38128 C:\program files\ncsoft\launcher\NCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2008-02-12 21:08 2115728 C:\Program Files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-05 15:28 1266936 C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 12:27]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-20 22:42]
R2 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-05-16 13:15]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 17:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 17:42]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
S2 anysee;anysee USB type Tuner(2005.04.25.D010313);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-04-25 12:40]
S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 DADriv1;DADriv1;C:\Shared Files\Maple Hacks\DAEngine\DAK32.sys []
S3 danny1;danny1;C:\Shared Files\Maple Hacks\Danny Engine\danny.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;C:\Shared Files\Maple Hacks\UCE\disk_1024.sys []
S3 Dua1;Dua1;F:\Shared Files\Maple Hacks\DualEngine2\DualEngi.sys [2006-10-02 11:43]
S3 EAGLE1;EAGLE1;C:\Shared Files\Maple Hacks\Google Engine\google32.sys []
S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10]
S3 geebers12;geebers12;C:\Shared Files\Maple Hacks\Buffy Engine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Shared Files\Maple Hacks\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1\IlvMoney1129.sys [2007-10-17 21:19]
S3 jamilah;jamilah;C:\Shared Files\Maple Hacks\jamilah.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Shared Files\Maple Hacks\VE5 1032\nvid999.sys []
S3 NUBBER;NUBBER;C:\Shared Files\Maple Hacks\NubEngine\nubbk32.sys []
S3 saruen;saruen;C:\Shared Files\Maple Hacks\saruengang101se\saruen.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-03-31 14:21]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-03-31 14:21]
S3 sejt1;sejt1;C:\Shared Files\Maple Hacks\AkumaEngine33\sejt.sys []
S3 serb1;serb1;F:\Shared Files\Maple Hacks\Serbio Engine\serbio.sys [2006-06-29 19:49]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12]
S3 SoRa01;SoRa01;C:\Shared Files\Maple Hacks\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE\spuce.sys [2006-11-28 21:13]
S3 sys_com001;sys_com001;C:\Shared Files\Maple Hacks\SysComEngine_1059\syscom.sys []
S3 TEMPLEVER;TEMPLEVER;C:\Shared Files\Maple Hacks\Templery Engine\damainzor.sys []
S3 uzeil1;uzeil1;C:\Shared Files\Maple Hacks\Mini Engine\Mini Engine\uzeil.sys []
S3 Visual1;Visual1;C:\Shared Files\Maple Hacks\Visual Engine\Visual.sys []
S3 zenx1;zenx1;C:\Shared Files\Maple Hacks\ZenxEngine_LATEST\zenx.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 01:17:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hblogon.dll
.
Completion time: 2008-02-13 1:20:04
ComboFix-quarantined-files.txt 2008-02-12 23:20:01
ComboFix2.txt 2008-02-12 22:16:46
.
2008-01-22 15:07:46 --- E O F ---



=====================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:25, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.59.164.62:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asdasd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.27.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 8251 bytes

 

En viitsi tätä tuohon logien sekaan laittaa kun menee niin sekavaksi, joten tein uuden viestin.

Tein tuon .bat filun ja poistin tuon C:\Norman kansion, mutta tuo "O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)" on ilmeisesti lähtenyt RegSeekerillä tai ComboFixillä jo itsestään pois tuolta, kun ei HjT sitä enään löydä.

 

se on hyvä että ei löydy Normania

Tuo siintä teki selvää jälkeä


OHJE
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

==============

Ota sitten uudestaan conbofix

=============

Lataa Winsockfix
http://www.tacktech.com/display.cfm?ttid=257
työpöydällesi
pura zip, Avaa Winsockfix paina Fix

============

Ota viellä uusi hjt:n loki viimisenä

 

Tässä vielä nuo 3 viimistä logia:

CFScript-log:

ComboFix 08-02-13.1 - Käyttäjä 2008-02-13 2:05:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1581 [GMT 2:00]
Running from: C:\Documents and Settings\Käyttäjä\Työpöytä\Virustorjunta\ComboFix.exe
Command switches used :: C:\Documents and Settings\Käyttäjä\Työpöytä\Virustorjunta\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\SYSTEM32\hblogon.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe\
C:\WINDOWS\SYSTEM32\hblogon.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav&#8222;lill&#8222;: 2008-01-13 to 2008-02-13 )))))))))))))))))
.

2008-02-13 00:59 . 2008-02-13 00:59 <KANSIO> d-------- C:\RegSeeker
2008-02-12 23:48 . 2008-02-12 23:48 <KANSIO> d-------- C:\Program Files\I Hate Keyloggers
2008-02-12 23:47 . 2008-02-12 23:47 209,008 --a------ C:\WINDOWS\system32\kbhookdll.dll
2008-02-12 23:47 . 2008-02-12 23:47 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-12 21:40 . 2008-02-12 21:40 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-12 21:34 . 2008-02-12 21:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:33 . 2008-02-12 21:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:33 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:46 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2008-02-04 15:28 . 2008-02-04 15:28 <KANSIO> d-------- C:\Downloads
2008-02-02 22:01 . 2008-02-02 22:05 <KANSIO> d-------- C:\Program Files\Desktop Screen Record 5
2008-02-02 13:52 . 2007-10-20 15:01 <KANSIO> d-------- C:\Program Files\FretsOnFire
2008-01-31 23:25 . 2008-01-31 23:25 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 23:23 . 2008-01-31 23:23 <KANSIO> d-------- C:\Nexon
2008-01-31 16:33 . 2008-01-31 16:33 <KANSIO> d-------- C:\Program Files\Perfect World
2008-01-29 21:31 . 2008-01-29 21:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:31 . 2008-01-29 21:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:31 . 2008-01-29 21:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 308 --a------ C:\WINDOWS\game.ini
2008-01-29 21:26 . 2008-01-31 01:26 <KANSIO> d-------- C:\Program Files\Call of Duty 4 - Modern Warfare
2008-01-29 20:18 . 2008-01-29 20:35 <KANSIO> d-------- C:\Program Files\Crysis
2008-01-28 00:47 . 2008-02-05 14:33 <KANSIO> d-------- C:\Program Files\Multimedia Fusion 2
2008-01-21 17:43 . 2008-01-21 17:43 11,736 --a------ C:\pldecal.wad
2008-01-21 17:39 . 2008-01-21 17:42 <KANSIO> d-------- C:\Program Files\Wally
2008-01-20 15:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 14:55 . 2008-01-20 14:55 <KANSIO> d-------- C:\Program Files\Electronic Arts

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 00:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 00:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-13 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-13 00:05 --------- d-----w C:\Program Files\mIRC617
2008-02-12 23:45 --------- d-----w C:\Program Files\Cheat Engine
2008-02-12 22:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-12 19:08 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-02-04 13:28 --------- d-----w C:\Program Files\AmazingMIDI
2008-01-31 21:23 --------- d-s---w C:\Program Files\Mabinogi Taiwan
2008-01-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 14:24 --------- d-----w C:\Program Files\Wizet
2008-01-21 21:29 412,906 ----a-w C:\Program Files\AAA Real Recorder.rar
2008-01-20 19:19 --------- d-----w C:\Program Files\Azureus
2008-01-12 19:54 --------- d-----w C:\Program Files\Peggle
2008-01-12 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-12 19:53 --------- d-----w C:\Program Files\BFG
2008-01-10 20:06 --------- d-----w C:\Program Files\ZSNes
2008-01-10 14:16 --------- d-----w C:\Program Files\TeamViewer3
2008-01-03 14:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-03 14:01 --------- d-----w C:\Program Files\Hamachi
2007-12-26 16:26 --------- d-----w C:\Program Files\DC++
2007-12-24 17:09 --------- d-----w C:\Program Files\Portal
2007-12-22 20:09 --------- d-----w C:\Program Files\Winamp
2007-12-21 18:17 --------- d-----w C:\Program Files\DivX
2007-12-19 22:27 --------- d-----w C:\Program Files\GALA-NET
.

(((((((((((((((((((((((((((((( Rekisterin k&#8222;ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji&#8222; arvoja ja laillisia oletusarvoja ei n&#8222;ytet&#8222;

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"I-Hate-Keyloggers"="C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe" [2006-07-16 19:20 195584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"zzsecagent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"CmPCIaudio"="cmicnfg3.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:35 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:33 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
hblogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Iolo Macro Magic.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Service Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Chronice.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
--a------ 2006-06-06 14:01 1541120 C:\Program Files\1st Security Agent\newadmin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
--a------ 2006-04-27 14:13 148480 C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-Border Credential]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 5.5]
--a------ 2007-02-12 13:50 1870848 C:\Program Files\Novosoft\Handy Backup\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
--a------ 2007-11-12 17:45 38128 C:\program files\ncsoft\launcher\NCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2008-02-12 21:08 2115728 C:\Program Files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-05 15:28 1266936 C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 12:27]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-20 22:42]
R2 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-05-16 13:15]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 17:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 17:42]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
S2 anysee;anysee USB type Tuner(2005.04.25.D010313);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-04-25 12:40]
S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 DADriv1;DADriv1;C:\Shared Files\Maple Hacks\DAEngine\DAK32.sys []
S3 danny1;danny1;C:\Shared Files\Maple Hacks\Danny Engine\danny.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;C:\Shared Files\Maple Hacks\UCE\disk_1024.sys []
S3 Dua1;Dua1;F:\Shared Files\Maple Hacks\DualEngine2\DualEngi.sys [2006-10-02 11:43]
S3 EAGLE1;EAGLE1;C:\Shared Files\Maple Hacks\Google Engine\google32.sys []
S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10]
S3 geebers12;geebers12;C:\Shared Files\Maple Hacks\Buffy Engine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Shared Files\Maple Hacks\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1\IlvMoney1129.sys [2007-10-17 21:19]
S3 jamilah;jamilah;C:\Shared Files\Maple Hacks\jamilah.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Shared Files\Maple Hacks\VE5 1032\nvid999.sys []
S3 NUBBER;NUBBER;C:\Shared Files\Maple Hacks\NubEngine\nubbk32.sys []
S3 saruen;saruen;C:\Shared Files\Maple Hacks\saruengang101se\saruen.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-03-31 14:21]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-03-31 14:21]
S3 sejt1;sejt1;C:\Shared Files\Maple Hacks\AkumaEngine33\sejt.sys []
S3 serb1;serb1;F:\Shared Files\Maple Hacks\Serbio Engine\serbio.sys [2006-06-29 19:49]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12]
S3 SoRa01;SoRa01;C:\Shared Files\Maple Hacks\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE\spuce.sys [2006-11-28 21:13]
S3 sys_com001;sys_com001;C:\Shared Files\Maple Hacks\SysComEngine_1059\syscom.sys []
S3 TEMPLEVER;TEMPLEVER;C:\Shared Files\Maple Hacks\Templery Engine\damainzor.sys []
S3 uzeil1;uzeil1;C:\Shared Files\Maple Hacks\Mini Engine\Mini Engine\uzeil.sys []
S3 Visual1;Visual1;C:\Shared Files\Maple Hacks\Visual Engine\Visual.sys []
S3 zenx1;zenx1;C:\Shared Files\Maple Hacks\ZenxEngine_LATEST\zenx.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 02:14:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\kbhookdll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2008-02-13 2:22:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 00:22:32
ComboFix2.txt 2008-02-12 23:20:05
ComboFix3.txt 2008-02-12 22:16:46
.
2008-01-22 15:07:46 --- E O F ---


======================================================================

Uusi combofix logi:

ComboFix 08-02-13.1 - Käyttäjä 2008-02-13 2:27:03.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1502 [GMT 2:00]
Running from: C:\Documents and Settings\Käyttäjä\Työpöytä\Virustorjunta\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-13 to 2008-02-13 )))))))))))))))))
.

2008-02-13 00:59 . 2008-02-13 00:59 <KANSIO> d-------- C:\RegSeeker
2008-02-12 23:48 . 2008-02-12 23:48 <KANSIO> d-------- C:\Program Files\I Hate Keyloggers
2008-02-12 23:47 . 2008-02-12 23:47 209,008 --a------ C:\WINDOWS\system32\kbhookdll.dll
2008-02-12 23:47 . 2008-02-12 23:47 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-12 21:40 . 2008-02-12 21:40 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-12 21:34 . 2008-02-12 21:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:34 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\AVG7
2008-02-12 21:33 . 2008-02-12 21:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:33 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:46 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2008-02-04 15:28 . 2008-02-04 15:28 <KANSIO> d-------- C:\Downloads
2008-02-02 22:01 . 2008-02-02 22:05 <KANSIO> d-------- C:\Program Files\Desktop Screen Record 5
2008-02-02 13:52 . 2007-10-20 15:01 <KANSIO> d-------- C:\Program Files\FretsOnFire
2008-01-31 23:25 . 2008-01-31 23:25 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 23:23 . 2008-01-31 23:23 <KANSIO> d-------- C:\Nexon
2008-01-31 16:33 . 2008-01-31 16:33 <KANSIO> d-------- C:\Program Files\Perfect World
2008-01-29 21:31 . 2008-01-29 21:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:31 . 2008-01-29 21:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:31 . 2008-01-29 21:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\Documents and Settings\Käyttäjä\Application Data\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 308 --a------ C:\WINDOWS\game.ini
2008-01-29 21:26 . 2008-01-31 01:26 <KANSIO> d-------- C:\Program Files\Call of Duty 4 - Modern Warfare
2008-01-29 20:18 . 2008-01-29 20:35 <KANSIO> d-------- C:\Program Files\Crysis
2008-01-28 00:50 . 2008-01-28 00:50 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Clickteam
2008-01-28 00:47 . 2008-02-05 14:33 <KANSIO> d-------- C:\Program Files\Multimedia Fusion 2
2008-01-21 17:43 . 2008-01-21 17:43 11,736 --a------ C:\pldecal.wad
2008-01-21 17:39 . 2008-01-21 17:42 <KANSIO> d-------- C:\Program Files\Wally
2008-01-20 22:24 . 2008-01-20 22:28 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-20 15:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 14:55 . 2008-01-20 14:55 <KANSIO> d-------- C:\Program Files\Electronic Arts

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 00:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 00:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-13 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-13 00:05 --------- d-----w C:\Program Files\mIRC617
2008-02-13 00:00 4,208 ----a-w C:\Documents and Settings\Käyttäjä\Application Data\wklnhst.dat
2008-02-12 23:45 --------- d-----w C:\Program Files\Cheat Engine
2008-02-12 22:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-12 19:08 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-02-12 11:20 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Azureus
2008-02-04 13:28 --------- d-----w C:\Program Files\AmazingMIDI
2008-02-04 13:28 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\GetRightToGo
2008-01-31 21:23 --------- d-s---w C:\Program Files\Mabinogi Taiwan
2008-01-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 14:24 --------- d-----w C:\Program Files\Wizet
2008-01-21 21:29 412,906 ----a-w C:\Program Files\AAA Real Recorder.rar
2008-01-20 19:19 --------- d-----w C:\Program Files\Azureus
2008-01-20 13:03 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-12 19:54 --------- d-----w C:\Program Files\Peggle
2008-01-12 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-12 19:53 --------- d-----w C:\Program Files\BFG
2008-01-10 20:06 --------- d-----w C:\Program Files\ZSNes
2008-01-10 14:19 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\TeamViewer
2008-01-10 14:16 --------- d-----w C:\Program Files\TeamViewer3
2008-01-03 14:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-03 14:01 --------- d-----w C:\Program Files\Hamachi
2008-01-03 14:01 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Hamachi
2007-12-26 16:26 --------- d-----w C:\Program Files\DC++
2007-12-24 17:09 --------- d-----w C:\Program Files\Portal
2007-12-22 20:09 --------- d-----w C:\Program Files\Winamp
2007-12-21 18:17 --------- d-----w C:\Program Files\DivX
2007-12-19 22:27 --------- d-----w C:\Program Files\GALA-NET
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-15 12:47 203,264 ----a-w C:\WINDOWS\system32\zk_sc.scr
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"I-Hate-Keyloggers"="C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe" [2006-07-16 19:20 195584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"zzsecagent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"CmPCIaudio"="cmicnfg3.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:35 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:33 219136]

C:\Documents and Settings\All Users\K&#8222;ynnist&#8222;-valikko\Ohjelmat\K&#8222;ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
hblogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Iolo Macro Magic.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Service Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Chronice.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
--a------ 2006-06-06 14:01 1541120 C:\Program Files\1st Security Agent\newadmin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
--a------ 2006-04-27 14:13 148480 C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-Border Credential]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 5.5]
--a------ 2007-02-12 13:50 1870848 C:\Program Files\Novosoft\Handy Backup\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
--a------ 2007-11-12 17:45 38128 C:\program files\ncsoft\launcher\NCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2008-02-12 21:08 2115728 C:\Program Files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-05 15:28 1266936 C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 12:27]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-20 22:42]
R2 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-05-16 13:15]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 17:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 17:42]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
S2 anysee;anysee USB type Tuner(2005.04.25.D010313);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-04-25 12:40]
S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 DADriv1;DADriv1;C:\Shared Files\Maple Hacks\DAEngine\DAK32.sys []
S3 danny1;danny1;C:\Shared Files\Maple Hacks\Danny Engine\danny.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;C:\Shared Files\Maple Hacks\UCE\disk_1024.sys []
S3 Dua1;Dua1;F:\Shared Files\Maple Hacks\DualEngine2\DualEngi.sys [2006-10-02 11:43]
S3 EAGLE1;EAGLE1;C:\Shared Files\Maple Hacks\Google Engine\google32.sys []
S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10]
S3 geebers12;geebers12;C:\Shared Files\Maple Hacks\Buffy Engine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Shared Files\Maple Hacks\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1\IlvMoney1129.sys [2007-10-17 21:19]
S3 jamilah;jamilah;C:\Shared Files\Maple Hacks\jamilah.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Shared Files\Maple Hacks\VE5 1032\nvid999.sys []
S3 NUBBER;NUBBER;C:\Shared Files\Maple Hacks\NubEngine\nubbk32.sys []
S3 saruen;saruen;C:\Shared Files\Maple Hacks\saruengang101se\saruen.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-03-31 14:21]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-03-31 14:21]
S3 sejt1;sejt1;C:\Shared Files\Maple Hacks\AkumaEngine33\sejt.sys []
S3 serb1;serb1;F:\Shared Files\Maple Hacks\Serbio Engine\serbio.sys [2006-06-29 19:49]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12]
S3 SoRa01;SoRa01;C:\Shared Files\Maple Hacks\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE\spuce.sys [2006-11-28 21:13]
S3 sys_com001;sys_com001;C:\Shared Files\Maple Hacks\SysComEngine_1059\syscom.sys []
S3 TEMPLEVER;TEMPLEVER;C:\Shared Files\Maple Hacks\Templery Engine\damainzor.sys []
S3 uzeil1;uzeil1;C:\Shared Files\Maple Hacks\Mini Engine\Mini Engine\uzeil.sys []
S3 Visual1;Visual1;C:\Shared Files\Maple Hacks\Visual Engine\Visual.sys []
S3 zenx1;zenx1;C:\Shared Files\Maple Hacks\ZenxEngine_LATEST\zenx.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 02:28:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\kbhookdll.dll
.
Completion time: 2008-02-13 2:29:24
ComboFix-quarantined-files.txt 2008-02-13 00:29:15
ComboFix2.txt 2008-02-13 00:22:39
ComboFix3.txt 2008-02-12 23:20:05
ComboFix4.txt 2008-02-12 22:16:46
.
2008-01-22 15:07:46 --- E O F ---


======================================================================

Viimeinen hjt-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:31, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.59.164.62:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asdasd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.27.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O20 - Winlogon Notify: hblogon - hblogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 8437 bytes

 

Lataa Dr.Web CureIt työpöydälle:

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, Klikkaa Custom scan merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

 

En löydä koko next-kuvaketta ohjelmasta, tässä kuva scannin jälkeen:


Mitä tulisi tehdä tuossa kohdassa?

 

Kilkaan tuosta misssä on asemat c
niihin tulee se merkki paina tuota kolmioo

sitten kun valmis select all ja delete

 

Dr. Web -logi:

09257546.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257656.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257734.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257796.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257859.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257875.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257906.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257921.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257968.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257984.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258015.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258031.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258046.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258078.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258109.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258140.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258187.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258203.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258265.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258296.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258312.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258343.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258406.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258453.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258562.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258703.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258750.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258828.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258937.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258984.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259015.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259031.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259062.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259109.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259125.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259140.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259156.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259171.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259218.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259281.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259359.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259421.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259734.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259843.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259968.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09260093.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09260125.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09260156.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09260234.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
jamilah.exe;F:\Shared Files\Maple Hacks;Tool.Jamilah;Deleted.;
blowie32.sys;F:\Shared Files\Maple Hacks\blowie;Trojan.NtRootKit.72;Deleted.;
fixmem.dll;F:\Shared Files\Maple Hacks\blowie;Trojan.MulDrop.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Danny Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\DualEngine2;Trojan.DownLoader.origin;Incurable.Moved.;
GameMon.des;F:\Shared Files\Maple Hacks\GameGuard\GameGuard;Probably BACKDOOR.Trojan;Deleted.;
stealth.dll;F:\Shared Files\Maple Hacks\GG System X [Protected]\GG System X [Protected];Trojan.DownLoader.origin;Incurable.Moved.;
g_poison.exe;F:\Shared Files\Maple Hacks\ggk;BackDoor.Iroffer.1349;Deleted.;
setup.exe;F:\Shared Files\Maple Hacks\GMasters Engine;Trojan.KillFiles.11340;Deleted.;
stealth.dll;F:\Shared Files\Maple Hacks\Google Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Leecher Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Mini Engine\Mini Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1;Trojan.DownLoader.origin;Incurable.Moved.;
nubdeal.dll;F:\Shared Files\Maple Hacks\NubEngine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Serbio Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Templery Engine;Trojan.DownLoader.origin;Incurable.Moved.;
important.htm;F:\Shared Files\Maple Hacks\TrojanPie.exe\TrojanPie.exe\Bots\ProMacro\AutoMacroRecorder!!;Win32.Virut;Cured.;
kanal.htm;F:\Shared Files\Maple Hacks\TrojanPie.exe\TrojanPie.exe\S3NSA and scruie, the olly supporters, Style =] (Ollydbg)\PEiD\plugins;Win32.Virut;Cured.;
stealth.dll;F:\Shared Files\Maple Hacks\UCE;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Visual Engine;Trojan.DownLoader.origin;Incurable.Moved.;
tealth.dll;F:\Shared Files\Maple Hacks\Visual Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\zenosengine1.9\zenosengine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\zenosengine1.9 + ct\zenosengine;Trojan.DownLoader.origin;Incurable.Moved.;
Project1.exe;F:\Shared Files\Maple Hacks\ZenxEngine_LATEST;VirusConstructor.Davwormgen;Deleted.;
stealth.dll;F:\Shared Files\Maple Hacks\ZenxEngine_LATEST;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Zion Engine;Trojan.DownLoader.origin;Incurable.Moved.;
15904281.FIL;C:\$VAULT$.AVG;Adware.SaveNow;Deleted.;
15904312.FIL;C:\$VAULT$.AVG;Adware.SaveNow;Deleted.;
15904375.FIL;C:\$VAULT$.AVG;Adware.SaveNow;Deleted.;

 

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v2.03.532- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

 

Tein kaikki nuo CCleaner-kohdat.

 

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

 

eScan logi:

File C:\PROGRA~1\IHATEK~1\IHATEK~1.EXE tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File C:\PROGRA~1\mIRC617\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\PROGRA~1\IHATEK~1\IHATEK~1.EXE tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File C:\WINDOWS\system32\kbhookdll.dll tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File C:\Documents and Settings\Käyttäjä\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Käyttäjä\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Käyttäjä\Omat tiedostot\bsplayer142.833.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File C:\Program Files\mIRC\backup\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\Program Files\mIRC617\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\WINDOWS\system32\kbhookdll.dll tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File F:\Shared Files\Maple Hacks\DualEngine2\GR.sys infected by "Rootkit.Win32.Agent.zi" Virus. Action Taken: File Renamed.
File F:\Shared Files\Maple Hacks\DualEngine2.zip infected by "Rootkit.Win32.Agent.zi" Virus. Action Taken: File Renamed.
File F:\Shared Files\Maple Hacks\InjecTOR.rar infected by "HackTool.Win32.Injecter.n" Virus. Action Taken: File Deleted.
File F:\Shared Files\Maple Hacks\jamilah(rootkit).rar tagged as not-a-virus:RiskTool.Win32.JML.a. No Action Taken.
File F:\Shared Files\PC Apps\i-hate-keyloggers\i-hate-keyloggers.exe tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File F:\Shared Files\PC Apps\i-hate-keyloggers.zip tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File F:\Shared Files\PC Apps\mirc617.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File F:\Shared Files\PC Apps\mirc621.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.

 

Oliko ne toimenpiteet sitten siinä?
Voiko näiden logien perusteella sanoa, että onko tiedostossa ollut keylogger päässyt koneeseen asti, ja onko se todennäköistä että kyseistä keyloggeria ei löydy enään koneesta?

 

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

================

Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

Toisissa koneissa paukutetaan F8:sin sijasta F5:tä

HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

============

poista lisää poista sovelutuksesta

I Hate Keyloggers

Poista kansio vikasiedossa

C:\Program Files\I Hate Keyloggers

=========

Ota hjt:loki uusi ja aja uusi combofix