Malware mato +hjt logi

Moro

Ja kiitos jo etukäteen.

Täältä löytyy tällänen virus VBS:Malware-gen. Kansiossa C:\DOCUME~1\TONITH~1\LOCALS~1\Temp\1.reg.

Kuinka pääsen tuosta eroon??

Tässä hjt logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:23, on 7.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\msnmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HTJ\Scanneri.exe
C:\WINDOWS\system32\sysregi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.ircfast2.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MSN] msnmsgs.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe
O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?6f78916619b64119bab569a545462c99
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?6f78916619b64119bab569a545462c99
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC49F3FB-9AC8-412C-B2B7-E787F1E95DB8}: NameServer = 192.168.0.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8718 bytes

 

Tässä ois uus logi. Sain poistettua tuon tiedoston jossa virus oli, mutta avast väittää sen olevan koneella.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:38, on 7.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\msnmsgs.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\sysregi.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HTJ\Scanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.ircfast2.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MSN] msnmsgs.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?6f78916619b64119bab569a545462c99
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?6f78916619b64119bab569a545462c99
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC49F3FB-9AC8-412C-B2B7-E787F1E95DB8}: NameServer = 192.168.0.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

--
End of file - 9000 bytes

 

Auttaakaa joku Avast huutaai!!!!

 

Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

Toisissa koneissa paukutetaan F8:sin sijasta F5:tä

HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

 

Painelin jotain omiani enkä saanut raporttia ja uudella scannauksella ei löytänyt mitään, mutta avast löytää vieläkin pöpön!! Mitäs nyt

 

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
" Käynnistä tietokone
" Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
" Seuraavaksi pitäisi ilmestyä valikko
" Valitse valikosta vikasietotila.

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

Jumiin meni..

SDFix käynnistyi ja alkoi putsaan sitten tuli lukeen Cannot find ///Fast Hardlock Driver! Ja seuraavaksi HLVDD.DLL Asennettavan näennäislaiteohjaimen virhe DLL-kirjaston alustuksessa. Ohjelma suljetaan!!!
Eli ei onnistunut.

Onko lisää hyviä ideoita!!

 

KLinkki
Tutkailes tuolta

 

Jotain tuli taas kikkailtua ja sain tälläsen raportin

SDFix: Version 1.118

Run by tonithegreat on ti 11.12.2007 at 22:16

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\DOCUME~1\TONITH~1\TYPYT~1\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 22:20:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,f5,d3,f6,f4,6d,ba,14,d4,cc,3b,45,50,bf,6b,83,50,e6,..
"hj34z0"=hex:e4,d7,06,6e,de,e8,6f,a1,d4,63,46,78,2d,63,2e,a6,13,f3,c1,49,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,e5,d3,f6,f4,3d,13,9e,ba,5c,1d,56,d8,cf,60,2b,d0,f6,..
"hj34z0"=hex:e8,d6,06,6e,ce,e9,6f,a1,d4,63,46,78,2d,63,2e,a6,13,f3,c1,49,92,..
"hj34z1"=hex:47,d6,06,6e,b6,e9,6f,a1,d5,63,47,78,2c,63,2e,a6,13,f3,c1,49,92,..
"hj34z2"=hex:47,d6,06,6e,b6,e9,6f,a1,d5,63,47,78,2c,63,2e,a6,13,f3,c1,49,92,..
"hj34z3"=hex:47,d6,06,6e,b6,e9,6f,a1,d5,63,47,78,2c,63,2e,a6,13,f3,c1,49,92,..
"hj34z4"=hex:47,d6,06,6e,b6,e9,6f,a1,d5,63,47,78,2c,63,2e,a6,13,f3,c1,49,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
"khjeh"=hex:20,02,00,00,78,87,f0,bf,56,3f,eb,d8,01,52,11,1c,d0,df,4f,11,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43]
"khjeh"=hex:20,02,00,00,78,87,f0,bf,56,3f,eb,d8,01,52,11,1c,d0,df,4f,11,33,..
"hj34z0"=hex:05,f5,7c,7e,ee,dc,07,31,34,c4,5b,80,0d,13,18,9f,73,75,28,d3,d9,..
"hj34z1"=hex:a7,f5,7c,7e,96,dc,07,31,35,c4,5a,80,0c,13,18,9f,73,75,28,d3,72,..
"hj34z2"=hex:a7,f5,7c,7e,96,dc,07,31,35,c4,5a,80,0c,13,18,9f,73,75,28,d3,72,..
"hj34z3"=hex:a7,f5,7c,7e,96,dc,07,31,35,c4,5a,80,0c,13,18,9f,73,75,28,d3,72,..
"hj34z4"=hex:a7,f5,7c,7e,96,dc,07,31,35,c4,5a,80,0c,13,18,9f,73,75,28,d3,72,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

C:\WINDOWS\Temp\_av_proI.tm~a02996
C:\WINDOWS\Temp\_av_proI.tm~a02996\setup.lok 0 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*isabled:abc"
"C:\\Program Files\\oDC\\oDC.exe"="C:\\Program Files\\oDC\\oDC.exe:*isabledDC"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"E:\\Satellite TV\\TVAnts\\Tvants.exe"="E:\\Satellite TV\\TVAnts\\Tvants.exe:*isabled:TVAnts"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\fulDC\\DCPlusPlus.exe"="C:\\Program Files\\fulDC\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~"�"="DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~"�:*:Enabled:Nod32 Runtime"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 13 Jun 2007 202,240 ..SHR --- "C:\WINDOWS\system32\sysregi.exe"
Mon 19 Feb 2007 14,547,968 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL1662.tmp"
Mon 19 Feb 2007 14,552,064 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL1686.tmp"
Mon 19 Feb 2007 12,117,504 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL2129.tmp"
Mon 19 Feb 2007 14,554,112 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL2159.tmp"
Mon 19 Feb 2007 9,824,768 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL2178.tmp"
Mon 19 Feb 2007 14,551,552 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL2419.tmp"
Mon 19 Feb 2007 5,016,064 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL2753.tmp"
Mon 19 Feb 2007 14,554,112 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL3265.tmp"
Mon 19 Feb 2007 14,555,136 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL3306.tmp"
Mon 19 Feb 2007 14,554,112 ...H. --- "C:\Documents and Settings\Ansku\Omat tiedostot\~WRL3642.tmp"
Mon 19 Feb 2007 14,554,112 ...H. --- "C:\Documents and Settings\Ansku\Application Data\Microsoft\Word\~WRL0098.tmp"
Mon 19 Feb 2007 14,551,552 ...H. --- "C:\Documents and Settings\Ansku\Application Data\Microsoft\Word\~WRL1916.tmp"
Mon 19 Feb 2007 14,550,528 ...H. --- "C:\Documents and Settings\Ansku\Application Data\Microsoft\Word\~WRL3393.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2ae806ac9910cdab67d4f0760de0b955\download\BIT12.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\41ebc63014c17a4320bef38da10384e2\download\BIT11.tmp"
Tue 11 Dec 2007 1,089,520 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7a469ba7a58747458a870b9081ad30a6\download\BIT10.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8af868acbe213ceb0e18085f5822660a\download\BIT14.tmp"
Tue 11 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d87be66a5ad01c5bf5bf6add6ade9fe1\download\BIT13.tmp"

Finished!

 

1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 07-12-12.3 - tonithegreat 2007-12-11 22:39:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.533 [GMT 2:00]
Running from: C:\Documents and Settings\tonithegreat\Työpöytä\ComboFix.exe
* Created a new restore point
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-12 to 2007-12-12 )))))))))))))))))
.

2007-12-11 22:22 . 2007-12-11 22:22 <KANSIO> d-------- C:\WINDOWS\LastGood
2007-12-11 19:42 . 2007-12-11 19:42 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-12-11 19:36 . 2007-12-11 19:36 21,504 --a------ C:\Lataa SDFix.doc
2007-12-11 19:33 . 2007-12-11 19:34 <KANSIO> d-------- C:\Program Files\Sdfix
2007-12-11 16:39 . 2007-12-11 16:39 <KANSIO> d-------- C:\Documents and Settings\Ansku\Application Data\Creative
2007-12-11 16:35 . 2007-12-11 16:35 <KANSIO> d-------- C:\Documents and Settings\Ansku\Application Data\Grisoft
2007-12-11 09:29 . 2007-12-11 09:29 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Grisoft
2007-12-11 09:28 . 2007-12-11 09:28 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-12-11 09:28 . 2007-12-11 09:28 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-12-11 09:27 . 2007-12-11 20:00 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-12-11 09:27 . 2007-12-11 20:00 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-12-11 09:27 . 2006-03-10 19:39 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-12-11 09:27 . 2006-03-10 19:39 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-12-11 09:26 . 2007-12-11 09:26 70,656 --a------ C:\Käynnistä koneesi vikasietotilaan.doc
2007-12-11 09:21 . 2007-12-11 09:21 <KANSIO> d-------- C:\Documents and Settings\tonithegreat\Application Data\Grisoft
2007-12-11 09:20 . 2007-12-11 11:38 <KANSIO> d-------- C:\Program Files\AVG Anti-Spyware 7.5
2007-12-11 09:20 . 2007-12-11 09:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 09:20 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-10 20:47 . 1999-10-10 19:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-12-10 20:45 . 2007-12-10 20:45 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2007-12-10 20:25 . 2007-12-10 20:45 <KANSIO> d-------- C:\Program Files\Audible
2007-12-10 20:25 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2007-12-10 20:23 . 2007-12-10 20:23 <KANSIO> d--h----- C:\Program Files\Creative Installation Information
2007-12-10 20:23 . 2007-12-10 20:23 <KANSIO> d-------- C:\Program Files\Common Files\Creative
2007-12-10 20:23 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-12-10 20:23 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-12-10 20:14 . 2007-12-10 20:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-12-10 20:13 . 2007-12-10 21:08 <KANSIO> d-------- C:\Program Files\Creative
2007-12-09 17:05 . 2007-12-09 17:05 <KANSIO> d-------- C:\Documents and Settings\Ansku\Application Data\ATI
2007-12-09 15:17 . 2007-12-09 15:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-09 15:16 . 2007-12-09 15:16 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-12-07 13:25 . 2007-12-09 14:42 <KANSIO> d-------- C:\Program Files\SPYWAREfighter
2007-12-07 13:18 . 2007-12-07 16:18 202,240 --a------ C:\img134.imageshack.exe
2007-12-07 08:43 . 2007-12-07 14:20 <KANSIO> d-------- C:\Program Files\HTJ
2007-12-07 08:28 . 2007-12-07 08:28 <KANSIO> d-------- C:\Program Files\dvdSanta
2007-12-05 18:04 . 2007-12-05 18:04 26 --a------ C:\WINDOWS\dvdSanta.INI
2007-12-05 17:44 . 2007-12-05 18:02 <KANSIO> d-------- C:\Program Files\URUSoft
2007-12-04 21:44 . 2007-12-04 21:44 <KANSIO> d-------- C:\Program Files\virtualdubmode
2007-11-26 21:58 . 2007-11-26 21:58 <KANSIO> d-------- C:\Program Files\SystemRequirementsLab
2007-11-26 21:57 . 2007-11-26 21:58 <KANSIO> d-------- C:\Documents and Settings\tonithegreat\Application Data\SystemRequirementsLab
2007-11-22 17:59 . 2007-12-09 16:56 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-22 17:59 . 2007-11-22 18:38 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-22 17:59 . 2007-12-09 16:56 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-22 17:56 . 2007-11-22 17:56 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 20:00 53,760 ----a-w C:\WINDOWS\system32\hlvdd.dll
2007-12-11 16:14 --------- d-----w C:\Documents and Settings\Ansku\Application Data\fujifilm-fi-photo-manager
2007-12-11 14:44 --------- d-----w C:\Program Files\DC++
2007-12-11 07:20 --------- d-----w C:\Documents and Settings\tonithegreat\Application Data\uTorrent
2007-12-10 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 13:21 --------- d-----w C:\Program Files\Avast
2007-12-09 13:17 --------- d-----w C:\Documents and Settings\tonithegreat\Application Data\ATI
2007-12-09 13:13 --------- d-----w C:\Program Files\ATI Technologies
2007-12-09 12:49 --------- d-----w C:\Program Files\oDC
2007-12-07 14:29 --------- d-----w C:\Program Files\fulDC
2007-12-07 12:28 --------- d-----w C:\Program Files\BSplayer
2007-12-04 19:44 --------- d-----w C:\Program Files\virtualdubmode
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 14:38 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-17 17:47 --------- d-----w C:\Documents and Settings\Ansku\Application Data\uTorrent
2007-11-17 13:29 --------- d-----w C:\Documents and Settings\Ansku\Application Data\AdobeUM
2007-11-15 16:41 --------- d-----w C:\Program Files\Divfix
2007-11-12 18:14 --------- d-----w C:\Documents and Settings\tonithegreat\Application Data\Apple Computer
2007-11-11 07:06 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-10-14 06:09 --------- d-----w C:\Documents and Settings\tonithegreat\Application Data\vlc
2007-10-14 06:07 --------- d-----w C:\Program Files\VideoLAN
2007-10-13 15:50 --------- d-----w C:\Program Files\iTunes
2007-10-13 15:50 --------- d-----w C:\Program Files\iPod
2007-10-13 09:53 --------- d-----w C:\Program Files\Java
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-22 12:47 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-06-13 13:22 202,240 --sh--r C:\WINDOWS\system32\sysregi.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-11 09:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 20:05]
"avast!"="C:\PROGRA~1\Avast\ashDisp.exe" [2007-12-04 15:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 08:46]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 09:34]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 09:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"Nod32 Runtime"="sysregi.exe" [2007-06-13 15:22 C:\WINDOWS\system32\sysregi.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Nod32 Runtime"="sysregi.exe" [2007-06-13 15:22 C:\WINDOWS\system32\sysregi.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-11 09:11:14]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
S3 UXDCMN;UXDCMN;\??\D:\Ultra-X WinStress Test v1.5\UXDCMN.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5925a09e-d22c-11db-b912-0015f2338756}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-12-11 14:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-01 17:02:00 C:\WINDOWS\Tasks\Levyn eheytys.job"
- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Apuohjelmat\Järjestelmätyökalut\Levyn eheytys.lnk
"2007-12-11 19:50:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 22:40:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 22:41:22
.
2007-11-30 14:43:11 --- E O F ---

 

scannaa hjt loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:59, on 13.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\sysregi.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HTJ\Scanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.ircfast2.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?6f78916619b64119bab569a545462c99
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?6f78916619b64119bab569a545462c99
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC49F3FB-9AC8-412C-B2B7-E787F1E95DB8}: NameServer = 192.168.0.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9226 bytes

 

Auttakaa nyt....Avast poraa vieläkin!!

 

scannaa hjt:llä merkkaa paina fix checked

O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe
O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe

============

1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 07-12-12.3 - tonithegreat 2007-12-16 12:47:52.3 - NTFSx86
Running from: C:\Documents and Settings\tonithegreat\Työpöytä\ComboFix.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-11-16 to 2007-12-16 )))))))))))))))))
.

2007-12-14 14:10 . 2007-12-14 14:47 <KANSIO> d-------- C:\Program Files\ATI Technologies
2007-12-14 14:10 . 2006-08-02 17:27 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-14 08:49 . 2007-12-14 08:49 <KANSIO> d---s---- C:\Documents and Settings\tonithegreat\UserData
2007-12-13 16:27 . 2007-12-13 16:28 <KANSIO> d-------- C:\Program Files\Subtitle Workshop
2007-12-13 16:05 . 2007-12-13 16:05 <KANSIO> d-------- C:\Program Files\SRT to SSA
2007-12-13 14:54 . 2007-12-13 14:54 <KANSIO> d-------- C:\Documents and Settings\tonithegreat\Application Data\Creative
2007-12-11 19:42 . 2007-12-11 19:42 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-12-11 19:36 . 2007-12-11 19:36 21,504 --a------ C:\Lataa SDFix.doc
2007-12-11 19:33 . 2007-12-11 19:34 <KANSIO> d-------- C:\Program Files\Sdfix
2007-12-11 16:39 . 2007-12-11 16:39 <KANSIO> d-------- C:\Documents and Settings\Ansku\Application Data\Creative
2007-12-11 16:35 . 2007-12-11 16:35 <KANSIO> d-------- C:\Documents and Settings\Ansku\Application Data\Grisoft
2007-12-11 09:29 . 2007-12-11 09:29 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Grisoft
2007-12-11 09:28 . 2007-12-11 09:28 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-12-11 09:28 . 2007-12-11 09:28 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-12-11 09:27 . 2007-12-11 20:00 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-12-11 09:27 . 2007-12-11 20:00 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-12-11 09:27 . 2006-03-10 19:39 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-12-11 09:27 . 2006-03-10 19:39 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-12-11 09:27 . 2006-03-10 19:35 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-12-11 09:26 . 2007-12-11 09:26 70,656 --a------ C:\Käynnistä koneesi vikasietotilaan.doc
2007-12-11 09:21 . 2007-12-11 09:21 <KANSIO> d-------- C:\Documents and Settings\tonithegreat\Application Data\Grisoft
2007-12-11 09:20 . 2007-12-11 11:38 <KANSIO> d-------- C:\Program Files\AVG Anti-Spyware 7.5
2007-12-11 09:20 . 2007-12-11 09:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 09:20 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-10 20:47 . 1999-10-10 19:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-12-10 20:45 . 2007-12-10 20:45 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2007-12-10 20:25 . 2007-12-10 20:45 <KANSIO> d-------- C:\Program Files\Audible
2007-12-10 20:25 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2007-12-10 20:23 . 2007-12-10 20:23 <KANSIO> d--h----- C:\Program Files\Creative Installation Information
2007-12-10 20:23 . 2007-12-10 20:23 <KANSIO> d-------- C:\Program Files\Common Files\Creative
2007-12-10 20:23 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-12-10 20:23 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-12-10 20:14 . 2007-12-10 20:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-12-10 20:13 . 2007-12-10 21:08 <KANSIO> d-------- C:\Program Files\Creative
2007-12-09 17:05 . 2007-12-14 17:43 <KANSIO> d-------- C:\Documents and Settings\Ansku\Application Data\ATI
2007-12-09 15:16 . 2007-12-09 15:16 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-12-07 13:25 . 2007-12-09 14:42 <KANSIO> d-------- C:\Program Files\SPYWAREfighter
2007-12-07 13:18 . 2007-12-07 16:18 202,240 --a------ C:\img134.imageshack.exe
2007-12-07 08:43 . 2007-12-16 12:47 <KANSIO> d-------- C:\Program Files\HTJ
2007-12-05 18:04 . 2007-12-05 18:04 26 --a------ C:\WINDOWS\dvdSanta.INI
2007-12-05 17:44 . 2007-12-05 18:02 <KANSIO> d-------- C:\Program Files\URUSoft
2007-12-04 21:44 . 2007-12-13 17:20 <KANSIO> d-------- C:\Program Files\virtualdubmode
2007-11-26 21:58 . 2007-11-26 21:58 <KANSIO> d-------- C:\Program Files\SystemRequirementsLab
2007-11-26 21:57 . 2007-11-26 21:58 <KANSIO> d-------- C:\Documents and Settings\tonithegreat\Application Data\SystemRequirementsLab
2007-11-22 17:59 . 2007-12-14 15:01 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-22 17:59 . 2007-11-22 18:38 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-22 17:59 . 2007-12-14 15:01 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-22 17:56 . 2007-11-22 17:56 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 12:48 --------- d-----w C:\Documents and Settings\tonithegreat\Application Data\ATI
2007-12-14 12:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 15:20 --------- d-----w C:\Program Files\virtualdubmode
2007-12-13 13:28 --------- d-----w C:\Documents and Settings\tonithegreat\Application Data\uTorrent
2007-12-11 20:00 53,760 ----a-w C:\WINDOWS\system32\hlvdd.dll
2007-12-11 16:14 --------- d-----w C:\Documents and Settings\Ansku\Application Data\fujifilm-fi-photo-manager
2007-12-11 14:44 --------- d-----w C:\Program Files\DC++
2007-12-09 13:21 --------- d-----w C:\Program Files\Avast
2007-12-09 12:49 --------- d-----w C:\Program Files\oDC
2007-12-07 14:29 --------- d-----w C:\Program Files\fulDC
2007-12-07 12:28 --------- d-----w C:\Program Files\BSplayer
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 14:38 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-17 17:47 --------- d-----w C:\Documents and Settings\Ansku\Application Data\uTorrent
2007-11-17 13:29 --------- d-----w C:\Documents and Settings\Ansku\Application Data\AdobeUM
2007-11-15 16:41 --------- d-----w C:\Program Files\Divfix
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:14 --------- d-----w C:\Documents and Settings\tonithegreat\Application Data\Apple Computer
2007-11-11 07:06 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 04:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-22 12:47 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-06-13 13:22 202,240 --sh--r C:\WINDOWS\system32\sysregi.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-11 09:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\Avast\ashDisp.exe" [2007-12-04 15:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 15:42 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 08:46]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 09:34]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 09:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5925a09e-d22c-11db-b912-0015f2338756}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
'Ajoitetut tehtävät'-kansion sisältö
"2007-12-11 14:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-01 17:02:00 C:\WINDOWS\Tasks\Levyn eheytys.job"
- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Apuohjelmat\Järjestelmätyökalut\Levyn eheytys.lnk
"2007-12-15 21:50:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 12:49:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-16 12:49:38
C:\ComboFix2.txt ... 2007-12-12 22:50
C:\ComboFix3.txt ... 2007-12-12 22:41
.
2007-12-12 20:44:43 --- E O F ---

 

Noniin eli avast ei huutele enään, mutta onko tuo ylempi log puhdas??

Ja kiitosta paljon kaikesta!!!