Tässäpä olis loki... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:57:04, on 15.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\winudspm.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\winudmr.exe C:\WINDOWS\serviceaaa.exe C:\Program Files\AdsGone\adsgone.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\svchosl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file) O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series 1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P25 "EPSON Stylus C44 Series 1" /O5 "LPT1:" /M "Stylus C44" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hmonitor] D:\Hmonitor\hmonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [sm] C:\WINDOWS\sa_exe.exe O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe O4 - HKLM\..\Run: [Windows svchost] serviceaaa.exe O4 - HKLM\..\Run: [1888a6d1] rundll32.exe "C:\WINDOWS\system32\ilaojimh.dll",b O4 - HKLM\..\Run: [BM1bbb954d] Rundll32.exe "C:\WINDOWS\system32\qxchrood.dll",s O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing) O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - d:\pelit\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - d:\pelit\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 10224 bytes
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä: Combofix.exe Combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) R3 - URLSearchHook: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file) O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sm] C:\WINDOWS\sa_exe.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe O4 - HKLM\..\Run: [Windows svchost] serviceaaa.exe O4 - HKLM\..\Run: [1888a6d1] rundll32.exe "C:\WINDOWS\system32\ilaojimh.dll",b O4 - HKLM\..\Run: [BM1bbb954d] Rundll32.exe "C:\WINDOWS\system32\qxchrood.dll",s O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing) O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - d:\pelit\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - d:\pelit\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti *
Hjt-loki Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:43:42, on 16.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\AdsGone\adsgone.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {D1382FFD-D10C-3D8E-3345-C2BAEAFBB760} - C:\DOCUME~1\Jukka\APPLIC~1\OBJBOO~1\Fragbarb.exe (file missing) O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series 1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P25 "EPSON Stylus C44 Series 1" /O5 "LPT1:" /M "Stylus C44" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hmonitor] D:\Hmonitor\hmonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 8255 bytes Combofix - raportti ComboFix 08-06-15.4 - Jukka 2008-06-16 21:06:03.1 - NTFSx86 Running from: C:\Documents and Settings\Jukka\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Jukka\Työpöytä\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Windows\mservice.exe C:\WINDOWS\sa_exe.exe C:\WINDOWS\service.exe C:\WINDOWS\serviceaaa.exe C:\WINDOWS\svchosl.exe C:\WINDOWS\system32\ilaojimh.dll C:\WINDOWS\system32\qxchrood.dll C:\WINDOWS\winudmr.exe C:\WINDOWS\winudspm.exe . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM1bbb954d.xml C:\WINDOWS\cookies.ini C:\Windows\mservice.exe C:\WINDOWS\pskt.ini C:\WINDOWS\service.exe C:\WINDOWS\serviceaaa.exe C:\WINDOWS\svchosl.exe C:\WINDOWS\system32\adxqhsrc.ini C:\WINDOWS\system32\awtqqrqR.dll C:\WINDOWS\system32\bivjijmi.dll C:\WINDOWS\system32\bqifrlak.ini C:\WINDOWS\system32\byXRLFvv.dll C:\WINDOWS\system32\cbXNETnn.dll C:\WINDOWS\system32\dgbuillx.dll C:\WINDOWS\system32\dvftmtkk.dll C:\WINDOWS\system32\efcBrSmn.dll C:\WINDOWS\system32\enqmhcqk.dll C:\WINDOWS\system32\etdlsale.exe C:\WINDOWS\system32\ettnqnjg.ini C:\WINDOWS\system32\flutjian.dll C:\WINDOWS\system32\fntiebqw.dll C:\WINDOWS\system32\fptijmak.dll C:\WINDOWS\system32\glyrahym.ini C:\WINDOWS\system32\hgGxYSLD.dll C:\WINDOWS\system32\hmijoali.ini C:\WINDOWS\system32\hwjsxtay.ini C:\WINDOWS\system32\iblaclwu.ini C:\WINDOWS\system32\iiyynphc.ini C:\WINDOWS\system32\jhhgmmpm.exe C:\WINDOWS\system32\khfEWQjh.dll C:\WINDOWS\system32\lggiwjyl.dll C:\WINDOWS\system32\ljJCrRiG.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\myharylg.dll C:\WINDOWS\system32\ngqeoece.dll C:\WINDOWS\system32\nlvkilpu.exe C:\WINDOWS\system32\nnnllMeC.dll C:\WINDOWS\system32\opnlJdbc.dll C:\WINDOWS\system32\opnljGyY.dll C:\WINDOWS\system32\opnmLeET.dll C:\WINDOWS\system32\orygqscm.dll C:\WINDOWS\system32\osinmnxk.dll C:\WINDOWS\system32\oxtoagov.dll C:\WINDOWS\system32\plcrlnst.dll C:\WINDOWS\system32\poxwfvhi.dll C:\WINDOWS\system32\qxchrood.dll C:\WINDOWS\system32\rdmfjsyx.exe C:\WINDOWS\system32\rqRJDwxu.dll C:\WINDOWS\system32\rqRKDvsT.dll C:\WINDOWS\system32\smxhkwef.exe C:\WINDOWS\system32\suaycqjv.exe C:\WINDOWS\system32\tbnflwdx.dll C:\WINDOWS\system32\tjfxndxc.exe C:\WINDOWS\system32\tqfjgcra.ini C:\WINDOWS\system32\TsvDKRqr.ini C:\WINDOWS\system32\TsvDKRqr.ini2 C:\WINDOWS\system32\tuvTklJa.dll C:\WINDOWS\system32\uglcknjv.ini C:\WINDOWS\system32\urqqQGAR.dll C:\WINDOWS\system32\uxcikwud.dll C:\WINDOWS\system32\vagemyym.dll C:\WINDOWS\system32\wesmseta.dll C:\WINDOWS\system32\vimojxrv.ini C:\WINDOWS\system32\wnuvcloq.ini C:\WINDOWS\system32\wtbfmtuy.dll C:\WINDOWS\system32\vudkhaxj.dll C:\WINDOWS\system32\xdswtoyd.dll C:\WINDOWS\system32\xmokiqtt.dll C:\WINDOWS\system32\xqigdege.dll C:\WINDOWS\system32\xrbnattn.exe C:\WINDOWS\system32\yatxsjwh.dll C:\WINDOWS\system32\yayYSMCS.dll C:\WINDOWS\system32\ynaybdfk.exe C:\WINDOWS\system32\ynlluyqp.ini C:\WINDOWS\system32\ywailtpu.ini C:\WINDOWS\ups.exe C:\WINDOWS\winudmr.exe C:\WINDOWS\winudspm.exe . ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-16 to 2008-06-16 ))))))))))))))))) . 2008-06-16 18:11 . 2008-06-16 18:11 36,465 -r-hs---- C:\WINDOWS\winudpmgrs.exe 2008-06-15 21:56 . 2008-06-15 21:56 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-06-10 21:04 . 2008-06-10 21:04 29,835 --a--c--- C:\nicks.exe 2008-06-09 17:31 . 2008-06-09 17:31 29,342 --a------ C:\Documents and Settings\Jukka\ps.exe 2008-06-03 21:53 . 2008-06-10 19:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-03 21:18 . 2008-06-03 21:18 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback 2008-06-03 20:46 . 2008-06-03 22:19 4,217 --a------ C:\WINDOWS\is154890.exe 2008-06-03 18:36 . 2008-06-03 21:22 86,548 --a------ C:\Documents and Settings\Jukka\setupa.exe 2008-06-02 22:33 . 2008-06-02 22:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-02 22:30 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip 2008-05-30 16:55 . 2008-06-03 18:18 96,950 --a------ C:\Documents and Settings\Jukka\setup.exe 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-16 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-06-10 16:02 --------- d-----w C:\Program Files\MSN Messenger 2008-06-03 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 19:33 --------- d-----w C:\Program Files\Lavasoft 2008-06-02 19:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-25 16:28 --------- d-----w C:\Program Files\DC++ 2008-05-07 11:46 --------- d-----w C:\Program Files\XviD 2008-05-07 11:46 --------- d-----w C:\Program Files\DivX 2008-05-04 09:34 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-26 12:15 28,352 ----a-w C:\Documents and Settings\Jukka\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1382FFD-D10C-3D8E-3345-C2BAEAFBB760}] C:\DOCUME~1\Jukka\APPLIC~1\OBJBOO~1\Fragbarb.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\WINDOWS\System32\rmctrl.exe" [2003-12-25 19:15 32768] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-02 19:03 98304] "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 09:33 45056] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 01:59 520192] "EPSON Stylus C44 Series 1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [ ] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10 339968] "hmonitor"="D:\Hmonitor\hmonitor.exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263] "sm"="C:\WINDOWS\sa_exe.exe" [ ] "MPFTray"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ] "MISAggregator"="" [] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "MBM 5"="C:\Program Files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-10 02:04 118837] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 17:06 406016] "SWN2"="C:\Program Files\Spyware Nuker\swnxt.exe" [ ] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-05 22:39 180269] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-27 15:00 579072] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 20:38 35328] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 20:05 2532576] "Windows UDP Control"="winudspm.exe" [] "Windows Messanger Control Center"="svchosl.exe" [] "Windows Controls Center"="winudmr.exe" [] "Windows svchost"="serviceaaa.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-27 15:01 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.JPEG"= JPEGCODE.DLL "VIDC.MPEG"= JPEGCODE.DLL "vidc.iv32"= C:\WINDOWS\System32\ir32_32.dll "vidc.iv31"= C:\WINDOWS\System32\ir32_32.dll "vidc.XVID"= xvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Pelit\\Cod2\\CoD2MP_s.exe"= "C:\\Program Files\\The All-Seeing Eye\\eye.exe"= "D:\\Pelit\\Cod\\CoDMP.exe"= "C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "D:\\Pelit\\MotoGP URT 3\\motogp.exe"= "D:\\Pelit\\World Series Of Poker\\World Series of Poker TOC\\WSOPTOC.exe"= "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"= "D:\\Pelit\\Medal of Honor PA\\mohpa.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= . 'Ajoitetut teht„v„t'-kansion sis„lt” "2008-06-16 18:00:00 C:\WINDOWS\Tasks\B1F59283906A11BF.job" - c:\docume~1\jukka\applic~1\platfo~1\Link settings beep.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-16 21:10:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Sygate\SPF\Smc.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\AdsGone\adsgone.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Real\RealPlayer\realplay.exe . ************************************************************************** . Completion time: 2008-06-16 21:19:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-16 18:18:28 Pre-Run: 1,188,954,112 tavua vapaana Post-Run: 1,854,132,224 tavua vapaana 241 --- E O F --- 2008-05-04 09:34:41
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä: Combofix.exe Combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti * Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi.
Uusin Hjt- logi Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:48:45, on 17.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\AdsGone\adsgone.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D1382FFD-D10C-3D8E-3345-C2BAEAFBB760} - C:\DOCUME~1\Jukka\APPLIC~1\OBJBOO~1\Fragbarb.exe (file missing) O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series 1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P25 "EPSON Stylus C44 Series 1" /O5 "LPT1:" /M "Stylus C44" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hmonitor] D:\Hmonitor\hmonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 8393 bytes Combofix - raportti ComboFix 08-06-15.4 - Jukka 2008-06-17 16:35:19.2 - NTFSx86 Running from: C:\Documents and Settings\Jukka\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Jukka\Työpöytä\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\Jukka\ps.exe C:\Documents and Settings\Jukka\setup.exe C:\Documents and Settings\Jukka\setupa.exe C:\nicks.exe C:\WINDOWS\DC5177176.zip C:\WINDOWS\is154890.exe C:\WINDOWS\system32\lsdelete.exe C:\WINDOWS\winudpmgrs.exe . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Jukka\ps.exe C:\Documents and Settings\Jukka\setup.exe C:\Documents and Settings\Jukka\setupa.exe C:\WINDOWS\DC5177176.zip C:\WINDOWS\is154890.exe C:\WINDOWS\system32\lsdelete.exe C:\WINDOWS\winudpmgrs.exe . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-17 to 2008-06-17 ))))))))))))))))) . 2008-06-16 21:55 . 2008-06-16 21:56 <KANSIO> d-------- C:\Program Files\Windows Live 2008-06-16 21:55 . 2008-06-16 21:56 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-16 21:19 . 2008-06-16 21:19 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja 2008-06-15 21:56 . 2008-06-15 21:56 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-06-03 21:53 . 2008-06-16 21:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-03 21:18 . 2008-06-03 21:18 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback 2008-06-02 22:33 . 2008-06-02 22:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-17 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-06-16 18:56 --------- d-----w C:\Program Files\MSN Messenger 2008-06-03 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 19:33 --------- d-----w C:\Program Files\Lavasoft 2008-06-02 19:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-25 16:28 --------- d-----w C:\Program Files\DC++ 2008-05-07 11:46 --------- d-----w C:\Program Files\XviD 2008-05-07 11:46 --------- d-----w C:\Program Files\DivX 2008-05-04 09:34 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-26 12:15 28,352 ----a-w C:\Documents and Settings\Jukka\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1382FFD-D10C-3D8E-3345-C2BAEAFBB760}] C:\DOCUME~1\Jukka\APPLIC~1\OBJBOO~1\Fragbarb.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\WINDOWS\System32\rmctrl.exe" [2003-12-25 19:15 32768] "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 09:33 45056] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 01:59 520192] "EPSON Stylus C44 Series 1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [ ] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10 339968] "hmonitor"="D:\Hmonitor\hmonitor.exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263] "MPFTray"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ] "MISAggregator"="" [] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "MBM 5"="C:\Program Files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-10 02:04 118837] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 17:06 406016] "SWN2"="C:\Program Files\Spyware Nuker\swnxt.exe" [ ] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-05 22:39 180269] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-27 15:00 579072] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 20:38 35328] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 20:05 2532576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-27 15:01 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.JPEG"= JPEGCODE.DLL "VIDC.MPEG"= JPEGCODE.DLL "vidc.iv32"= C:\WINDOWS\System32\ir32_32.dll "vidc.iv31"= C:\WINDOWS\System32\ir32_32.dll "vidc.XVID"= xvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Pelit\\Cod2\\CoD2MP_s.exe"= "C:\\Program Files\\The All-Seeing Eye\\eye.exe"= "D:\\Pelit\\Cod\\CoDMP.exe"= "C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "D:\\Pelit\\MotoGP URT 3\\motogp.exe"= "D:\\Pelit\\World Series Of Poker\\World Series of Poker TOC\\WSOPTOC.exe"= "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"= "D:\\Pelit\\Medal of Honor PA\\mohpa.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= *Newly Created Service* - CATCHME . 'Ajoitetut tehtävät'-kansion sisältö "2008-06-16 20:00:00 C:\WINDOWS\Tasks\B1F59283906A11BF.job" - c:\docume~1\jukka\applic~1\platfo~1\Link settings beep.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-17 16:37:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Completion time: 2008-06-17 16:38:59 ComboFix-quarantined-files.txt 2008-06-17 13:38:36 ComboFix2.txt 2008-06-16 18:19:29 Pre-Run: 1,809,346,560 tavua vapaana Post-Run: 1,799,864,320 tavua vapaana 142 --- E O F --- 2008-05-04 09:34:41
****************************************** Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK *************************************************************************** Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista. * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki. Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi.
Malwarebytes-loki Malwarebytes' Anti-Malware 1.17 Tietokantaversio: 864 21:01:05 17.6.2008 mbam-log-6-17-2008 (21-01-05).txt Tarkistustyyppi: Täysi tarkistus (C:\|D:\|) Tarkistetut kohteet: 130439 Kulunut aika: 1 hour(s), 18 minute(s), 38 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 8 Saastuneita rekisteriarvoja: 1 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 2 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. uusin Hjt-loki. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:07:06, on 17.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\AdsGone\adsgone.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D1382FFD-D10C-3D8E-3345-C2BAEAFBB760} - C:\DOCUME~1\Jukka\APPLIC~1\OBJBOO~1\Fragbarb.exe (file missing) O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series 1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P25 "EPSON Stylus C44 Series 1" /O5 "LPT1:" /M "Stylus C44" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hmonitor] D:\Hmonitor\hmonitor.exe O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 8970 bytes
No niin ihan puhtaalta omasta mielestäni näyttää eli loppu siivoukset enään. Lataa CCleaner tästä - Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki". - Asennuksen jälkeen aukaise CCleaner. - Valitse vasemmalta pystyrivistä Options. - Valitse viereisestä pystyrivistä Settings. - Language kohtaan valitse Suomi. Puhdistaja - Valitse vasemmalta pystyrivistä Puhdistaja. - Paina alhaalta Tutki. Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.). - Kun tutkiminen on valmis, paina Aja CCleaner. Nyt CCleaner poistaa löydetyt tempit, cookiessit jne. Rekisterin virheiden korjaus - Valitse vasemmalta pystyrivistä Rekisteri. - Paina alhaalta Etsi rekisterin virheitä. - Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet. - Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon. - Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet. - Saat vielä varmistus kysymyksen, paina Ok. - Kun virheet on korjattu, paina Sulje. Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.
Eli nyt kaikki tehty mitä käskitte. Kone on varmasti paremmassa kuosissa kuin ennen tätä "käsittelyä". Aikaa otti, mutta todella paljon kiitoksia hyvistä ja selkeistä ohjeista. Arvostan näkemäänne vaivaa...
