Juu, eli olen nyt monta päivää yrittäny poistaa tuota TurvaPC virusta tuloksetta, joten pyydän nyt teiltä apua. Lisäksi olen vielä onnistunut avaamaan meseviruksen "kaverini lähettämästä" linkistä. Olisin kiitollinen jos joku viitsisi katsoa onko logissa mitään hämärää ja neuvoa minua askel askeleelta kuinka poistaa mahdolliset virukset (olen huono tietokonejutuissa). Eli kopioin tähän nyt sen HJT login.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:33:58, on 5.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe O4 - HKLM\..\Run: [74a78974] rundll32.exe "C:\WINDOWS\system32\uvalgddw.dll",b O4 - HKLM\..\Run: [BM7794bae8] Rundll32.exe "C:\WINDOWS\system32\tfvbusyw.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WintelUpdate] C:\vieiiy.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/npx.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/KeyCrypt/npkcx.cab O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9817 bytes
1.Lataa combofix.exe työpöydällesi yhdestä linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
ComboFix 08-06-04.5 - Eetu 2008-06-06 9:42:05.2 - NTFSx86 Running from: C:\Documents and Settings\Eetu.EEEEE.000\Työpöytä\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM7794bae8.xml C:\WINDOWS\pskt.ini . ---- Previous Run ------- . C:\WINDOWS\BM7794bae8.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\akhqledb.dll C:\WINDOWS\system32\bxutrrqs.exe C:\WINDOWS\system32\cygjcjpn.ini C:\WINDOWS\system32\fccaWQjG.dll C:\WINDOWS\system32\fmdwwexh.exe C:\WINDOWS\system32\FOWHkUtv.ini C:\WINDOWS\system32\FOWHkUtv.ini2 C:\WINDOWS\system32\gjlyacat.ini C:\WINDOWS\system32\GjQWaccf.ini C:\WINDOWS\system32\GjQWaccf.ini2 C:\WINDOWS\system32\gmhasjcc.ini C:\WINDOWS\system32\hayanqpy.ini C:\WINDOWS\system32\kgunwfff.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nafwjlve.dll C:\WINDOWS\system32\obwursoe.exe C:\WINDOWS\system32\pjlytqry.dll C:\WINDOWS\system32\ttnwpltj.exe C:\WINDOWS\system32\wddglavu.ini C:\WINDOWS\system32\vfbsofrh.ini C:\WINDOWS\system32\vtUkHWOF.dll C:\WINDOWS\system32\xsgbkbsr.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_msupdate ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 ))))))))))))))))) . 2008-06-05 19:31 . 2008-06-06 09:42 534 ---hs---- C:\WINDOWS\system32\wddglavu.ini 2008-06-05 19:16 . 2005-10-24 14:13 390,656 --a------ C:\WINDOWS\system32\CF2.exe 2008-06-05 16:33 . 2008-06-05 16:33 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-06-05 13:10 . 2008-06-05 13:10 132,608 --a------ C:\WINDOWS\system32\tbixdryu.dll 2008-06-05 13:07 . 2008-06-05 13:07 116,736 --a------ C:\WINDOWS\system32\uvalgddw.dll 2008-06-05 13:04 . 2008-06-05 13:04 126,976 --a------ C:\WINDOWS\system32\tfvbusyw.dll 2008-06-04 17:01 . 2008-06-04 17:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-06-03 19:20 . 2008-06-03 19:20 86,548 -r-hs---- C:\WINDOWS\service.0xe 2008-06-03 19:19 . 2008-06-03 19:54 4,217 --a------ C:\WINDOWS\is154890.exe 2008-06-02 22:30 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip 2008-06-02 19:27 . 2008-06-02 19:27 129,536 --a------ C:\WINDOWS\system32\drivers\Xqr42.0ys 2008-06-02 19:27 . 2008-06-02 19:27 29 --a------ C:\WINDOWS\system32\deoduoeu.tmp 2008-06-02 19:26 . 2008-06-06 09:47 71,602 --a------ C:\WINDOWS\system32\hcnwg4u.sys 2008-06-02 11:27 . 2008-06-02 11:28 <KANSIO> d-------- C:\BackUpMSNCleaner 2008-06-02 10:24 . 2008-06-02 10:24 132,096 --a------ C:\WINDOWS\system32\dxnvrnwp.0ll 2008-05-16 23:20 . 2008-05-16 23:20 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\AdobeUM 2008-05-15 19:08 . 2008-06-02 19:27 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\F-Secure 2008-05-15 19:00 . 2008-05-15 19:00 <KANSIO> d-------- C:\Program Files\uTorrent 2008-05-15 18:59 . 2008-05-30 07:42 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\uTorrent 2008-05-13 14:12 . 2008-05-13 14:12 <KANSIO> d-------- C:\Buziol Games 2008-05-11 10:22 . 2008-05-21 17:26 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Contacts 2008-05-11 09:40 . 2005-10-24 14:00 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Verkkoympäristö 2008-05-11 09:40 . 2008-06-05 19:40 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Työpöytä 2008-05-11 09:40 . 2005-10-24 14:00 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Tulostinympäristö 2008-05-11 09:40 . 2008-06-05 16:48 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Suosikit 2008-05-11 09:40 . 2008-05-30 13:28 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Omat tiedostot 2008-05-11 09:40 . 2005-10-28 11:50 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Mallit 2008-05-11 09:40 . 2008-05-15 19:00 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Käynnistä-valikko 2008-05-11 09:40 . 2008-05-11 09:40 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\ispnews 2008-05-11 09:40 . 2008-06-05 21:13 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000 2008-05-11 09:25 . 2008-05-11 09:25 <KANSIO> d-------- C:\F-Secure . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 08:04 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-05-24 10:36 --------- d-----w C:\Program Files\wowow 2008-05-24 10:32 --------- d-----w C:\Program Files\WoW Private server 2008-05-11 13:02 --------- d-----w C:\Program Files\Google 2008-05-10 16:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-10 16:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-05-09 15:37 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-05-05 18:44 --------- d-----w C:\Program Files\mIRC 2008-04-29 11:16 --------- d-----w C:\Program Files\Starcraft 2008-04-21 12:54 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-20 17:53 15,440 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-04-20 17:48 70,656 ----a-w C:\WINDOWS\ScUnin.exe 2008-04-20 16:39 --------- d-----w C:\Program Files\starcraft + broodwar 2008-04-20 15:25 --------- d-----w C:\Program Files\PowerISO 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2006-02-26 19:23 178 ----a-w C:\Documents and Settings\Eki\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2008-06-05_19.38.21.98 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-05 16:26:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-06 05:49:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f67558df-8807-4fb1-8c5a-e974c49bdc60}] 2008-06-05 13:10 132608 --a------ C:\WINDOWS\system32\tbixdryu.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-10-24 14:13 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-20 18:20 68856] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2005-10-24 14:02 1388544] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-24 14:13 7110656] "nwiz"="nwiz.exe" [2005-10-24 14:13 1519616 C:\WINDOWS\system32\nwiz.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-10-24 14:13 155648] "F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2007-04-26 20:12 183208] "F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208] "News Service"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" [2005-05-31 15:45 356352] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10 49263] "Windows Messanger Control Center"="svchosl.exe" [] "74a78974"="C:\WINDOWS\system32\uvalgddw.dll" [2008-06-05 13:07 116736] "BM7794bae8"="C:\WINDOWS\system32\tfvbusyw.dll" [2008-06-05 13:04 126976] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-10-24 14:13 15360] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-10-28 11:52:18 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\limeshop] wjview /cp C:\Program Files\LimeShop\System\Code Main lp: C:\Program Files\LimeShop [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwrisovm.exe] --a------ 2008-03-15 02:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task] --a------ 2006-04-01 22:21 77824 C:\Program Files\QuickTime\qttask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17533:TCP"= 17533:TCP:*isabled:BitComet 17533 TCP "17533:UDP"= 17533:UDP:*isabled:BitComet 17533 UDP R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-08-14 09:27] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-02-21 11:18] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07] S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [] S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [] S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys [] S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1dfa432-43c6-11da-9c84-0013d438d2be}] \Shell\AutoRun\command - D:\setupSNK.exe . 'Ajoitetut tehtävät'-kansion sisältö "2008-06-06 05:52:42 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~1\ANTI-V~1\report.txt "2008-06-06 06:41:01 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 09:46:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-06 9:48:47 ComboFix-quarantined-files.txt 2008-06-06 06:48:43 Pre-Run: 116,579,545,088 tavua vapaana Post-Run: 116,578,316,288 tavua vapaana 181 --- E O F --- 2008-06-05 18:12:53
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne: Tallenna se nimellä CFScript.txt Sitten raahaa CFScript ComboFix.exeen kuten alla. Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. ================ scannaa hjt:llä merkkaa paina Fix checked O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe O4 - HKLM\..\Run: [74a78974] rundll32.exe "C:\WINDOWS\system32\uvalgddw.dll",b O4 - HKLM\..\Run: [BM7794bae8] Rundll32.exe "C:\WINDOWS\system32\tfvbusyw.dll",s O4 - HKCU\..\Run: [WintelUpdate] C:\vieiiy.exe O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll ============= pistä raportit ja viimisenä uusi hjt:n loki
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe O4 - HKCU\..\Run: [WintelUpdate] C:\vieiiy.exe Ei enää löytynyt, mutta voi johtua siitä että veli kävi scannaamassa Avira Antiviruksella koneen ja löytyi 1 virus, jonka hän sitten poisti.. Toivottavasti ei haittaa tätä.. Laitan nyt kuitenkin raportit tulemaan. ComboFix 08-06-04.5 - Eetu 2008-06-06 21:37:31.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.450 [GMT 3:00] Running from: C:\Documents and Settings\Eetu.EEEEE.000\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Eetu.EEEEE.000\Omat tiedostot\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\vieiiy.exe C:\WINDOWS\service.0xe C:\WINDOWS\svchosl.exe C:\WINDOWS\system32\tfvbusyw.dll C:\WINDOWS\system32\uvalgddw.dll . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\service.0xe C:\WINDOWS\system32\tfvbusyw.dll C:\WINDOWS\system32\uvalgddw.dll . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 ))))))))))))))))) . 2008-06-06 10:06 . 2008-06-06 10:06 <KANSIO> d-------- C:\Program Files\Avira 2008-06-06 10:06 . 2008-06-06 10:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-05 19:31 . 2008-06-06 09:42 534 ---hs---- C:\WINDOWS\system32\wddglavu.ini 2008-06-05 19:16 . 2005-10-24 14:13 390,656 --a------ C:\WINDOWS\system32\CF2.exe 2008-06-05 16:33 . 2008-06-05 16:33 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-06-05 13:10 . 2008-06-05 13:10 132,608 --a------ C:\WINDOWS\system32\tbixdryu.dll 2008-06-04 17:01 . 2008-06-04 17:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-06-03 19:19 . 2008-06-03 19:54 4,217 --a------ C:\WINDOWS\is154890.exe 2008-06-02 22:30 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip 2008-06-02 19:27 . 2008-06-02 19:27 129,536 --a------ C:\WINDOWS\system32\drivers\Xqr42.0ys 2008-06-02 19:27 . 2008-06-02 19:27 29 --a------ C:\WINDOWS\system32\deoduoeu.tmp 2008-06-02 19:26 . 2008-06-06 21:42 71,602 --a------ C:\WINDOWS\system32\hcnwg4u.sys 2008-06-02 11:27 . 2008-06-02 11:28 <KANSIO> d-------- C:\BackUpMSNCleaner 2008-06-02 10:24 . 2008-06-02 10:24 132,096 --a------ C:\WINDOWS\system32\dxnvrnwp.0ll 2008-05-16 23:20 . 2008-05-16 23:20 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\AdobeUM 2008-05-15 19:08 . 2008-06-02 19:27 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\F-Secure 2008-05-15 19:00 . 2008-05-15 19:00 <KANSIO> d-------- C:\Program Files\uTorrent 2008-05-15 18:59 . 2008-05-30 07:42 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\uTorrent 2008-05-13 14:12 . 2008-05-13 14:12 <KANSIO> d-------- C:\Buziol Games 2008-05-11 10:22 . 2008-06-06 19:50 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Contacts 2008-05-11 09:40 . 2005-10-24 14:00 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Verkkoympäristö 2008-05-11 09:40 . 2008-06-06 21:37 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Työpöytä 2008-05-11 09:40 . 2005-10-24 14:00 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Tulostinympäristö 2008-05-11 09:40 . 2008-06-05 16:48 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Suosikit 2008-05-11 09:40 . 2008-06-06 21:37 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Omat tiedostot 2008-05-11 09:40 . 2005-10-28 11:50 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Mallit 2008-05-11 09:40 . 2008-05-15 19:00 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Käynnistä-valikko 2008-05-11 09:40 . 2008-05-11 09:40 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\ispnews 2008-05-11 09:40 . 2008-06-05 21:13 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000 2008-05-11 09:25 . 2008-05-11 09:25 <KANSIO> d-------- C:\F-Secure . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 08:42 --------- d-----w C:\Program Files\Knight Online 2008-06-02 08:04 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-05-24 10:36 --------- d-----w C:\Program Files\wowow 2008-05-24 10:32 --------- d-----w C:\Program Files\WoW Private server 2008-05-11 13:02 --------- d-----w C:\Program Files\Google 2008-05-10 16:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-10 16:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-05-09 15:37 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-05-05 18:44 --------- d-----w C:\Program Files\mIRC 2008-04-29 11:16 --------- d-----w C:\Program Files\Starcraft 2008-04-21 12:54 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-20 17:53 15,440 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-04-20 17:48 70,656 ----a-w C:\WINDOWS\ScUnin.exe 2008-04-20 16:39 --------- d-----w C:\Program Files\starcraft + broodwar 2008-04-20 15:25 --------- d-----w C:\Program Files\PowerISO 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2006-02-26 19:23 178 ----a-w C:\Documents and Settings\Eki\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2008-06-05_19.38.21.98 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-05 16:26:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-06 05:49:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2007-04-22 09:19:42 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-06-06 07:38:38 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-04-22 09:19:42 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat + 2008-06-06 07:38:38 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat - 2007-04-22 09:19:42 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-06-06 07:38:38 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-08-09 10:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2007-07-18 11:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2007-09-07 09:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 07:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f67558df-8807-4fb1-8c5a-e974c49bdc60}] 2008-06-05 13:10 132608 --a------ C:\WINDOWS\system32\tbixdryu.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-10-24 14:13 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-20 18:20 68856] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2005-10-24 14:02 1388544] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-24 14:13 7110656] "nwiz"="nwiz.exe" [2005-10-24 14:13 1519616 C:\WINDOWS\system32\nwiz.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-10-24 14:13 155648] "F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2007-04-26 20:12 183208] "F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208] "News Service"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" [2005-05-31 15:45 356352] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10 49263] "Windows Messanger Control Center"="svchosl.exe" [] "74a78974"="C:\WINDOWS\system32\uvalgddw.dll" [ ] "BM7794bae8"="C:\WINDOWS\system32\tfvbusyw.dll" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-10-24 14:13 15360] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-10-28 11:52:18 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\limeshop] wjview /cp C:\Program Files\LimeShop\System\Code Main lp: C:\Program Files\LimeShop [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwrisovm.exe] --a------ 2008-03-15 02:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task] --a------ 2006-04-01 22:21 77824 C:\Program Files\QuickTime\qttask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17533:TCP"= 17533:TCP:*isabled:BitComet 17533 TCP "17533:UDP"= 17533:UDP:*isabled:BitComet 17533 UDP R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-08-14 09:27] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-02-21 11:18] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07] S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [] S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [] S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys [] S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1dfa432-43c6-11da-9c84-0013d438d2be}] \Shell\AutoRun\command - D:\setupSNK.exe *Newly Created Service* - antivirscheduler *Newly Created Service* - antivirservice *Newly Created Service* - avgio *Newly Created Service* - avgntflt *Newly Created Service* - avipbb . 'Ajoitetut tehtävät'-kansion sisältö "2008-06-06 05:52:42 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~1\ANTI-V~1\report.txt "2008-06-06 18:41:03 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 21:41:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-06 21:44:18 ComboFix-quarantined-files.txt 2008-06-06 18:44:12 ComboFix2.txt 2008-06-06 06:48:49 Pre-Run: 116,387,651,584 tavua vapaana Post-Run: 116,444,114,944 tavua vapaana 177 --- E O F --- 2008-06-05 18:12:53 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:45:42, on 6.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {06cdb94c-479e-a5c8-1bf4-7088fd85576f} - {f67558df-8807-4fb1-8c5a-e974c49bdc60} - C:\WINDOWS\system32\tbixdryu.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe O4 - HKLM\..\Run: [74a78974] rundll32.exe "C:\WINDOWS\system32\uvalgddw.dll",b O4 - HKLM\..\Run: [BM7794bae8] Rundll32.exe "C:\WINDOWS\system32\tfvbusyw.dll",s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/npx.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/KeyCrypt/npkcx.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 11499 bytes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:02:21, on 7.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {06cdb94c-479e-a5c8-1bf4-7088fd85576f} - {f67558df-8807-4fb1-8c5a-e974c49bdc60} - C:\WINDOWS\system32\tbixdryu.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/npx.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/KeyCrypt/npkcx.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 11167 bytes
Poista lisää poista sovelutuksesta Mario Forever Toolbar Helper Mario Forever Toolbar Poista kansio vikasiedossa C:\Program Files\Mario Forever Toolbar Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne: Tallenna se nimellä CFScript.txt Sitten raahaa CFScript ComboFix.exeen kuten alla. Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. =========== Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi.
