Miten saan CID pop-upit poistettua?

Elikkä ruudulle rupesi tulemaan noita pop-uppeja, enkä ole saanut niitä poistettua.Ajattelin että joku täällä voisi auttaa.

Kiitoksia jo etukäteen.

Alla HjT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:14, on 12.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Asennettu\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Razer\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Asennettu\Windows Defender\MSASCui.exe
E:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\NOD32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\updater\explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Asennettu\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Asennettu\DAEMON Tools\daemon.exe
E:\Asennettu\Samurize\Client.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Asennettu\AnyDVD\AnyDVD.exe
C:\DOCUME~1\Arska\LOCALS~1\Temp\ir_ext_temp_14\autorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\NOD32\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
E:\Asennettu\Razer\razertra.exe
E:\Asennettu\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
E:\Asennettu\foobar2000\foobar2000.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Opera\Opera.exe
E:\Upload\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DeathAdder] e:\Asennettu\Razer\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "E:\Asennettu\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DefragTaskBar] "e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\Knob tons.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Asennettu\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Asennettu\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] E:\Asennettu\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [extra mags] C:\DOCUME~1\Arska\APPLIC~1\FASTST~1\Dent Open.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\Syst

 

Auttaisiko joku? Menee hermot noihin pop-uppeihin. Niitä tulee vaan lisää ja lisää. Kattokaa samalla onko jotain muuta p**kaa koneella.

 

laitatko koko hjt-loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:02, on 15.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Asennettu\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Razer\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Asennettu\Windows Defender\MSASCui.exe
E:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\NOD32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\updater\explorer.exe
E:\Asennettu\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Asennettu\DAEMON Tools\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Asennettu\Samurize\Client.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Asennettu\AnyDVD\AnyDVD.exe
C:\DOCUME~1\Arska\LOCALS~1\Temp\ir_ext_temp_9\autorun.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
E:\Asennettu\Razer\razertra.exe
C:\NOD32\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
E:\Asennettu\Razer\razerofa.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\NOD32\nod32.exe
E:\Asennettu\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DeathAdder] e:\Asennettu\Razer\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "E:\Asennettu\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DefragTaskBar] "e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Asennettu\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Asennettu\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] E:\Asennettu\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [extra mags] C:\DOCUME~1\Arska\APPLIC~1\FASTST~1\Dent Open.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = E:\Asennettu\Samurize\Client.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185231439125
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshampooDefragService - - e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\NOD32\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5432 bytes

 

moi

ja sitten...

Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKCU\..\Run: [extra mags] C:\DOCUME~1\Arska\APPLIC~1\FASTST~1\Dent Open.exe


Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki 1
Linkki 2
Linkki 3
Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
Tuplaklikkaa NoLop.exe ajaaksesi sen

Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
Klikkaa "REBOOT"-painiketta.
NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.


ja sitten..

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


Lähetä C:\NoLop.log + C:\ComboFix.txt + uusi hjt-loki

 

Moro.

Tässä tää HjT-logi on:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:32, on 15.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Asennettu\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Razer\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\NOD32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Asennettu\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
E:\Asennettu\Samurize\Client.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\Arska\LOCALS~1\Temp\ir_ext_temp_10\autorun.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\NOD32\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
E:\Asennettu\Razer\razertra.exe
E:\Asennettu\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
E:\Asennettu\Mozilla Firefox\firefox.exe
E:\Asennettu\PacSteamT\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [DeathAdder] e:\Asennettu\Razer\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Windows Defender] "E:\Asennettu\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DefragTaskBar] "e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Asennettu\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Asennettu\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] E:\Asennettu\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = E:\Asennettu\Samurize\Client.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185231439125
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshampooDefragService - - e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\NOD32\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4713 bytes

Ja vielä NoLop-logi:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Arska\Työpöytä
[15.11.2007]
[21:17:43]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Ashampoo
C:\Documents and Settings\All Users\Application Data\Ati
C:\Documents and Settings\All Users\Application Data\Close Poke Frag Ooze -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Slysoft
C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Arska\Application Data\Accuraterip
C:\Documents and Settings\Arska\Application Data\Apple Computer
C:\Documents and Settings\Arska\Application Data\Ati
C:\Documents and Settings\Arska\Application Data\Fast Store Mess -- EMPTY Directory
C:\Documents and Settings\Arska\Application Data\Foobar2000
C:\Documents and Settings\Arska\Application Data\Gtk-2.0
C:\Documents and Settings\Arska\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Arska\Application Data\Identities
C:\Documents and Settings\Arska\Application Data\Imgburn
C:\Documents and Settings\Arska\Application Data\Installshield
C:\Documents and Settings\Arska\Application Data\Macromedia
C:\Documents and Settings\Arska\Application Data\Media Player Classic
C:\Documents and Settings\Arska\Application Data\Microsoft
C:\Documents and Settings\Arska\Application Data\Mozilla
C:\Documents and Settings\Arska\Application Data\Teracopy
C:\Documents and Settings\Arska\Application Data\Tuneup Software
C:\Documents and Settings\Arska\Application Data\Utorrent
C:\Documents and Settings\Arska\Application Data\Vlc
C:\Documents and Settings\Arska\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft

 

combo loki vielä....

 

ComboFix 07-11-08.1 - Arska 2007-11-15 21:45:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1442 [GMT 2:00]
Running from: C:\Documents and Settings\Arska\Työpöytä\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Arska\Application Data\macromedia\Flash Player\iforex.com
C:\Documents and Settings\Arska\Application Data\macromedia\Flash Player\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Arska\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Arska\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Arska\Suosikit\Error Cleaner.url
C:\Documents and Settings\Arska\Suosikit\Privacy Protector.url
C:\Documents and Settings\Arska\Suosikit\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-10-15 to 2007-11-15 )))))))))))))))))
.

2007-11-15 21:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 21:13 848 --a------ C:\delete.bat
2007-11-15 18:54 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\uTorrent
2007-11-15 18:40 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\Fast Store Mess
2007-11-15 18:30 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-13 19:47 <KANSIO> d-------- C:\Program Files\Kaspersky Lab
2007-11-10 15:20 <KANSIO> d-------- C:\Program Files\iPod
2007-11-10 15:18 <KANSIO> d-------- C:\Program Files\QuickTime
2007-11-09 19:48 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-09 19:48 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-09 19:48 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-09 19:48 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-09 19:48 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-09 19:48 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-09 19:48 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-11-09 19:48 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-11-09 19:48 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-11-09 19:23 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\TeraCopy
2007-11-08 17:11 <KANSIO> d-------- C:\Program Files\Fast Store Mess
2007-11-06 16:26 <KANSIO> d-------- C:\WINDOWS\system32\updater
2007-11-06 16:21 <KANSIO> d-------- C:\Documents and Settings\Arska\Incomplete
2007-11-06 16:20 <KANSIO> d-------- C:\Program Files\Java
2007-11-06 16:19 <KANSIO> d-------- C:\Program Files\Common Files\Java
2007-11-04 16:54 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\ATI
2007-11-04 16:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-11-04 16:54 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-04 16:49 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2007-11-04 16:49 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-11-04 16:49 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-11-04 16:48 <KANSIO> d-------- C:\Program Files\ATI Technologies
2007-11-04 14:09 22,328 --a------ C:\Documents and Settings\Arska\Application Data\PnkBstrK.sys
2007-11-03 10:07 <KANSIO> d-------- C:\temp\byeP393468.tmp
2007-11-03 10:07 <KANSIO> d-------- C:\temp
2007-10-29 17:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-29 17:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-29 17:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-29 12:13 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-10-29 10:12 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-10-27 20:07 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\vlc
2007-10-22 14:44 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-10-22 14:43 <KANSIO> d-------- C:\Program Files\Image-Line
2007-10-22 14:42 <KANSIO> d-------- C:\Program Files\Steinberg
2007-10-22 14:41 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-10-16 19:12 <KANSIO> d-------- C:\WINDOWS\San Andreas Mod Installer
2007-10-16 18:52 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-15 12:44 <KANSIO> d-------- C:\Program Files\Common Files\Download Manager

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 19:13 --------- d-----w C:\Documents and Settings\Arska\Application Data\foobar2000
2007-11-13 17:47 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2007-11-09 17:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 15:19 --------- d-----w C:\Documents and Settings\Arska\Application Data\gtk-2.0
2007-10-27 18:07 --------- d-----w C:\Documents and Settings\Arska\Application Data\vlc
2007-10-12 16:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-12 16:32 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-11 16:44 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-10-11 16:44 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-11 16:44 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-08 13:23 --------- d-----w C:\Program Files\Apple Software Update
2007-10-08 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="e:\Asennettu\Razer\razerhid.exe" [2007-05-07 16:40]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"Windows Defender"="E:\Asennettu\Windows Defender\MSASCui.exe" [2006-11-03 17:20]
"DefragTaskBar"="e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-02-12 11:57]
"nod32kui"="C:\NOD32\nod32kui.exe" [2007-10-11 18:44]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="E:\Asennettu\Itunes\iTunesHelper.exe" [2007-11-02 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"DAEMON Tools"="e:\Asennettu\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"AnyDVD"="E:\Asennettu\AnyDVD\AnyDVD.exe" [2007-06-23 13:13]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [2006-05-11 16:05:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys
S3 CyUsb;Cypress Generic USB Driver;C:\WINDOWS\system32\Drivers\CyUsb.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-10 12:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-15 16:57:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- E:\Asennettu\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 21:46:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 21:46:50
.
--- E O F ---

 

jatketaan...

Poista kansiot:
C:\Documents and Settings\All Users\Application Data\Close Poke Frag Ooze
C:\Documents and Settings\Arska\Application Data\Fast Store Mess



Varmistu ensin, että piilotiedostot on näkyvillä.

Piilotiedostot näkyviin

Mene --> tänne

Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.

C:\WINDOWS\system32\updater\explorer.exe

Lähetä skannin tulokset seuraavassa viestissäsi.

Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html

 

Scan taken on 15 Nov 2007 20:11:01 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

 

ja sitten vielä varmistusta

Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

• Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
• Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
• Klikkaa nyt asetuksia, Scan Settings
• Tarkista asetuksista, että seuraavat ovat valittuina:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (Jos valittavissa, muuten valitse Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Klikkaa OK
• Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
• Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
• Klikkaa nyt Save as Text-painiketta.
• Tallenna tiedosto työpöydällesi.
• Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
  
  Lähetä kasperskyn loki ja uusi hjt-loki

 

Noniin.

Hjt-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:11:34, on 16.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Asennettu\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Razer\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Asennettu\Windows Defender\MSASCui.exe
E:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\NOD32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Asennettu\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Asennettu\DAEMON Tools\daemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Asennettu\Samurize\Client.exe
E:\Asennettu\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\NOD32\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
E:\Asennettu\Razer\razertra.exe
E:\Asennettu\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Asennettu\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [DeathAdder] e:\Asennettu\Razer\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Windows Defender] "E:\Asennettu\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DefragTaskBar] "e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Asennettu\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Asennettu\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] E:\Asennettu\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = E:\Asennettu\Samurize\Client.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185231439125
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshampooDefragService - - e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\NOD32\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4859 bytes

Ja tässä Kasperskyn:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 16, 2007 12:11:06 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/11/2007
Kaspersky Anti-Virus database records: 459989
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 109489
Number of viruses found: 3
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 01:08:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07242007-143632.log Object is locked skipped
C:\Documents and Settings\Arska\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\Arska\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\Arska\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\Arska\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5579EAA6-BF7B-4957-9163-C9E5AB3FE3DB} Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Sivuhistoria\History.IE5\MSHist012007111520071116\index.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Temp\BCG1.tmp Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Temp\Perflib_Perfdata_a8.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arska\ntuser.dat Object is locked skipped
C:\Documents and Settings\Arska\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\NOD32\cache\CACHE.NDB Object is locked skipped
C:\NOD32\cache\FND0.NFI Infected: Trojan.Win32.Dialer.qn skipped
C:\NOD32\infected\CECOYACA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\CECOYACA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\CECOYACA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\CECOYACA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\infected\CTSTJIBA.NQF/stream/data0004 Infected: Trojan-Downloader.Win32.Zlob.dzf skipped
C:\NOD32\infected\CTSTJIBA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dzf skipped
C:\NOD32\infected\CTSTJIBA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\CTSTJIBA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\infected\FRI2F5DA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\FRI2F5DA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\FRI2F5DA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\FRI2F5DA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\infected\LHRTKHAA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\LHRTKHAA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\LHRTKHAA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\LHRTKHAA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\infected\MV4YCDDA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\MV4YCDDA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\MV4YCDDA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\MV4YCDDA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\logs\virlog.dat Object is locked skipped
C:\NOD32\logs\warnlog.dat Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\applog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\pktlog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\seclog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3009275C-5A24-467D-9DCE-5AE5E7037EFC}\RP296\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8D8DC2A5-29DD-4429-BF8A-9CBF0E15FA8A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Asennettu\Ashampoo Magical Defrag 2\log\log_main.txt Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{3009275C-5A24-467D-9DCE-5AE5E7037EFC}\RP296\change.log Object is locked skipped

Scan process completed.

 

jep ,puhdasta on
Nuo kaikki mitä kaspersky löysi on Nodin karanteenis
vielä ongelmia???

 

Ei enää mitään ongelmaa. Kiitos erittäin paljon.

 

tämä tiedosto on vielä ongelmana C:\WINDOWS\system32\updater\explorer.exe
lähteä kopio siitä F-Securelle,muista laittaa siihen sun sähköposti osoite,ne yleensä vastaa aika nopeasti
tässä linkki,kerro loppu tulos(merkaa se Malware kohta)
http://www.f-secure.com/samples/index.html
sitten voit huomenna joskus laittaa tuo tiedosto uudestaan sinne jotti/virustotal skannaukseen jos f-securelta ei ole kuulunut mitään

 

Nonii. F-Securelta tuli viestiä, että puhdas on toi tiedosto. Kaikki siis hyvin.

 

OK hyvä juttu
sitten on kaikki kunnossa