MSN viirus

Eli koneellani on ilmeisesti joku MSN virus, koska koneeni lähettää kavereilleni jotain ihme tiedostoja mesen kautta. Olen skannannut koneeni spybot search&destroy:lla mutta ei löytynyt mitään.
Toivottavasti joku osaisi auttaa.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:58, on 2.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\poweroff.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\client.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Client] client.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Client] client.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-21-2443546442-261103543-2799536739-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Kimmo')
O4 - HKUS\S-1-5-21-2443546442-261103543-2799536739-1009\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Kimmo')
O4 - HKUS\S-1-5-21-2443546442-261103543-2799536739-1010\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Carita')
O4 - HKUS\S-1-5-21-2443546442-261103543-2799536739-1010\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Carita')
O4 - HKUS\S-1-5-21-2443546442-261103543-2799536739-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Järjestelmänvalvoja')
O4 - HKUS\S-1-5-21-2443546442-261103543-2799536739-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Järjestelmänvalvoja')
O4 - S-1-5-21-2443546442-261103543-2799536739-1009 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Kimmo')
O4 - S-1-5-21-2443546442-261103543-2799536739-1010 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Carita')
O4 - S-1-5-21-2443546442-261103543-2799536739-500 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Järjestelmänvalvoja')
O4 - S-1-5-21-2443546442-261103543-2799536739-500 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Järjestelmänvalvoja')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223063829640
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Poweroff - Jorgen Bosman - C:\WINDOWS\system32\poweroff.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9263 bytes

 

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

• Käynnistä tietokone
• Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
• Seuraavaksi pitäisi ilmestyä valikko
• Valitse valikosta vikasietotila.

• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio). Työpöydälle ilmestyy sdfix.exe. Tuplakilikkaa sitä, niin tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM c:\SDFix
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

 

Tossa SDfix


SDFix: Version 1.240
Run by HP_Omistaja on ma 03.08.2009 at 02:11

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\HP_Omistaja.YOUR-B62381BA23\Ty”p”yt„\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found


Ja tässä hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:55, on 3.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\poweroff.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\client.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Client] client.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Client] client.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223063829640
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Poweroff - Jorgen Bosman - C:\WINDOWS\system32\poweroff.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7741 bytes

 

#1.
Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.

• Main:n alla valitse: Select All
  Klikkaa Empty Selected valintaa.
  Jos käytät FireFoxia selaimenasi
  • Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasi
    • Klikkaa Opera yläpuolelta ja valitse: Select All
      Klikkaa Empty Selected valintaa taas.
      HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
      Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
      Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
      
      #2.
      Skannaa koneesi Kaspersky Online Skannerilla
      
      1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
      2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
      3. Kun lataus on valmis, klikkaa Settings.
      4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
      
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
      
      5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
      6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
      7. Näet listan saastuneista kohteista. Klikkaa Save Report As....
      8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
      9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

 

Kiitos avusta tähän asti, mutta sain ongelman korjattua asentamalla windows liven uudestaan.

 

jos suinkin vaan jaksat/viitsit ajaa ton Kaspersky Online Skannerin ja lähettää sen tulokset...ja uuden HijackThis-lokin..

oli muutama rivi hjt:ssä jotka jäi vaivaamaan...

 

Tossa menee nii kauan, mutta voin laittaa sen ensi yöksi menemään.

 

vaihdetaan online scanneria..sellaiseen joka myös poistaa jos siellä jotain on..

Tarkista koneesi F-Securen online skannerilla
[*]Rastita I have read and accepted the license term ja paina install.

[*]Jos käytät firefoxia, sinua pyydetään asentamaan F-securen lisäosa. Asenna se ja valitse "Käynnistä selain uudelleen" kun lisäosa on asennettu.
[*]Jos käytät Internet Exploreria, sinua pyydetään asentamaan Active X komponentti, asenna se.

[*]Paina Start. Sivusto lataa hetken ja F-secure Online Scanner -ikkuna aukeaa.
[*]Valitse My scan ja paina sen alla Show option.
[*]Valitse Select file types for scanning -kohtaan "all file types" ja rastita myös sen alla oleva "Scan inside compressed files (zip, rar, lzh, ...)" ja paina Ok.
[*]Paina Start. Ohjelma lataa tarvittavat tiedostot ja aloittaa skannauksen. Skannauksessa voi kestää jonkin aikaa.
[*]Kun skannaus valmis, varmista että Clean the files -kohdan merkki on kohdassa: "Automatically (recommended)" ja paina "Next".
[*]Kun puhdistus on suoritettu paina "Full report...". Raportti aukeaa selaimeesi. Mene raportti sivulle ja paina Ctrl ja A maalataksesi koko sivuston tekstin ja paina Ctrl ja C kopioidaksesi maalatun tekstin.
[*]Liitä F-securen skannaus raportti seuraavaan viestiisi painamalla Ctrl ja V vastaus kenttään.

lähetä:
F-securen skannaus raportti
uusi hjt-loki

 

Tossa ois toi F-securen raportti



Scanning Report
Wednesday, August 5, 2009 02:21:19 - 17:34:16

Computer name: YOUR-B62381BA23
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
1 malware found
Trojan.Generic.1615645 (virus)

* C:\Windows\client.exe
Statistics
Scanned:

* Files: 1265007
* System: 3755
* Not scanned: 311

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* Not cleaned: 0
* Submitted: 1

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\CLIENT.EXE
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_5A4.DAT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\RECYCLER\S-1-5-21-3312633933-1391119038-1080700280-1010\DC1.LNK
* C:\RECYCLER\S-1-5-21-1189839614-3599874765-1768698519-1008\DC10.TORRENT
* C:\RECYCLER\S-1-5-21-1189839614-3599874765-1768698519-1008\DC11.ZIP
* C:\RECYCLER\S-1-5-21-1189839614-3599874765-1768698519-1008\DC12.ZIP
* C:\RECYCLER\S-1-5-21-1189839614-3599874765-1768698519-1008\DC13.EXE
* C:\RECYCLER\S-1-5-21-1189839614-3599874765-1768698519-1008\DC7.ZIP
* C:\RECYCLER\S-1-5-21-1189839614-3599874765-1768698519-1008\DC8.EXE
* C:\RECYCLER\S-1-5-21-1189839614-3599874765-1768698519-1008\DC9.TORRENT
* C:\Program Files\World of Warcraft\Data\common.MPQ
* C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}\SETUP.ILG
* C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\SETUP.ILG
* C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{06F80017-8F98-4C94-B868-52358569FC32}\SETUP.ILG
* C:\Program Files\Garena\mdata.ggz\mh.xml
* C:\Program Files\Garena\skin_bs\garenatv.ggz\garenatv.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\GTVBtnOff.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\GTVBtnOn.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\GTVDetailsBG.png
* C:\Program Files\Garena\skin_bs\garenatv.ggz\GTVHighlight.png
* C:\Program Files\Garena\skin_bs\garenatv.ggz\GTVLVIcons.png
* C:\Program Files\Garena\skin_bs\garenatv.ggz\GTVPanel.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\Header.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\menu.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\ProgressBarBgH.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\ProgressBarBgV.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\ProgressBarH.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\ProgressBarV.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\rateempty.png
* C:\Program Files\Garena\skin_bs\garenatv.ggz\ratefull.png
* C:\Program Files\Garena\skin_bs\garenatv.ggz\Tab.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\TabBg.bmp
* C:\Program Files\Garena\skin_bs\garenatv.ggz\ui.xml
* C:\Program Files\Garena\skin_bs\garenatv.ggz\Window.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\split_h.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\split_v.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\splitter_h.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\Tab.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\TabBg.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\ui.xml
* C:\Program Files\Garena\skin_bs\Skin.ggz\Window.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\Others.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/0.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/1.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/100.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/11.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/2.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/3.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/4.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/5.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/6.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\usertype/Thumbs.db
* C:\Program Files\Garena\skin_bs\Skin.ggz\Arrow_Down.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\Arrow_Up.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\Button.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\comment_header.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\GameIconsBig.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\goldmem.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\Header.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\login_gg_logo.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\login_header_bar.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\Logo.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\menu.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\messagetab.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\outbar_lab.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\panel.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\ProgressBarBgH.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\ProgressBarBgV.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\ProgressBarH.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\ProgressBarV.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\ScrollBarArrows.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\ScrollBarArrowsHBg.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\ScrollNews.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\shop_gm.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\shop_gm_type.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\shop_magic_item.bmp
* C:\Program Files\Garena\skin_bs\Skin.ggz\Skin.xml
* C:\Program Files\Garena\skin_bs\Skin.ggz\skinmsn.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\garenatv.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\GTVBtnOff.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\GTVBtnOn.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\GTVDetailsBG.png
* C:\Program Files\Garena\Skin\garenatv.ggz\GTVHighlight.png
* C:\Program Files\Garena\Skin\garenatv.ggz\GTVLVIcons.png
* C:\Program Files\Garena\Skin\garenatv.ggz\GTVPanel.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\Header.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\menu.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\ProgressBarBgH.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\ProgressBarBgV.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\ProgressBarH.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\ProgressBarV.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\rateempty.png
* C:\Program Files\Garena\Skin\garenatv.ggz\ratefull.png
* C:\Program Files\Garena\Skin\garenatv.ggz\Tab.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\TabBg.bmp
* C:\Program Files\Garena\Skin\garenatv.ggz\ui.xml
* C:\Program Files\Garena\Skin\garenatv.ggz\Window.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\Arrow_Down.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\Arrow_Up.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\Button.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\comment_header.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\GameIconsBig.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\Header.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\login_gg_logo.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\login_header_bar.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\Logo.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\menu.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\messagetab.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\Others.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\outbar_lab.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\panel.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\ProgressBarBgH.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\ProgressBarBgV.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\ProgressBarH.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\ProgressBarV.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\ScrollBarArrows.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\ScrollBarArrowsHBg.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\ScrollNews.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\shop_gm.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\shop_gm_type.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\shop_magic_item.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\skinmsn.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\split_h.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\split_v.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\Tab.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\TabBg.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\ui.xml
* C:\Program Files\Garena\Skin\Skin.ggz\usertype/0.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\usertype/1.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\usertype/100.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\usertype/11.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\usertype/2.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\usertype/3.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\usertype/4.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\usertype/5.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\usertype/6.bmp
* C:\Program Files\Garena\Skin\Skin.ggz\Window.bmp
* C:\Program Files\Garena\Languages\FPSGame.dll.cn\lang.xml
* C:\Program Files\Garena\Languages\FPSGame.dll.en\lang.xml
* C:\Program Files\Garena\Languages\FPSGame.dll.tw\lang.xml
* C:\Program Files\Garena\Languages\Garena.exe.br\Garena.exe.br.xml
* C:\Program Files\Garena\Languages\Garena.exe.cn\Garena.exe.cn.xml
* C:\Program Files\Garena\Languages\Garena.exe.en\Garena.exe.en.xml
* C:\Program Files\Garena\Languages\Garena.exe.id\Garena.exe.id.xml
* C:\Program Files\Garena\Languages\Garena.exe.ru\Garena.exe.ru.xml
* C:\Program Files\Garena\Languages\Garena.exe.sp\Garena.exe.sp.xml
* C:\Program Files\Garena\Languages\Garena.exe.th\Garena.exe.th.xml
* C:\Program Files\Garena\Languages\Garena.exe.tw\Garena.exe.tw.xml
* C:\Program Files\Garena\Languages\Garena.exe.vn\Garena.exe.vn.xml
* C:\Program Files\Garena\Languages\GarenaTV_UI.dll.cn\lang.xml
* C:\Program Files\Garena\Languages\GarenaTV_UI.dll.cn\server.xml
* C:\Program Files\Garena\Languages\GarenaTV_UI.dll.en\lang.xml
* C:\Program Files\Garena\Languages\GarenaTV_UI.dll.en\server.xml
* C:\Program Files\Garena\Languages\GarenaTV_UI.dll.id\lang.xml
* C:\Program Files\Garena\Languages\GarenaTV_UI.dll.id\server.xml
* C:\Program Files\Garena\Languages\GarenaTV_UI.dll.tw\lang.xml
* C:\Program Files\Garena\Languages\GarenaTV_UI.dll.tw\server.xml
* C:\Program Files\Garena\Languages\update.exe.cn\update.exe.cn.xml
* C:\Program Files\Garena\Languages\update.exe.tw\update.exe.tw.xml
* C:\Program Files\Garena\Languages\update2.exe.cn\update2.exe.cn.xml
* C:\Program Files\Garena\Languages\update2.exe.tw\update2.exe.tw.xml
* C:\Program Files\Garena\Languages\WC3Ass.dll.cn\lang.xml
* C:\Program Files\Garena\Languages\WC3Ass.dll.en\lang.xml
* C:\Program Files\Garena\Languages\WC3Ass.dll.tw\lang.xml
* C:\Program Files\Garena\Languages\WC3Ass.dll.vn\lang.xml
* C:\Program Files\Garena\Languages\WC3Ladder.dll.cn\lang.xml
* C:\Program Files\Garena\Languages\WC3Ladder.dll.en\lang.xml
* C:\Program Files\Garena\Languages\WC3Ladder.dll.tw\lang.xml
* C:\Program Files\Garena\GarenaTV\cn_s.ggz\lang.xml
* C:\Program Files\Garena\GarenaTV\cn_s.ggz\server.xml
* C:\Program Files\Garena\GarenaTV\en_s.ggz\lang.xml
* C:\Program Files\Garena\GarenaTV\en_s.ggz\server.xml
* C:\Program Files\Garena\GarenaTV\en.ggz\default.xml
* C:\Program Files\Garena\GarenaTV\en.ggz\dota657b.xml
* C:\Program Files\Garena\GarenaTV\en.ggz\dota659.xml
* C:\Program Files\Garena\GarenaTV\cn.ggz\default_cn.xml
* C:\Program Files\Garena\GarenaTV\cn.ggz\dota657b_cn.xml
* C:\Program Files\Garena\GarenaTV\cn.ggz\dota659_cn.xml
* C:\Program Files\Garena\GarenaTV\id_s.ggz\server.xml
* C:\Program Files\Garena\GarenaTV\tw_s.ggz\lang.xml
* C:\Program Files\Garena\GarenaTV\tw_s.ggz\server.xml
* C:\Program Files\Garena\GarenaTV\tw.ggz\default_tw.xml
* C:\Program Files\Garena\GarenaTV\tw.ggz\dota657b_tw.xml
* C:\Program Files\Garena\GarenaTV\tw.ggz\dota659_tw.xml
* C:\PROGRAM FILES\F-SECURE\FSAUA\SUBSCRIPTIONS\AVH_LIBRADB
* C:\Program Files\BitLord\Downloads\GTA San Andreas.rar
* C:\Program Files\BitLord\Downloads\Rollercoaster tycoon\RollerCoaster Tycoon [Geedunk].rar\RollerCoaster Tycoon [Geedunk]\RollerCoaster Tycoon [Geedunk].iso
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\HP_OMISTAJA.YOUR-B62381BA23\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\HP_OMISTAJA.YOUR-B62381BA23\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\HP_OMISTAJA.YOUR-B62381BA23\LOCAL SETTINGS\TEMP\FMLD4F.TMP
* C:\DOCUMENTS AND SETTINGS\HP_OMISTAJA.YOUR-B62381BA23\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\HP_OMISTAJA.YOUR-B62381BA23\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip\chrome.manifest
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip\components/IMeMedia_FF.xpt
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip\components/MeMedia_FF.dll
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip\install.js
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip\install.rdf
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip\vssver2.scc
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass1.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS.zip\dat.txt
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.0ip\nsduo.dll
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.0ip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS1.zip\dat.txt
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS1.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS2.zip\dat.txt
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS2.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS3.zip\dat.txt
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS3.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS4.zip\dat.txt
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCMSVPS4.zip\sbRecovery.ini

Options
Scanning engines:

Scanning options:

* Scan all files
* Scan inside archives
* Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.





HIJACK


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:01, on 5.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\poweroff.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Client] client.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Client] client.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223063829640
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Poweroff - Jorgen Bosman - C:\WINDOWS\system32\poweroff.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7477 bytes

 

Niin ja piti myös sanoa, että msn ongelma ei poistunut.
Tänään alkoi taas lähettelemään viestejä. Kun suljen messengerin niin kone kirjautuu itsestään tunnuksillani ja alkaa lähettelemään tiedostoja. tämän takia poistin windowsliven koneeltani siksi aikaa, kunnes virus on saatu pois.

 

#1.Avaa HijackThis, Klikkaa Do system scan only. Merkkaa nämä rivit:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Client] client.exe
O4 - HKCU\..\Run: [Windows Client] client.exe

Sulje sitten kaikki muut ikkunat, paitsi HjT.
Sammuta myös selaimesi.
Klikkaa sitten HjT:ssä nappia Fix checked.
Sulje HijackThis.
>>Käynnistä kone uudestaan

#2Laita piilotiedostot näkyviin.
Poista nämä tiedostot: (mene tarvittaessa vikasietotilaan jos ei muuten lähde)

C:\Windows\client.exe


#3.Päivitä Malwarebytes' Anti-Malware ja skannaa koneesi sillä.

• Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
• Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
• Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
• Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
• Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
• Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
• Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
• Lähetä lokin sisältö seuraavassa viestissäsi.

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.


#4.Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 1
Linkki 2
Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

• Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
  
• Tuplaklikkaa Combofix.exe ja noudata ohjeita.
  
• Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.
  
• Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.



Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:



Klikkaa Kyllä jatkaaksesi skannausta.

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:
C:\ComboFix.txt
Uusi HijackThis-loki

Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

#5.
lähetä :
Malwarebytes' Anti-Malwaren loki
ComboFixin loki
tuore hjt-loki

 

Ihan ensiksi... Tiedostoa client.exe ei löytynyt kohteesta c/windows.
Mutta luulen, että joku virustorjunta ehti poistaa sen ennen minua...

sitten logeja.

Malware

Malwarebytes' Anti-Malware 1.40
Tietokantaversio: 2551
Windows 5.1.2600 Service Pack 2

6.8.2009 22:22:04
mbam-log-2009-08-06 (22-22-04).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 370550
Kulunut aika: 2 hour(s), 31 minute(s), 26 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 3

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows client (Backdoor.Bot) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP143\A0028675.0xe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP148\A0029131.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\client.0xe (Backdoor.Bot) -> Quarantined and deleted successfully.



_______________________________________

ComboFix 09-08-04.04 - HP_Omistaja 06.08.2009 18:57.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.3071.2604 [GMT 3:00]
Running from: c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Työpöytä\ComboFix.exe
AV: F-Secure Client Security 7.10 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 7.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\recycler\S-1-5-21-1189839614-3599874765-1768698519-1008
c:\recycler\S-1-5-21-1189839614-3599874765-1768698519-1009
c:\recycler\S-1-5-21-1189839614-3599874765-1768698519-1010
c:\recycler\S-1-5-21-1189839614-3599874765-1768698519-1011
c:\recycler\S-1-5-21-3312633933-1391119038-1080700280-1008
c:\recycler\S-1-5-21-3312633933-1391119038-1080700280-1009
c:\recycler\S-1-5-21-3312633933-1391119038-1080700280-1010
c:\windows\Installer\12c895.msi
c:\windows\Installer\12e6ff0.msi
c:\windows\Installer\13cfc19.msp
c:\windows\Installer\13f9eb.msi
c:\windows\Installer\13fa04.msp
c:\windows\Installer\148ddf1.msp
c:\windows\Installer\14db7f.msi
c:\windows\Installer\14eaf18.msi
c:\windows\Installer\164370e.msi
c:\windows\Installer\1704929.msi
c:\windows\Installer\1704934.msi
c:\windows\Installer\19bb884.msi
c:\windows\Installer\1adf1b0.msi
c:\windows\Installer\1adf1bb.msi
c:\windows\Installer\1bb17.msi
c:\windows\Installer\1bb2e.msi
c:\windows\Installer\1bb35.msi
c:\windows\Installer\1c4ccbb.msi
c:\windows\Installer\1c4ef33.msi
c:\windows\Installer\1d10a1.msi
c:\windows\Installer\1d49c0.msi
c:\windows\Installer\1d49c4.msi
c:\windows\Installer\1d49ca.msi
c:\windows\Installer\1dd8b6a.msi
c:\windows\Installer\1dd8b70.msi
c:\windows\Installer\1dd8b76.msi
c:\windows\Installer\1dd8b7c.msi
c:\windows\Installer\1f3a6d.msi
c:\windows\Installer\205d30.msi
c:\windows\Installer\21ed55a.msi
c:\windows\Installer\21ed560.msi
c:\windows\Installer\21ed566.msi
c:\windows\Installer\21ed56c.msi
c:\windows\Installer\21ed572.msi
c:\windows\Installer\21ed578.msi
c:\windows\Installer\21ed57e.msi
c:\windows\Installer\21ed584.msi
c:\windows\Installer\21ed58a.msi
c:\windows\Installer\21ed590.msi
c:\windows\Installer\23340.msi
c:\windows\Installer\23aec.msi
c:\windows\Installer\243f0fa.msi
c:\windows\Installer\248faa6.msp
c:\windows\Installer\248fabd.msp
c:\windows\Installer\248fac4.msi
c:\windows\Installer\248fad9.msp
c:\windows\Installer\252eee.msi
c:\windows\Installer\27733.msi
c:\windows\Installer\28828bb.msi
c:\windows\Installer\28da796.msi
c:\windows\Installer\2c88a14.msi
c:\windows\Installer\2c88a15.msp
c:\windows\Installer\2c88a16.msp
c:\windows\Installer\2c88a17.msp
c:\windows\Installer\2c88a18.msp
c:\windows\Installer\2c88a19.msp
c:\windows\Installer\2c88a1a.msp
c:\windows\Installer\2c88a1b.msp
c:\windows\Installer\2c88a1c.msp
c:\windows\Installer\2c88a1d.msp
c:\windows\Installer\302ea92.msp
c:\windows\Installer\302eaa7.msp
c:\windows\Installer\302eabc.msp
c:\windows\Installer\302ead2.msp
c:\windows\Installer\302eae7.msp
c:\windows\Installer\302eafc.msp
c:\windows\Installer\302eb19.msp
c:\windows\Installer\302eb2f.msp
c:\windows\Installer\302eb48.msp
c:\windows\Installer\302eb5e.msp
c:\windows\Installer\302eb74.msp
c:\windows\Installer\302eb8e.msp
c:\windows\Installer\3069d.msi
c:\windows\Installer\310ac4.msi
c:\windows\Installer\33843e.msi
c:\windows\Installer\345657.msi
c:\windows\Installer\3479e.msi
c:\windows\Installer\388ac.msi
c:\windows\Installer\388b0.msi
c:\windows\Installer\38ddf53.msi
c:\windows\Installer\410fe5.msi
c:\windows\Installer\42e69a.msi
c:\windows\Installer\42e6a0.msi
c:\windows\Installer\498d38.msi
c:\windows\Installer\532fe65.msi
c:\windows\Installer\58a8b0.msi
c:\windows\Installer\612566.msi
c:\windows\Installer\6146aa.msi
c:\windows\Installer\770ba9.msi
c:\windows\Installer\8134a.msi
c:\windows\Installer\92519.msi
c:\windows\Installer\9251e.msi
c:\windows\Installer\d69c66.msi
c:\windows\Installer\e0f003.msp
c:\windows\Installer\fbb394.msi
c:\windows\Installer\fbb39e.msi
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-02 23:07 . 2009-08-02 23:07 -------- d-----w- c:\windows\ERUNT
2009-08-02 10:46 . 2009-08-02 10:46 -------- d-----w- c:\program files\Trend Micro
2009-08-02 10:15 . 2009-08-02 10:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 15:26 . 2009-08-03 14:13 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-01 15:24 . 2009-08-03 14:12 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-01 15:24 . 2009-08-01 15:24 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-01 15:24 . 2009-08-01 15:24 -------- d-----w- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Local Settings\Application Data\PunkBuster
2009-08-01 12:17 . 2009-08-01 12:17 -------- d-----w- c:\program files\EA GAMES
2009-07-31 23:01 . 2009-07-31 23:01 -------- d-----w- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Local Settings\Application Data\Adobe
2009-07-31 22:23 . 2009-07-31 22:24 -------- d-----w- C:\Restoration
2009-07-31 21:01 . 2009-07-31 21:01 45056 ----a-r- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Application Data\Microsoft\Installer\{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}\MapleStory.exe_3062D9D00EF04F0D957526013FF60FC9.exe
2009-07-31 21:01 . 2009-07-31 21:01 45056 ----a-r- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Application Data\Microsoft\Installer\{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}\MapleStory.exe1_3062D9D00EF04F0D957526013FF60FC9.exe
2009-07-31 21:01 . 2009-07-31 21:01 10134 ----a-r- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Application Data\Microsoft\Installer\{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}\ARPPRODUCTICON.exe
2009-07-31 10:10 . 2009-08-05 17:04 -------- d-----w- c:\program files\Garena Hack™ [-Xtreme-] v3.0
2009-07-29 20:40 . 2009-07-29 20:40 -------- d-----w- C:\Nexon
2009-07-29 19:00 . 2009-07-31 16:38 -------- d-----w- c:\program files\Garena
2009-07-29 15:08 . 2009-07-02 09:12 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-07-29 14:57 . 2009-07-29 14:57 -------- d-----w- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Application Data\Blitware
2009-07-20 19:58 . 2009-07-20 19:58 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-07-20 19:58 . 2005-03-09 17:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe
2009-07-20 19:58 . 2005-03-09 17:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe
2009-07-20 19:21 . 2009-07-20 20:29 -------- d-----w- c:\documents and settings\Gtasasav\GTA San Andreas User Files
2009-07-20 19:20 . 2009-07-20 19:21 -------- d-----w- c:\documents and settings\Gtasasav
2009-07-18 23:11 . 2009-07-18 23:11 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-18 23:11 . 2009-07-18 23:11 -------- d-----w- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Application Data\Atari
2009-07-18 23:07 . 2002-02-27 15:50 197120 ----a-w- c:\windows\patchw32.dll
2009-07-18 23:07 . 2009-07-18 23:07 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-07-18 23:01 . 2009-07-18 23:01 -------- d-----w- c:\program files\Atari
2009-07-18 17:07 . 2009-07-18 18:12 -------- d-----w- c:\program files\Faces of War
2009-07-16 16:59 . 2009-08-04 20:49 -------- d-----w- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Tracing
2009-07-16 16:32 . 2009-07-16 16:32 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-15 12:11 . 2009-07-15 12:11 -------- d-----w- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Application Data\Malwarebytes
2009-07-15 12:11 . 2009-07-13 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 12:11 . 2009-08-02 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 12:11 . 2009-07-15 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-15 12:11 . 2009-07-13 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-14 17:07 . 2005-01-22 19:12 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-07-14 17:00 . 2009-07-14 17:00 -------- d-----w- c:\program files\WinPcap
2009-07-14 17:00 . 2009-07-16 20:29 -------- d-----w- c:\program files\WC3Banlist
2009-07-14 10:53 . 2009-07-14 10:53 152576 ----a-w- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-14 10:50 . 2009-07-14 10:50 -------- d-----w- c:\program files\Lavalys
2009-07-14 10:44 . 2009-07-14 10:44 -------- d-----w- c:\program files\CCleaner
2009-07-14 10:21 . 2007-08-09 03:11 102400 ----a-r- c:\windows\system32\drivers\nvgts.sys
2009-07-14 10:21 . 2007-08-09 03:03 353280 ----a-r- c:\windows\system32\idecoiins.dll
2009-07-14 10:21 . 2007-08-09 03:03 353280 ----a-r- c:\windows\system32\idecoi.dll
2009-07-14 10:20 . 2007-10-12 08:15 54144 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-07-14 10:20 . 2007-10-12 08:14 194048 ----a-w- c:\windows\system32\fdco1.dll
2009-07-14 10:19 . 2007-09-26 08:07 356352 ----a-w- c:\windows\system32\nvunrm.exe
2009-07-14 10:19 . 2007-10-12 08:14 9216 ----a-r- c:\windows\system32\bdco1.dll
2009-07-14 10:19 . 2007-09-26 08:07 37376 ----a-r- c:\windows\system32\nvconrm.dll
2009-07-14 10:19 . 2007-10-12 08:15 942080 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-07-14 10:19 . 2007-10-12 08:15 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-07-14 10:19 . 2007-09-28 08:32 356352 ----a-w- c:\windows\system32\nvusmb.exe
2009-07-14 10:14 . 2007-10-12 08:14 194048 ----a-w- c:\windows\system32\fdco1ins.dll
2009-07-14 10:14 . 2007-11-17 07:22 3636 ----a-r- c:\windows\system32\drivers\nvphy.bin
2009-07-14 10:13 . 2007-10-12 08:14 9216 ----a-r- c:\windows\system32\bdco1ins.dll
2009-07-14 10:12 . 2007-11-07 05:31 356352 ----a-r- c:\windows\system32\NVUNINST.EXE
2009-07-14 10:03 . 2001-08-17 17:11 66591 ----a-w- c:\windows\system32\drivers\el90xbc5.sys
2009-07-14 10:03 . 2001-08-17 17:11 66591 ----a-w- c:\windows\system32\dllcache\el90xbc5.sys
2009-07-14 09:49 . 2004-09-14 13:07 40064 ----a-w- c:\windows\system32\drivers\intelppm.sys
2009-07-14 09:49 . 2004-09-14 13:07 40064 ----a-w- c:\windows\system32\dllcache\intelppm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 17:48 . 2008-07-27 20:37 -------- d-----w- c:\program files\Warcraft III
2009-08-04 23:21 . 2006-08-16 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-08-02 23:21 . 2004-12-13 22:47 68842 ----a-w- c:\windows\system32\perfc00B.dat
2009-08-02 23:21 . 2004-12-13 22:47 363072 ----a-w- c:\windows\system32\perfh00B.dat
2009-08-02 11:14 . 2006-10-24 13:02 -------- d-----w- c:\program files\Steam
2009-08-02 10:38 . 2007-09-16 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-31 22:26 . 2005-01-02 15:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 16:58 . 2008-09-30 19:27 57992 ----a-w- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 16:20 . 2008-12-19 13:26 34 ----a-w- c:\documents and settings\HP_Omistaja.YOUR-B62381BA23\jagex_runescape_preferences.dat
2009-07-15 22:54 . 2006-07-31 07:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 15:58 . 2008-11-19 14:09 -------- d-----w- c:\program files\Westwood
2009-07-14 14:11 . 2008-08-11 15:13 -------- d-----w- c:\program files\Blizzard
2009-07-14 13:03 . 2006-12-17 16:09 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-14 10:55 . 2005-01-02 15:45 -------- d-----w- c:\program files\Java
2009-07-14 10:25 . 2009-07-14 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-07-14 10:25 . 2009-07-14 10:25 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-14 10:25 . 2009-07-14 10:25 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-02 17:49 . 2005-01-02 15:52 4125696 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-02 17:25 . 2009-07-02 17:25 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-07-02 17:24 . 2005-01-02 15:52 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-07-02 17:07 . 2009-07-02 17:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-07-02 17:06 . 2009-07-02 17:06 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-07-02 17:05 . 2009-07-02 17:05 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-07-02 17:05 . 2009-07-02 17:05 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-07-02 17:05 . 2009-07-02 17:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-07-02 17:05 . 2009-07-02 17:05 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-07-02 17:04 . 2009-07-02 17:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-07-02 17:02 . 2009-07-02 17:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-07-02 16:56 . 2005-01-02 15:52 3014272 ----a-w- c:\windows\system32\ati3duag.dll
2009-07-02 16:54 . 2009-07-02 16:54 11698176 ----a-w- c:\windows\system32\atioglxx.dll
2009-07-02 16:44 . 2005-01-02 15:52 2139904 ----a-w- c:\windows\system32\ativvaxx.dll
2009-07-02 16:44 . 2009-07-02 16:44 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-07-02 16:44 . 2009-07-02 16:44 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-07-02 16:31 . 2009-07-02 16:31 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-07-02 16:31 . 2009-07-02 16:31 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-07-02 16:28 . 2009-07-02 16:28 487424 ----a-w- c:\windows\system32\atikvmag.dll
2009-07-02 16:27 . 2009-07-02 16:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-07-02 16:26 . 2009-07-02 16:26 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-07-02 16:26 . 2009-07-02 16:26 151552 ----a-w- c:\windows\system32\atiadlxx.dll
2009-07-02 16:26 . 2009-07-02 16:26 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-07-02 16:25 . 2009-07-02 16:25 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-07-02 16:25 . 2009-07-02 16:25 3248128 ----a-w- c:\windows\system32\aticaldd.dll
2009-07-02 16:24 . 2009-07-02 16:24 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-07-02 16:20 . 2005-01-02 15:52 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-06-18 19:29 . 2009-06-18 19:29 197654 ----a-w- c:\windows\system32\atiicdxx.dat
2009-06-16 14:54 . 2004-09-15 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2004-09-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2004-09-15 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 08:33 . 2008-11-24 18:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 21:35 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-10 344064]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2007-08-27 182952]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 895600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]
"SPIRun"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-11-29 8704]

c:\documents and settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\Kimmo.YOUR-B62381BA23\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\Kimmo.YOUR-B62381BA23.000\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\Toni\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\Carita.YOUR-B62381BA23\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\Carita.YOUR-B62381BA23.000\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\J„rjestelm„nvalvoja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

c:\documents and settings\Default User\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\java.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [30.9.2008 22:24 60272]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure\HIPS\fshs.sys [30.9.2008 22:24 70768]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15.7.2009 15:11 211216]
R2 Poweroff;Poweroff;c:\windows\system32\poweroff.exe [5.12.2008 9:15 172032]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [30.9.2008 22:24 62064]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [28.10.2008 21:21 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15.7.2009 15:11 19096]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [14.7.2009 13:25 732672]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [14.7.2009 13:25 1656576]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [3.8.2005 0:10 32512]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [30.9.2008 22:24 39792]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [30.9.2008 22:24 25200]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 19:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2443546442-261103543-2799536739-1008\Software\SecuROM\License information*]
"datasecu"=hex:7b,7e,44,a8,6c,01,46,2d,77,ef,d0,fb,25,c4,79,2d,b1,56,ce,0b,83,
8a,36,c9,4d,f4,85,4a,3c,b0,f8,78,de,57,9d,a4,b4,90,c6,80,89,7a,b9,92,13,b9,\
"rkeysecu"=hex:df,fc,fa,72,61,84,78,f6,1e,ac,23,ca,64,da,db,1f

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1024)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
Completion time: 2009-08-06 19:05
ComboFix-quarantined-files.txt 2009-08-06 16:05

Pre-Run: 48 273 104 896 tavua vapaana
Post-Run: 48 739 958 784 tavua vapaana

345 --- E O F --- 2009-07-30 00:00
______________________________'

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:59, on 6.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\poweroff.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223063829640
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Poweroff - Jorgen Bosman - C:\WINDOWS\system32\poweroff.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7093 bytes

 

Skannaa koneesi vielä Kaspersky Online Skannerilla..ohjeet tuolla ylempänä.

muuta mesen salasana varmuuden vuoksi vaikka kaverin koneella ja kokeille lähettääkö vielä sitä tiedostoa..

lähetä:
Kaspersky Online Skannerin tulokset

kerro kuinka kone voi..

 

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.



You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Key is expired]

Kyllähän tuon ajaisin mutta tuommoista virhettä heittää...

 

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

[*]Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
(Windows Vistassa paina hiiren oikeanpuoleisella napilla JavaRa.exeä ja valitse Suorita järjestelmänvalvojana)
[*]Valitse Suomi pudotusvalikosta valitaksesi kieleksi suomen ja klikkaa Select.
[*]Klikkaa Poista Vanhemmat Versiot poistaaksesi vanhat Java-versiot koneeltasi.
[*]Klikkaa Kyllä kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
[*]Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

Tämän jälkeen lataa ja asenna JRE 6 Update 14.

kokeille ton jälkeen kasperskyn online scannerii uudestaan..

 

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Aug 08 13:03:28 2009

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Documents and Settings\HP_Omistaja.YOUR-B62381BA23\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\HP_Omistaja.YOUR-B62381BA23\Application Data\Sun\Java\jre1.6.0_14

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Aug 08 13:04:03 2009

------------------------------------

Finished reporting.

 

Asensin java 6 update 15 koska siellä ei ollut 14.
Nyt huomasin, että kaspersky ei kysy, että suoritetaanko ohjelma.

Eli siis sama virhe tulee vieläkin.

 

kokeillaan tätä..

Skannaa koneesi Kasperskyn AVPToolilla.

[*] Lataa sivulta uusin Setup.exe. Uusin tiedosto sijaitsee alimmaisena.
[*] Ladattuasi Setup.exen tuplaklikkaa sitä ja asenna AVPTool haluamaasi sijaintiin.
[*] Jos ohjelma ei itsestään aukea asennuksen jälkeen, mene Kaspersky Lab Tool-kansioon ja tuplaklikkaa Setup.exe
[*] Kun ohjelma on auki, merkkaa rasti seuraaviin kohtiin:
[*] Startup objects
[*] Disk boot sectors
[*] Oma tietokone
[*] Klikkaa Scan, niin skannaus alkaa
[*] Kun skanneri löytää pahan tiedoston ja saat siitä ilmoituksen, paina Disinfect. Jos tätä vaihtoehtoa ei voi painaa, paina Delete
Jos ilmoituksia tulee useampi, voit laittaa myös rastin kohtaan Apply to all. Tämä tekee haluamasi toiminnon (Disinfect, Delete, Skip) kaikille löydöille
[*] Skannauksen valmistuttua paina Reports-nappia ja valitse Save to file...
[*] Anna raportille nimi ja tallenna se vaikka työpöydälle
[*] Tallennettuasi raportin voit sulkea AVPToolin.
[*] Lähetä Skannauksen tulokset viestiketjuusi uuden HijackThis lokin kera

menee vähän skannaillun puolelle, mut parempi saada varmuus että kone on kunnossa..oletko jo kokeillut meseä?

 

Tähän on olemassa paljon yksinkertaisempi ratkaisu: vaihda mesen salasanasi (jos et ole sitä jo tehnyt). Koneella ei ole mitään virusta/troijalaista vaan se johtuu siitä, että ovat saaneet/ olet vahingossa antanut tiedot johonkin. Kahdella kaverilla oli tämä sama ongelma ja tällä se ainakin heillä korjautui. Toivotaan, että sulla on tämä sama vika.

 

creativeb
kaverillasi oli myös tämä???
Trojan.Generic.1615645 (virus)

* C:\Windows\client.exe

tai f-securen uudelleen nimeämä C:\WINDOWS\client.0xe (Backdoor.Bot)
-> Quarantined and deleted successfully. jonka Malwarebytes' Anti-Malware poisti...

tost ei nyt ole kyse..vaan siell oli pöpö jonka uskon ne filut lähettäneen..ja sitä paitsi mesen salasanojen vaihtoon on jo ohjeistettu.

luulin aluks et se o toi ,ja kun siel oli backdoor ni mu pitäis antaa backdoor puhe...elikkä tuo

Koneesi on saastunut yhdellä tai useammalla backdoortroijalaisella.

Tämä sallii hakkerien hallita konettasi, varastaa kriittistä järjestelmätietoa sekä ladata ja ajattaa tiedostoja.

Suosittelen sulkemaan internet -yhteyden koneestasi välittömästi. Jos käsittelet verkkopankkia, muita raha-asioitasi tai muuta henkilökohtaista tietoasi sisältäviä palveluja koneellasi, mene jollekin tietämällesi puhtaalle koneelle ja vaihda kaikki salasanasi -- olisi myös hyvä jos ilmoittaisit pankillesi asiasta (uudet tunnukset, salasanat jne).

Koneesi saastuttanut troijalainen on tunnistettu ja voidaan poistaa, mutta on erittäin todennäköisesti vaarantanut koneen käytön eikä ole varmuutta voiko koneeseesi enää ikinä luottaa. Monien asiantuntijoiden mielestä paras ja luotettava tapa tämäntyyppisen troijalaisen poistoon on käyttöjärjestelmän kokonainen uudelleenasennus.

Voimme kuitenkin jatkaa ja yrittää puhdistaa konetta, mutta en voi 100% varmuudella taata koneesi luotettavuutta jälkeenpäin.

mutta ollaan jo voiton puolella...ulkomaan foril tuo varoitus on must tulee silloin tällöin siel fixaavien suomipoikien ohjeita luettua

creativeb ja muut jos kiinnostaa ni virustorjunta.net antaa opetusta hjt-asioiden suhteen