Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:25:53, on 31.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\MSN Messenger\msnmsgr.exe F:\Ohjelmat\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe F:\Ohjelmat\PeerGuardian2\pg2.exe F:\Ohjelmat\Steam\Steam.exe C:\WINDOWS\service.exe F:\Ohjelmat\Xfire\xfire.exe C:\WINDOWS\system32\wscntfy.exe F:\Ohjelmat\Pidgin\pidgin.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE F:\Ohjelmat\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\WINDOWS\system32\vtUlJBQi.dll (file missing) O2 - BHO: (no name) - {0AC79871-BC8A-1DDC-0363-03DC024C51AD} - C:\WINDOWS\system32\ivmrqhb.dll (file missing) O2 - BHO: {47387656-9c93-3d2a-ddf4-b9dac3278061} - {1608723c-ad9b-4fdd-a2d3-39c965678374} - C:\WINDOWS\system32\wwkjjfcd.dll O2 - BHO: (no name) - {1CEF5A0E-489C-41C8-D791-07F2B4016FD9} - (no file) O2 - BHO: (no name) - {67FB6908-C232-5EC2-8525-125505D52D6E} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\awttuRiH.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [delcab] C:\drivers\deltreew.exe C:\cabs O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [tfnyxll.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tfnyxll.dll,rjtlcef O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Windows svchost] service.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Ohjelmat\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PeerGuardian] F:\Ohjelmat\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [Steam] "F:\Ohjelmat\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [memointra] C:\DOCUME~1\JANI~1.HIR\APPLIC~1\ENCTIM~1\Bib barb find.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = F:\Ohjelmat\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136818266453 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/NordicBet/FlashAX.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - Winlogon Notify: awttuRiH - C:\WINDOWS\ O20 - Winlogon Notify: vtUlJBQi - vtUlJBQi.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 11211 bytes Voi löytyä muitakin viiruksia, yrittänyt taistella pari päivää niitä vastaan.
Kyllä löytyi !!! Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä... Linkki 1 Linkki 2 Linkki 3 * Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen * Tuplaklikkaa NoLop.exe ajaaksesi sen * Klikkaa nappulaa "Search and Destroy" <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>> * Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK * Klikkaa "REBOOT"-painiketta. * NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera. -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. -------------------------------------------------------------------------- 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix.exe combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\WINDOWS\system32\vtUlJBQi.dll (file missing) O2 - BHO: (no name) - {0AC79871-BC8A-1DDC-0363-03DC024C51AD} - C:\WINDOWS\system32\ivmrqhb.dll (file missing) O2 - BHO: {47387656-9c93-3d2a-ddf4-b9dac3278061} - {1608723c-ad9b-4fdd-a2d3-39c965678374} - C:\WINDOWS\system32\wwkjjfcd.dll O2 - BHO: (no name) - {1CEF5A0E-489C-41C8-D791-07F2B4016FD9} - (no file) O2 - BHO: (no name) - {67FB6908-C232-5EC2-8525-125505D52D6E} - (no file) O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\awttuRiH.dll (file missing) O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [tfnyxll.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\tfnyxll.dll,rjtlcef O4 - HKLM\..\Run: [Windows svchost] service.exe O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe => jos on O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti * Lähetä C:\NoLop.log .
Elikkä tässä NoLop-logi: NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\Jani.HIRVASNIEMI_1\Työpöytä [31.5.2008] [23:53:38] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\AE9C4CF19183FD21.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Adobe Systems C:\Documents and Settings\All Users\Application Data\Apple C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Azureus C:\Documents and Settings\All Users\Application Data\Corel C:\Documents and Settings\All Users\Application Data\Dvd Shrink C:\Documents and Settings\All Users\Application Data\F-secure C:\Documents and Settings\All Users\Application Data\Firefly Studios -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Fssg C:\Documents and Settings\All Users\Application Data\Google C:\Documents and Settings\All Users\Application Data\Installshield C:\Documents and Settings\All Users\Application Data\Kaspersky Lab C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files C:\Documents and Settings\All Users\Application Data\Lavasoft C:\Documents and Settings\All Users\Application Data\Macromedia C:\Documents and Settings\All Users\Application Data\Malwarebytes C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Msn6 C:\Documents and Settings\All Users\Application Data\Nvidia C:\Documents and Settings\All Users\Application Data\Olympus C:\Documents and Settings\All Users\Application Data\Once Lite Support Stop C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Trymedia C:\Documents and Settings\All Users\Application Data\Ubisoft C:\Documents and Settings\All Users\Application Data\Udl C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\All Users\Application Data\Wlinstaller C:\Documents and Settings\All Users\Application Data\Worldpokertour C:\Documents and Settings\All Users\Application Data\{0e8e33d8-193a-414a-a909-0f101a142d26} C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Default User\Application Data\Real C:\Documents and Settings\Default User\Application Data\Sun C:\Documents and Settings\Ilpo\Application Data\Adobe C:\Documents and Settings\Ilpo\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\Ilpo\Application Data\Ati -- EMPTY Directory C:\Documents and Settings\Ilpo\Application Data\Cyberlink C:\Documents and Settings\Ilpo\Application Data\Divx C:\Documents and Settings\Ilpo\Application Data\Epson C:\Documents and Settings\Ilpo\Application Data\F-secure C:\Documents and Settings\Ilpo\Application Data\Google -- EMPTY Directory C:\Documents and Settings\Ilpo\Application Data\Help C:\Documents and Settings\Ilpo\Application Data\Identities C:\Documents and Settings\Ilpo\Application Data\Ispnews C:\Documents and Settings\Ilpo\Application Data\Jasc Software Inc C:\Documents and Settings\Ilpo\Application Data\Leadertech C:\Documents and Settings\Ilpo\Application Data\Macromedia C:\Documents and Settings\Ilpo\Application Data\Microsoft C:\Documents and Settings\Ilpo\Application Data\Msn6 C:\Documents and Settings\Ilpo\Application Data\My Battle For Middle-earth(tm) Ii Files C:\Documents and Settings\Ilpo\Application Data\Real C:\Documents and Settings\Ilpo\Application Data\Sder -- EMPTY Directory C:\Documents and Settings\Ilpo\Application Data\Sonic C:\Documents and Settings\Ilpo\Application Data\Sun C:\Documents and Settings\Ilpo\Application Data\Template C:\Documents and Settings\Jani\Application Data\Microsoft C:\Documents and Settings\Jani\Application Data\Real C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\.purple C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Activision C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Adobe C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Ati -- EMPTY Directory C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Azureus C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Bioshock C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Corel C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Cyberlink C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Daemon Tools C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Daemon Tools Pro C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Divx C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Eidos C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Enctimedeaf C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\F-secure C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Fastsum C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Firaxis Games C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Fretsonfire C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Google C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Greatsecond -- EMPTY Directory C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Gtk-2.0 C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Hamachi C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Identities C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Installshield C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Ispnews C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Jasc Software Inc C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Limewire C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Macromedia C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Malwarebytes C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Microgaming C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Microsoft C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Mirc C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Mount&blade C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Mozilla C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Msn6 C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\My Battle For Middle-earth(tm) Ii Files C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\My Games -- EMPTY Directory C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Opera -- EMPTY Directory C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Oxin's Style! C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Raptisoft C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Real C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Securom C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Skype C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Sonic C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Sqlyog C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Sun C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Systemrequirementslab C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Teamspeak2 C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Template C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Utorrent C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Ventrilo C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Wings3d C:\Documents and Settings\Jani.hirvasniemi_1\Application Data\Xfire C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Real C:\Documents and Settings\Järjestelmänvalvoja.hirvasniemi_1\Application Data\Identities C:\Documents and Settings\Järjestelmänvalvoja.hirvasniemi_1\Application Data\Microsoft C:\Documents and Settings\Järjestelmänvalvoja.hirvasniemi_1\Application Data\Real C:\Documents and Settings\Järjestelmänvalvoja.hirvasniemi_1\Application Data\Sun C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Xfire -- EMPTY Directory C:\Documents and Settings\Muut\Application Data\Adobe C:\Documents and Settings\Muut\Application Data\Adobeum C:\Documents and Settings\Muut\Application Data\Ati -- EMPTY Directory C:\Documents and Settings\Muut\Application Data\Cyberlink C:\Documents and Settings\Muut\Application Data\Epson C:\Documents and Settings\Muut\Application Data\F-secure C:\Documents and Settings\Muut\Application Data\Google C:\Documents and Settings\Muut\Application Data\Havvoc C:\Documents and Settings\Muut\Application Data\Identities C:\Documents and Settings\Muut\Application Data\Ispnews C:\Documents and Settings\Muut\Application Data\Lavasoft -- EMPTY Directory C:\Documents and Settings\Muut\Application Data\Macromedia C:\Documents and Settings\Muut\Application Data\Microsoft C:\Documents and Settings\Muut\Application Data\Mozilla C:\Documents and Settings\Muut\Application Data\Msn6 C:\Documents and Settings\Muut\Application Data\My Battle For Middle-earth(tm) Ii Files C:\Documents and Settings\Muut\Application Data\Raptisoft C:\Documents and Settings\Muut\Application Data\Real C:\Documents and Settings\Muut\Application Data\Sder -- EMPTY Directory C:\Documents and Settings\Muut\Application Data\Sonic C:\Documents and Settings\Muut\Application Data\Sun C:\Documents and Settings\Muut\Application Data\Template C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Xfire -- EMPTY Directory C:\Documents and Settings\Tiia\Application Data\Microsoft C:\Documents and Settings\Tiia\Application Data\Real Ja tässä ComboFix raportti: ComboFix 08-05-29.1 - Jani 2008-06-01 0:31:37.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1484 [GMT 3:00] Running from: C:\Documents and Settings\Jani.HIRVASNIEMI_1\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Jani.HIRVASNIEMI_1\Työpöytä\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\service.exe C:\WINDOWS\system32\awttuRiH.dll C:\WINDOWS\system32\ivmrqhb.dll C:\WINDOWS\system32\tfnyxll.dll C:\WINDOWS\system32\vtUlJBQi.dll C:\WINDOWS\winudspm.exe . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bot.exe C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\macromedia\Flash Player\#SharedObjects\3T7RH5RF\iforex.com C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\macromedia\Flash Player\#SharedObjects\3T7RH5RF\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\WINDOWS\BM431b2c3e.xml C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\service.exe C:\WINDOWS\smdat32m.sys C:\WINDOWS\system32\aoyawjaj.ini C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\dqcxxlvg.dll C:\WINDOWS\system32\hhlgvdoi.dll C:\WINDOWS\system32\hlsxsvkp.dll C:\WINDOWS\system32\koljsdto.ini C:\WINDOWS\system32\lsxpqorl.ini C:\WINDOWS\system32\ltlwcdsu.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mdttvamx.dll C:\WINDOWS\system32\mjvtrbex.dll C:\WINDOWS\system32\mmcyykyj.ini C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nqwbrhkq.dll C:\WINDOWS\system32\oayfbsbx.dll C:\WINDOWS\system32\osutnwpy.dll C:\WINDOWS\system32\qlxgsavf.ini C:\WINDOWS\system32\sapuyrbu.dll C:\WINDOWS\system32\ststv.bak1 C:\WINDOWS\system32\ststv.bak2 C:\WINDOWS\system32\tDcedfii.ini C:\WINDOWS\system32\tDcedfii.ini2 C:\WINDOWS\system32\tsouicgy.ini C:\WINDOWS\system32\ucjgspxd.ini C:\WINDOWS\system32\ujryxhvq.dll C:\WINDOWS\system32\uuujfmgg.ini C:\WINDOWS\system32\wFiiSvut.ini C:\WINDOWS\system32\wFiiSvut.ini2 C:\WINDOWS\system32\wfjusrgt.ini C:\WINDOWS\system32\wintsvit.exe C:\WINDOWS\system32\wwkjjfcd.dll C:\WINDOWS\system32\vwngbgrx.ini . ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-28 to 2008-05-31 ))))))))))))))))) . 2008-05-31 23:58 . 2008-06-01 00:10 <KANSIO> d-------- C:\NoLopBackups 2008-05-31 19:47 . 2008-05-31 19:47 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\Malwarebytes 2008-05-31 19:47 . 2008-05-31 19:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-31 19:47 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-31 19:47 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-31 18:53 . 2008-05-31 18:53 86,512 --a------ C:\Documents and Settings\Jani.HIRVASNIEMI_1\setup1.exe 2008-05-31 10:14 . 2008-05-31 10:14 <KANSIO> d-------- C:\VundoFix Backups 2008-05-30 21:20 . 2008-05-31 10:49 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs 2008-05-30 21:19 . 2008-05-31 10:49 <KANSIO> d-------- C:\WINDOWS\Internet Logs 2008-05-30 21:10 . 2008-05-30 21:10 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\gtk-2.0 2008-05-30 21:06 . 2008-06-01 00:18 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\.purple 2008-05-30 15:23 . 2008-05-30 16:22 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-30 15:23 . 2008-05-30 16:22 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-30 15:22 . 2008-05-30 15:22 <KANSIO> d-------- C:\Program Files\Kaspersky Lab 2008-05-30 15:22 . 2008-06-01 00:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-30 15:09 . 2008-05-30 15:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-30 14:50 . 2008-06-01 00:58 8,105,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-30 14:50 . 2008-06-01 00:50 111,428 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-30 14:50 . 2008-06-01 00:58 44,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-30 14:50 . 2008-06-01 00:50 6,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-29 22:43 . 2008-05-30 12:52 1,966 ---hs---- C:\WINDOWS\system32\txtrfpha.ini 2008-05-29 14:27 . 2008-05-29 14:27 <KANSIO> d-------- C:\Program Files\Lavasoft 2008-05-29 14:27 . 2008-05-30 15:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-29 13:55 . 2008-05-30 15:03 <KANSIO> d-------- C:\Documents and Settings\J„rjestelm„nvalvoja.HIRVASNIEMI_1 2008-05-28 21:38 . 2008-05-28 21:38 94,208 --a------ C:\WINDOWS\DIIUnin.exe 2008-05-28 21:38 . 2008-05-28 21:57 30,679 --a------ C:\WINDOWS\DIIUnin.dat 2008-05-28 21:38 . 2008-05-28 21:38 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2008-05-28 18:54 . 2008-05-28 19:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-27 19:36 . 2008-05-27 19:41 <KANSIO> d-------- C:\WINDOWS\system32\Adobe 2008-05-27 19:36 . 2008-05-27 19:38 681 --a------ C:\WINDOWS\mozver.dat 2008-05-26 21:44 . 2008-05-26 21:44 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-05-17 15:09 . 2008-05-17 15:17 <KANSIO> d-------- C:\Program Files\DVD Decrypter 2008-05-16 22:40 . 2008-05-16 22:49 203 --a------ C:\WINDOWS\GSdx9 sse2.INI 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-15 22:16 . 2008-05-15 22:16 <KANSIO> d-------- C:\Program Files\LibUSB-Win32-0.1.10.1 2008-05-15 22:16 . 2005-03-09 20:50 46,592 --a------ C:\WINDOWS\system32\libusb0.dll 2008-05-15 22:16 . 2005-03-09 20:50 33,792 --a------ C:\WINDOWS\system32\drivers\libusb0.sys 2008-05-15 22:16 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe 2008-05-15 22:16 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe 2008-05-14 04:29 . 2008-05-14 04:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-05-13 19:57 . 2008-05-28 08:51 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\mIRC 2008-05-11 12:48 . 2008-05-11 12:48 <KANSIO> d-------- C:\Program Files\Telltale Games 2008-05-03 02:32 . 2008-05-03 02:32 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\fretsonfire 2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-27 18:38 . 2008-04-28 17:02 <KANSIO> d-------- C:\Program Files\DOSBox-0.63 2008-04-21 21:01 . 2008-04-21 21:01 <KANSIO> d-------- C:\Program Files\Apple Software Update 2008-04-21 21:01 . 2008-04-21 21:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-21 21:01 . 2008-04-21 21:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-04-20 21:28 . 2008-04-20 21:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-04-20 21:28 . 2008-04-20 21:28 22,328 --a------ C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\PnkBstrK.sys 2008-04-20 21:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-04-20 21:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2008-04-20 21:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2008-04-20 21:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-04-19 17:07 . 2008-04-19 17:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-04-05 13:21 . 2008-04-05 13:21 <KANSIO> d-------- C:\Program Files\VideoLAN 2008-04-04 14:52 . 2008-04-04 14:52 <KANSIO> d-------- C:\Program Files\Gabest . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-31 21:28 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\Xfire 2008-05-31 20:51 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\uTorrent 2008-05-31 18:00 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-30 15:14 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-30 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure 2008-05-29 11:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-29 11:05 --------- d-----w C:\Program Files\MSN Messenger 2008-05-28 19:35 --------- d-----w C:\Program Files\SearchRelevant 2008-05-28 19:35 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\EncTimeDeaf 2008-05-28 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Once lite support stop 2008-05-28 18:56 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-05-28 18:56 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-05-28 18:56 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-05-26 18:42 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\SQLyog 2008-05-26 18:10 --------- d-----w C:\Program Files\World of Warcraft 2008-05-23 14:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-20 20:22 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\LimeWire 2008-05-18 10:35 --------- d-----w C:\Program Files\Diablo II 2008-05-17 18:30 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\Ventrilo 2008-05-17 12:23 --------- d-----w C:\Program Files\MagicISO 2008-05-11 10:39 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\Hamachi 2008-04-27 15:08 --------- d-----w C:\Program Files\Google 2008-04-26 20:52 --------- d-----w C:\Program Files\thriXXX 2008-04-21 18:03 --------- d-----w C:\Program Files\QuickTime 2008-04-20 18:28 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-20 18:28 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-20 18:27 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-04-10 13:27 --------- d-----w C:\Program Files\Incomplete 2008-04-04 21:01 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\teamspeak2 2008-04-04 11:06 --------- d-----w C:\Program Files\DivX 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-23 21:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-15 13:38 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-03-08 07:33 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-03-01 15:31 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:56 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-26 12:00 294,912 ----a-w C:\WINDOWS\system32\msctf.dll 2008-02-26 12:00 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-02-08 15:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll 2006-12-16 08:15 58 ----a-w C:\Documents and Settings\Jani.HIRVASNIEMI_1\USERDATA.DAT 2006-03-14 14:22 56 --sh--r C:\WINDOWS\system32\43B71379AC.sys 2006-11-04 15:40 88 --sh--r C:\WINDOWS\system32\AC7913B743.sys 2006-11-04 17:03 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AC79871-BC8A-1DDC-0363-03DC024C51AD}] C:\WINDOWS\system32\ivmrqhb.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="F:\Ohjelmat\DAEMON Tools Lite\daemon.exe" [2008-03-14 14:55 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360] "PeerGuardian"="F:\Ohjelmat\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824] "Steam"="F:\Ohjelmat\Steam\Steam.exe" [2008-05-19 18:18 1271032] "Sonic RecordNow!"="" [] "memointra"="C:\DOCUME~1\JANI~1.HIR\APPLIC~1\ENCTIM~1\Bib barb find.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-01-30 12:45 81920] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-05-19 16:52 151597] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 02:41 163840] "EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2005-08-16 18:56 98304] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-09 09:36 8527872] "delcab"="C:\drivers\deltreew.exe" [ ] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-09 09:36 81920] "tfnyxll.dll"="C:\WINDOWS\system32\tfnyxll.dll" [ ] "nwiz"="nwiz.exe" [2007-10-09 09:36 1626112 C:\WINDOWS\system32\nwiz.exe] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ] "Windows svchost"="service.exe" [] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360] "RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [2006-08-06 19:35 1003520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttuRiH] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlJBQi] vtUlJBQi.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "VIDC.XFR1"= xfcodec.dll "vidc.ffds"= F:\Ohjelmat\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"= "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "F:\\Pelit\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "F:\\Pelit\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "F:\\Pelit\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "F:\\Pelit\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "F:\\Pelit\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "F:\\Pelit\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"= "F:\\Pelit\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"= "F:\\Pelit\\Hellgate London\\Launcher.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "F:\\Ohjelmat\\Xfire\\xfire.exe"= "F:\\Pelit\\Counter-Strike 1.6\\hl.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"= R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 10:48] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-04-11 13:40] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50] S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys [] S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-01-30 12:39] S3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 11:17] S3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 04:23] *Newly Created Service* - PGFILTER . 'Ajoitetut teht„v„t'-kansion sis„lt” "2008-05-01 20:15:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2004-07-21 21:20:05 C:\WINDOWS\Tasks\Rekisteröintimuistutus 1.job" Ja vielä lopuksi tuore HjT-logi: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:27, on 2008-06-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe F:\Ohjelmat\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe F:\Ohjelmat\PeerGuardian2\pg2.exe F:\Ohjelmat\Steam\Steam.exe F:\Ohjelmat\Xfire\xfire.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE F:\Ohjelmat\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [delcab] C:\drivers\deltreew.exe C:\cabs O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Ohjelmat\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PeerGuardian] F:\Ohjelmat\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [Steam] "F:\Ohjelmat\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [memointra] C:\DOCUME~1\JANI~1.HIR\APPLIC~1\ENCTIM~1\Bib barb find.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = F:\Ohjelmat\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136818266453 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/NordicBet/FlashAX.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: awttuRiH - C:\WINDOWS\ O20 - Winlogon Notify: vtUlJBQi - vtUlJBQi.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 9355 bytes
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. ---------------------------------------------------------------------- Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. * Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki. ------------------------------------------------------------------- Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [memointra] C:\DOCUME~1\JANI~1.HIR\APPLIC~1\ENCTIM~1\Bib barb find.exe O20 - Winlogon Notify: awttuRiH - C:\WINDOWS\ O20 - Winlogon Notify: vtUlJBQi - vtUlJBQi.dll (file missing) Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti * Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki. *
ComboFix raportti: ComboFix 08-05-29.1 - Jani 2008-06-01 13:36:59.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1560 [GMT 3:00] Running from: C:\Documents and Settings\Jani.HIRVASNIEMI_1\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Jani.HIRVASNIEMI_1\Työpöytä\CFScript.txt * Created a new restore point . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\teller.chk . ---- Previous Run ------- . C:\bot.exe C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\macromedia\Flash Player\#SharedObjects\3T7RH5RF\iforex.com C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\macromedia\Flash Player\#SharedObjects\3T7RH5RF\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\WINDOWS\BM431b2c3e.xml C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\service.exe C:\WINDOWS\smdat32m.sys C:\WINDOWS\system32\aoyawjaj.ini C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\dqcxxlvg.dll C:\WINDOWS\system32\hhlgvdoi.dll C:\WINDOWS\system32\hlsxsvkp.dll C:\WINDOWS\system32\koljsdto.ini C:\WINDOWS\system32\lsxpqorl.ini C:\WINDOWS\system32\ltlwcdsu.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mdttvamx.dll C:\WINDOWS\system32\mjvtrbex.dll C:\WINDOWS\system32\mmcyykyj.ini C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nqwbrhkq.dll C:\WINDOWS\system32\oayfbsbx.dll C:\WINDOWS\system32\osutnwpy.dll C:\WINDOWS\system32\qlxgsavf.ini C:\WINDOWS\system32\sapuyrbu.dll C:\WINDOWS\system32\ststv.bak1 C:\WINDOWS\system32\ststv.bak2 C:\WINDOWS\system32\tDcedfii.ini C:\WINDOWS\system32\tDcedfii.ini2 C:\WINDOWS\system32\tsouicgy.ini C:\WINDOWS\system32\ucjgspxd.ini C:\WINDOWS\system32\ujryxhvq.dll C:\WINDOWS\system32\uuujfmgg.ini C:\WINDOWS\system32\wFiiSvut.ini C:\WINDOWS\system32\wFiiSvut.ini2 C:\WINDOWS\system32\wfjusrgt.ini C:\WINDOWS\system32\wintsvit.exe C:\WINDOWS\system32\wwkjjfcd.dll C:\WINDOWS\system32\vwngbgrx.ini . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-01 to 2008-06-01 ))))))))))))))))) . 2008-05-31 23:58 . 2008-06-01 00:10 <KANSIO> d-------- C:\NoLopBackups 2008-05-31 19:47 . 2008-05-31 19:47 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\Malwarebytes 2008-05-31 19:47 . 2008-05-31 19:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-31 19:47 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-31 19:47 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-31 18:53 . 2008-05-31 18:53 86,512 --a------ C:\Documents and Settings\Jani.HIRVASNIEMI_1\setup1.exe 2008-05-31 10:14 . 2008-05-31 10:14 <KANSIO> d-------- C:\VundoFix Backups 2008-05-30 21:20 . 2008-05-31 10:49 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs 2008-05-30 21:19 . 2008-05-31 10:49 <KANSIO> d-------- C:\WINDOWS\Internet Logs 2008-05-30 21:10 . 2008-05-30 21:10 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\gtk-2.0 2008-05-30 21:06 . 2008-06-01 10:33 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\.purple 2008-05-30 15:23 . 2008-05-30 16:22 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-30 15:23 . 2008-05-30 16:22 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-30 15:22 . 2008-05-30 15:22 <KANSIO> d-------- C:\Program Files\Kaspersky Lab 2008-05-30 15:22 . 2008-06-01 13:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-30 15:09 . 2008-05-30 15:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Verkkoympäristö 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Verkkoympäristö 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Työpöytä 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Työpöytä 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Tulostinympäristö 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Tulostinympäristö 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Omat tiedostot 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Omat tiedostot 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Käynnistä-valikko 2008-05-30 15:07 . 2008-05-30 15:07 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Käynnistä-valikko 2008-05-30 14:50 . 2008-06-01 13:51 8,279,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-30 14:50 . 2008-06-01 11:46 112,940 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-30 14:50 . 2008-06-01 13:49 52,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-30 14:50 . 2008-06-01 11:46 6,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-29 22:43 . 2008-05-30 12:52 1,966 ---hs---- C:\WINDOWS\system32\txtrfpha.ini 2008-05-29 14:27 . 2008-05-29 14:27 <KANSIO> d-------- C:\Program Files\Lavasoft 2008-05-29 14:27 . 2008-05-30 15:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-29 13:55 . 2008-05-30 15:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Suosikit 2008-05-29 13:55 . 2008-05-30 15:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Suosikit 2008-05-29 13:55 . 2008-05-30 15:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Mallit 2008-05-29 13:55 . 2008-05-30 15:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1\Mallit 2008-05-29 13:55 . 2008-05-30 15:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja.HIRVASNIEMI_1 2008-05-28 21:38 . 2008-05-28 21:38 94,208 --a------ C:\WINDOWS\DIIUnin.exe 2008-05-28 21:38 . 2008-05-28 21:57 30,679 --a------ C:\WINDOWS\DIIUnin.dat 2008-05-28 21:38 . 2008-05-28 21:38 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2008-05-28 18:54 . 2008-05-28 19:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-27 19:36 . 2008-05-27 19:41 <KANSIO> d-------- C:\WINDOWS\system32\Adobe 2008-05-27 19:36 . 2008-05-27 19:38 681 --a------ C:\WINDOWS\mozver.dat 2008-05-26 21:44 . 2008-05-26 21:44 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-05-17 15:09 . 2008-05-17 15:17 <KANSIO> d-------- C:\Program Files\DVD Decrypter 2008-05-16 22:40 . 2008-05-16 22:49 203 --a------ C:\WINDOWS\GSdx9 sse2.INI 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-15 22:16 . 2008-05-15 22:16 <KANSIO> d-------- C:\Program Files\LibUSB-Win32-0.1.10.1 2008-05-15 22:16 . 2005-03-09 20:50 46,592 --a------ C:\WINDOWS\system32\libusb0.dll 2008-05-15 22:16 . 2005-03-09 20:50 33,792 --a------ C:\WINDOWS\system32\drivers\libusb0.sys 2008-05-15 22:16 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe 2008-05-15 22:16 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe 2008-05-14 04:29 . 2008-05-14 04:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-05-13 19:57 . 2008-05-28 08:51 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\mIRC 2008-05-11 12:48 . 2008-05-11 12:48 <KANSIO> d-------- C:\Program Files\Telltale Games 2008-05-03 02:32 . 2008-05-03 02:32 <KANSIO> d-------- C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\fretsonfire . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 10:31 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\Xfire 2008-06-01 08:26 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\uTorrent 2008-05-31 18:00 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-30 15:14 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-30 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure 2008-05-29 11:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-29 11:05 --------- d-----w C:\Program Files\MSN Messenger 2008-05-28 19:35 --------- d-----w C:\Program Files\SearchRelevant 2008-05-28 19:35 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\EncTimeDeaf 2008-05-28 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Once lite support stop 2008-05-28 18:56 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-05-28 18:56 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-05-28 18:56 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-05-26 18:42 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\SQLyog 2008-05-26 18:10 --------- d-----w C:\Program Files\World of Warcraft 2008-05-23 14:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-20 20:22 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\LimeWire 2008-05-18 10:35 --------- d-----w C:\Program Files\Diablo II 2008-05-17 18:30 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\Ventrilo 2008-05-17 12:23 --------- d-----w C:\Program Files\MagicISO 2008-05-11 10:39 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\Hamachi 2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-28 14:02 --------- d-----w C:\Program Files\DOSBox-0.63 2008-04-27 15:08 --------- d-----w C:\Program Files\Google 2008-04-26 20:52 --------- d-----w C:\Program Files\thriXXX 2008-04-21 18:03 --------- d-----w C:\Program Files\QuickTime 2008-04-21 18:01 --------- d-----w C:\Program Files\Apple Software Update 2008-04-21 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-21 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-04-20 18:28 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-20 18:28 22,328 ----a-w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\PnkBstrK.sys 2008-04-20 18:28 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-20 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-04-20 18:27 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-04-19 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2008-04-10 13:27 --------- d-----w C:\Program Files\Incomplete 2008-04-05 10:21 --------- d-----w C:\Program Files\VideoLAN 2008-04-04 21:01 --------- d-----w C:\Documents and Settings\Jani.HIRVASNIEMI_1\Application Data\teamspeak2 2008-04-04 11:52 --------- d-----w C:\Program Files\Gabest 2008-04-04 11:06 --------- d-----w C:\Program Files\DivX 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-23 21:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-15 13:38 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-03-08 07:33 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-03-01 15:31 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2006-12-16 08:15 58 ----a-w C:\Documents and Settings\Jani.HIRVASNIEMI_1\USERDATA.DAT 2006-03-14 14:22 56 --sh--r C:\WINDOWS\system32\43B71379AC.sys 2006-11-04 15:40 88 --sh--r C:\WINDOWS\system32\AC7913B743.sys 2006-11-04 17:03 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-01_ 1.04.13.62 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-31 21:51:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-01 10:24:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-31 21:10:51 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-06-01 10:24:58 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-05-31 21:10:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat + 2008-06-01 10:24:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="F:\Ohjelmat\DAEMON Tools Lite\daemon.exe" [2008-03-14 14:55 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360] "PeerGuardian"="F:\Ohjelmat\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824] "Steam"="F:\Ohjelmat\Steam\Steam.exe" [2008-05-19 18:18 1271032] "Sonic RecordNow!"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-01-30 12:45 81920] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-05-19 16:52 151597] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 02:41 163840] "EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2005-08-16 18:56 98304] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-09 09:36 8527872] "delcab"="C:\drivers\deltreew.exe" [ ] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 13:54 16116224 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-09 09:36 81920] "nwiz"="nwiz.exe" [2007-10-09 09:36 1626112 C:\WINDOWS\system32\nwiz.exe] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360] "RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [2006-08-06 19:35 1003520] C:\Documents and Settings\Jani.HIRVASNIEMI_1\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] Xfire.lnk - F:\Ohjelmat\Xfire\xfire.exe [2008-05-14 04:29:28 3007824] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "VIDC.XFR1"= xfcodec.dll "vidc.ffds"= F:\Ohjelmat\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"= "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "F:\\Pelit\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "F:\\Pelit\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "F:\\Pelit\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "F:\\Pelit\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "F:\\Pelit\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "F:\\Pelit\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"= "F:\\Pelit\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"= "F:\\Pelit\\Hellgate London\\Launcher.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "F:\\Ohjelmat\\Xfire\\xfire.exe"= "F:\\Pelit\\Counter-Strike 1.6\\hl.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"= R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 10:48] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-04-11 13:40] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50] S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys [] S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-01-30 12:39] S3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 11:17] S3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 04:23] . 'Ajoitetut tehtävät'-kansion sisältö "2008-05-01 20:15:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2004-07-21 21:20:05 C:\WINDOWS\Tasks\Rekisteröintimuistutus 1.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe "2004-07-27 20:20:00 C:\WINDOWS\Tasks\Rekisteröintimuistutus 2.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe "2004-08-03 18:50:00 C:\WINDOWS\Tasks\Rekisteröintimuistutus 3.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 13:49:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL] "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . Completion time: 2008-06-01 13:55:13 ComboFix-quarantined-files.txt 2008-06-01 10:55:08 Pre-Run: 57,238,396,928 tavua vapaana Post-Run: 57,255,555,072 tavua vapaana 282 --- E O F --- 2008-05-29 11:17:06 Malwarebytes' Anti-Malware logi: Malwarebytes' Anti-Malware 1.14 Tietokantaversio: 808 15:01:49 1.6.2008 mbam-log-6-1-2008 (15-01-49).txt Tarkistustyyppi: Täysi tarkistus (C:\|F:\|) Tarkistetut kohteet: 257651 Kulunut aika: 1 hour(s), 3 minute(s), 21 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 1 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 0 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: (Haitallisia kohteita ei löydetty) Tuore HjT-logi: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:25:25, on 1.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Apps\Powercinema\PCMService.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe F:\Ohjelmat\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe F:\Ohjelmat\PeerGuardian2\pg2.exe F:\Ohjelmat\Steam\Steam.exe F:\Ohjelmat\Xfire\xfire.exe F:\Ohjelmat\Pidgin\pidgin.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE F:\Ohjelmat\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [delcab] C:\drivers\deltreew.exe C:\cabs O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Ohjelmat\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PeerGuardian] F:\Ohjelmat\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [Steam] "F:\Ohjelmat\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = F:\Ohjelmat\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136818266453 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/NordicBet/FlashAX.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8614 bytes
Puhdasta tuli !!! Roskat pois. ****************************************** Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK *************************************************************************** Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat. ***************************************************************************
