My album virus?

Mulla on tuo My album virus joka levittää itseään messengirn kautta. Miten siitä pääsis eroon?

 

-> Lataa Hijackthis: http://koti.mbnet.fi/pattaya1/HijackThis.exe
-> Tallenna hakemistoon C:\hjt
->Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin:
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.


2. Valitse Uudelleennineä/ Rename.


3. Kirjoita scanner.exe

-> Käynnistä HijackThis ja klikkaa: do a system scan and save a logfile.
-> Lähetä ilmestynyt logisi tähän ketjuun

 

Tässä olis täälog minkä se anto.

Logfile of HijackThis v1.99.1
Scan saved at 17:02:02, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
C:\Program Files\ULiRaid\ULiRaid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webteh\BSplayer\bsplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mbnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159726745656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: system32 - {36385191-DFD5-4A76-980B-B6737D55A713} - sysprinters.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

tutkitaan eka täll

 

Vedin ton nyt ja avast löysi jonku troijalaisen se oli joku IRCbot. Ja tuli teksti loppuun että ei voi avata Combofix.txt mutta se aukas silti tän. Ja nyt ku kirjotin tätä tuli että palomuuri esti just vissiin messengerin yhteyden oton. Kannataako tohon nyt laittaa, että jatka estämistä?


"Razer" - 2007-07-11 17:35:07 - ComboFix 07-07-10.1 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-11 17:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 17:00 <KANSIO> d-------- C:\hjt
2007-07-09 21:29 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-07-09 21:24 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-09 16:37 <KANSIO> d-------- C:\msn
2007-07-08 18:16 <KANSIO> d-------- C:\cd
2007-07-05 23:59 24,040 --a------ C:\WINDOWS\system32\sysprinters.dll
2007-07-05 02:19 <KANSIO> d-------- C:\ll
2007-07-03 18:40 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-07-03 18:19 <KANSIO> d-------- C:\quake3 teamarena
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\RealMedia
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\DScaler5
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\CD Audio Reader Filter
2007-07-02 19:26 <KANSIO> d-------- C:\Program Files\SHOUTcast Source
2007-07-02 19:26 <KANSIO> d-------- C:\Program Files\Haali
2007-07-02 19:25 <KANSIO> d-------- C:\Program Files\DS-MP3 Source
2007-07-02 19:24 <KANSIO> d-------- C:\Program Files\Zoom Player
2007-07-01 23:12 <KANSIO> d-------- C:\tcopy
2007-07-01 23:01 <KANSIO> d-------- C:\winscp
2007-07-01 23:00 <KANSIO> d-------- C:\hear
2007-07-01 20:28 <KANSIO> d-------- C:\DOCUME~1\Razer\APPLIC~1\TeraCopy
2007-07-01 13:30 <KANSIO> d-------- C:\df
2007-07-01 13:02 <KANSIO> d-------- C:\lol
2007-07-01 12:39 <KANSIO> d-------- C:\ipod
2007-06-30 22:58 <KANSIO> d-------- C:\pianoplayer
2007-06-30 16:33 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-27 20:21 <KANSIO> d-------- C:\HammerAutosave
2007-06-27 19:51 <KANSIO> d-------- C:\mappaus
2007-06-22 12:00 <KANSIO> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-18 23:15 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-18 22:24 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-06-18 22:23 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-06-18 21:29 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-06-13 16:00 <KANSIO> d-------- C:\WINDOWS\pss
2007-06-11 21:34 <KANSIO> d-------- C:\ssct
2007-06-11 21:06 <KANSIO> d-------- C:\Program Files\ToniArts
2007-06-11 21:06 <KANSIO> d-------- C:\easycleaner
2007-06-11 03:56 37,057 --------- C:\WINDOWS\system32\kbpDinput.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 08:57:35 83,718 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-07-11 08:57:35 410,162 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-07-11 08:27:37 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\Xfire
2007-07-11 08:27:25 -------- d-----r C:\Program Files\Xfire
2007-07-09 09:32:53 -------- d-----w C:\Program Files\3DO
2007-07-06 23:41:26 -------- d-----w C:\Program Files\mIRC
2007-07-05 23:37:40 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-07-02 16:25:49 -------- d-----w C:\Program Files\ffdshow
2007-07-02 16:06:37 -------- d-----w C:\Program Files\Xvid
2007-06-30 20:24:45 -------- d-----w C:\Program Files\StepMania
2007-06-30 13:33:41 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\CyberLink
2007-06-30 13:32:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 13:31:54 -------- d-----w C:\Program Files\CyberLink
2007-06-29 20:59:02 -------- d-----w C:\Program Files\Gran Paradiso
2007-06-29 20:58:41 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\uTorrent
2007-06-11 18:11:12 -------- d-----w C:\Program Files\Game_Maker7
2007-06-11 17:53:49 -------- d-----w C:\Program Files\LcdStudio
2007-06-11 17:51:45 -------- d-----w C:\Program Files\Video Convert Master
2007-06-08 16:28:27 -------- d-----w C:\Program Files\Pivot Stickfigure Animator
2007-06-08 09:04:52 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\PlatformTeamKeep
2007-06-06 11:53:07 -------- d-----w C:\Program Files\Uusi kansio
2007-06-06 11:50:22 -------- d-----w C:\Program Files\MSBuild
2007-06-06 11:47:19 -------- d-----w C:\Program Files\Reference Assemblies
2007-06-05 17:35:02 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\dvdcss
2007-06-05 10:35:22 -------- d-----w C:\Program Files\WombatRSS
2007-06-05 10:13:31 -------- d-----w C:\Program Files\w(ombat)IRC
2007-06-03 19:44:25 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\teamspeak2
2007-05-26 19:12:38 39,424 ----a-w C:\WINDOWS\InjectMe.dll
2007-05-25 19:19:42 -------- d-----w C:\Program Files\StepMania CVS
2007-05-24 16:18:07 -------- d-----w C:\Program Files\AskTBar
2007-05-21 14:15:25 -------- d-----w C:\Program Files\Echovoice
2007-05-20 07:26:34 -------- d-----w C:\Program Files\D-Tools
2007-05-18 11:16:08 -------- d-----w C:\Program Files\3wPlayer
2007-05-18 11:14:34 -------- d-----w C:\Program Files\PlatformTeamKeep
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 10:54:48 -------- d-----w C:\Program Files\Blaze Media Pro
2007-05-12 09:51:11 -------- d-----w C:\Program Files\Ahead
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 15:25:30 9,008 --sh--r C:\WINDOWS\system32\msivs10.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 12:48:39 286,720 ------w C:\WINDOWS\Setup1.exe
2007-04-16 12:48:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-13 00:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-03-24 11:40:28 80 --sh--r C:\WINDOWS\system32\663413B7BE.dll
2007-03-24 11:44:08 9,008 --sh--r C:\WINDOWS\system32\msivsvt.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 16:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 10:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 13:43 C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"@"="" []
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 15:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 15:14]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 17:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-06 23:11]
"ULiRaid"="C:\Program Files\ULiRaid\ULiRaid.exe" [2006-01-12 15:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 16:21]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-06-28 02:26]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-28 10:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2007-01-24 21:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{36385191-DFD5-4A76-980B-B6737D55A713}"="sysprinters.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-04-28 10:35 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507f0ebb-d541-11db-af54-00138fa42403}]
AutoRun\command- I:\USBNB.exe


Contents of the 'Scheduled Tasks' folder
2007-06-28 06:48:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-11 14:37:02 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 17:38:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-11 17:38:39

--- E O F ---

 

Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

Tallenna se nimellä CFScript

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

Viel sellanen kysymys, käytätkö semmosia ohjelmia joita ei ole yleisessä jaossa/tai pienissä piireissä? tuolla jonkun verran tuntemattomia tiedostoja (googlellekin). Virustotaloidaa sitten niitä myöhemmin. Laita myös uusi hjtlogi ja kerro onko millasia ongelmia?

 

Tässä Tää combofix logi ja alempana HJT log. Ei tule mieleen mitään ohjelmaa jota en ole hakennut googlen kautta. Ennen avast ei löytänyt troijalaisia mutta nyt niitä tulee aina välillä ja virus levittää itseään mesessä. Muuten ei oo mitään haittaa ollu.



"Razer" - 2007-07-11 18:14:47 - ComboFix 07-07-10.1 - Service Pack 2
Command switches used :: C:\Documents and Settings\Razer\Ty”p”yt„\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\unvise32.exe


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-11 17:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 17:00 <KANSIO> d-------- C:\hjt
2007-07-09 21:29 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-07-09 21:24 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-09 16:37 <KANSIO> d-------- C:\msn
2007-07-08 18:16 <KANSIO> d-------- C:\cd
2007-07-05 02:19 <KANSIO> d-------- C:\ll
2007-07-03 18:19 <KANSIO> d-------- C:\quake3 teamarena
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\RealMedia
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\DScaler5
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\CD Audio Reader Filter
2007-07-02 19:26 <KANSIO> d-------- C:\Program Files\SHOUTcast Source
2007-07-02 19:26 <KANSIO> d-------- C:\Program Files\Haali
2007-07-02 19:25 <KANSIO> d-------- C:\Program Files\DS-MP3 Source
2007-07-02 19:24 <KANSIO> d-------- C:\Program Files\Zoom Player
2007-07-01 23:12 <KANSIO> d-------- C:\tcopy
2007-07-01 23:01 <KANSIO> d-------- C:\winscp
2007-07-01 23:00 <KANSIO> d-------- C:\hear
2007-07-01 20:28 <KANSIO> d-------- C:\DOCUME~1\Razer\APPLIC~1\TeraCopy
2007-07-01 13:30 <KANSIO> d-------- C:\df
2007-07-01 13:02 <KANSIO> d-------- C:\lol
2007-07-01 12:39 <KANSIO> d-------- C:\ipod
2007-06-30 22:58 <KANSIO> d-------- C:\pianoplayer
2007-06-30 16:33 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-27 20:21 <KANSIO> d-------- C:\HammerAutosave
2007-06-27 19:51 <KANSIO> d-------- C:\mappaus
2007-06-22 12:00 <KANSIO> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-18 23:15 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-18 22:24 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-06-18 22:23 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-06-18 21:29 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-06-13 16:00 <KANSIO> d-------- C:\WINDOWS\pss
2007-06-11 21:34 <KANSIO> d-------- C:\ssct
2007-06-11 21:06 <KANSIO> d-------- C:\Program Files\ToniArts
2007-06-11 21:06 <KANSIO> d-------- C:\easycleaner
2007-06-11 03:56 37,057 --------- C:\WINDOWS\system32\kbpDinput.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 08:57:35 83,718 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-07-11 08:57:35 410,162 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-07-11 08:27:37 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\Xfire
2007-07-11 08:27:25 -------- d-----r C:\Program Files\Xfire
2007-07-09 09:32:53 -------- d-----w C:\Program Files\3DO
2007-07-06 23:41:26 -------- d-----w C:\Program Files\mIRC
2007-07-05 23:37:40 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-07-02 16:25:49 -------- d-----w C:\Program Files\ffdshow
2007-07-02 16:06:37 -------- d-----w C:\Program Files\Xvid
2007-06-30 20:24:45 -------- d-----w C:\Program Files\StepMania
2007-06-30 13:33:41 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\CyberLink
2007-06-30 13:32:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 13:31:54 -------- d-----w C:\Program Files\CyberLink
2007-06-29 20:59:02 -------- d-----w C:\Program Files\Gran Paradiso
2007-06-29 20:58:41 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\uTorrent
2007-06-11 18:11:12 -------- d-----w C:\Program Files\Game_Maker7
2007-06-11 17:53:49 -------- d-----w C:\Program Files\LcdStudio
2007-06-11 17:51:45 -------- d-----w C:\Program Files\Video Convert Master
2007-06-08 16:28:27 -------- d-----w C:\Program Files\Pivot Stickfigure Animator
2007-06-08 09:04:52 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\PlatformTeamKeep
2007-06-06 11:53:07 -------- d-----w C:\Program Files\Uusi kansio
2007-06-06 11:50:22 -------- d-----w C:\Program Files\MSBuild
2007-06-06 11:47:19 -------- d-----w C:\Program Files\Reference Assemblies
2007-06-05 17:35:02 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\dvdcss
2007-06-05 10:35:22 -------- d-----w C:\Program Files\WombatRSS
2007-06-05 10:13:31 -------- d-----w C:\Program Files\w(ombat)IRC
2007-06-03 19:44:25 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\teamspeak2
2007-05-26 19:12:38 39,424 ----a-w C:\WINDOWS\InjectMe.dll
2007-05-25 19:19:42 -------- d-----w C:\Program Files\StepMania CVS
2007-05-24 16:18:07 -------- d-----w C:\Program Files\AskTBar
2007-05-21 14:15:25 -------- d-----w C:\Program Files\Echovoice
2007-05-20 07:26:34 -------- d-----w C:\Program Files\D-Tools
2007-05-18 11:16:08 -------- d-----w C:\Program Files\3wPlayer
2007-05-18 11:14:34 -------- d-----w C:\Program Files\PlatformTeamKeep
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 10:54:48 -------- d-----w C:\Program Files\Blaze Media Pro
2007-05-12 09:51:11 -------- d-----w C:\Program Files\Ahead
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 15:25:30 9,008 --sh--r C:\WINDOWS\system32\msivs10.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 12:48:39 286,720 ------w C:\WINDOWS\Setup1.exe
2007-04-16 12:48:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-13 00:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-03-24 11:40:28 80 --sh--r C:\WINDOWS\system32\663413B7BE.dll
2007-03-24 11:44:08 9,008 --sh--r C:\WINDOWS\system32\msivsvt.dll


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\WINDOWS\SxsCaPendDel ----


---- Directory of C:\msn ----

2007-07-09 16:37 11213 --a------ C:\msn\msnVirusRemoval.zip
2007-04-10 13:42 1055 --a------ C:\msn\msnVirusRemoval\Run.bat
1994-12-13 14:41 21584 --a------ C:\msn\msnVirusRemoval\KILL.EXE

---- Directory of C:\ll ----

2007-07-05 02:19 81104 --a------ C:\ll\koulu3.exe

---- Directory of Registry ----

Registry\

---- Directory of [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] ----

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]\

---- Directory of {36385191-DFD5-4A76-980B-B6737D55A713}=- ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 16:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 10:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 13:43 C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"@"="" []
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 15:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 15:14]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 17:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-06 23:11]
"ULiRaid"="C:\Program Files\ULiRaid\ULiRaid.exe" [2006-01-12 15:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 16:21]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-06-28 02:26]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-28 10:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2007-01-24 21:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-04-28 10:35 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507f0ebb-d541-11db-af54-00138fa42403}]
AutoRun\command- I:\USBNB.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-06-28 06:48:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-11 14:37:02 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 18:15:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...
Tässä on tää logi tuli combofix:stä Ja ei tule mieleen mitään ohjelmaa kaikki ohjelmat lataan googlen kautta... Ja tuolla alla on HJT log

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-11 18:15:58
C:\ComboFix-quarantined-files.txt ... 2007-07-11 18:15
C:\ComboFix2.txt ... 2007-07-11 17:38

--- E O F ---
Tässä HJTlog

Logfile of HijackThis v1.99.1
Scan saved at 18:21:12, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
C:\Program Files\ULiRaid\ULiRaid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Gran Paradiso\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mbnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159726745656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

Poista ohjauspaneelin lisää/poista sovelluksen kautta msn messenger

sitte poista tää kansio C:\msn ja C:\Program Files\MSN Messenger

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page ='
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Tässä ohje miten merkataan:


=======


Näin

Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen.


=========

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Laita myös uusi hijackthis ja combo logi

 

Tässä olis nää logit ja muut. F-sercure löysi jotain muutamia viruksia ja skippas noin 30 tiedostoo

Tässä Fsecuren reportti

Scanning Report
Wednesday, July 11, 2007 21:07:35 - 00:01:52

Computer name: PELIKONE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ H:\
Result: 8 malware found
Exploit.Java.Gimsh.a (virus)

* C:\Documents and Settings\Razer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-5ca47f8f-17a845f0.class (Renamed & Submitted)
* C:\Documents and Settings\Razer\Application Data\Sun\Java\Deployment\cache\6.0\34\3309722-3CF653AA.0 (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System

Trojan.Win32.Obfuscated.en (virus)

* C:\video fiksaus\play3w\3wPlayer-1.0.0.3-setup-0210.exe (Renamed & Submitted)

W32/Zlob.ADXB (virus)

* C:\Program Files\Logitech\G-series Software\SDK\LCDSDK_1.02.218.zip\Tools\VLCDCtrl.exe

Statistics
Scanned:

* Files: 324408
* System: 4602
* Not scanned: 74

Actions:

* Disinfected: 1
* Renamed: 2
* Deleted: 0
* None: 5
* Submitted: 3

Files not scanned:

* x
?P?AGEFILE.SYS C:\WINDOWS\TEMP\PERFLIB_PERFDATA_5F0.DAT
* C:\WINDOWS\TEMP\_AVAST4_\WEBSHLOCK.TXT
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{A3E0BF2D-71E3-4C73-9C83-3FB8B2123476}.BIN
* C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\JSCRIPT.DLL
* cstrike/sound/admin_plugin/goodluck.mp3
* cstrike/sound/admin_plugin/waitingforsuspect.mp3
* C:\SRCDS\CSTRIKE\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\SRCDS\CSTRIKE\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\WEETOSMURO\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\CU3.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\WEETOSMURO\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\WEETOSMURO\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* C:\Program Files\BitLord\Downloads\Prison Break S02E20 HDTV XviD-XOR [eztv]\Prison Break S02E20 HDTV XviD-XOR [eztv].rar\Prison Break S02E20 HDTV XviD-XOR [eztv].avi
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.313.HDTV-LOL.[VTV].AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E02.HDTV.XVID-LOL.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E03.HDTV.XVID-LOL.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E05.HDTV.XVID-LOL.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E07.HDTV.XVID-XOR.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E08.HDTV.XVID-XOR.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E10.MERRY.LITTLE.CHRISTMAS.HDTV.XVID-FQM.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E15.HDTV.XVID-LOL.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E16.HDTV.XVID-LOL.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E17.HDTV.XVID-XOR.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E20.HDTV.XVID-LOL.AVI.BC!
* C:\PROGRAM FILES\BITLORD\DOWNLOADS\HOUSE MD - SERIES 3 - EPISODES 01 - 24\HOUSE.S03E21.HDTV.XVID-LOL.AVI.BC!
* C:\PROGRAM FILES\ASKTBAR\POPSWATR\HISTORY\NOTALLOW
* C:\PROGRAM FILES\ASKTBAR\BAR\HISTORY\SEARCH2
* C:\PELIT\WORMS WORLD PARTY\WORMS_WORLD_PARTY.ISO
* bin/effects/B835D33C-0CEE-4B1D-838D-A784A628B0D7
* C:\PELIT\HEROES 5\BIN\HOMMV.MDF
* HOMMV.MDF
* C:\HEROES 5 BACKUP CS\IKYGUK\HOMMV.MDF
* HOMMV.MDF
* C:\DOCUMENTS AND SETTINGS\RAZER\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\ACCESSORY.CACHE
* C:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\1.JPG
* C:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\2.JPG
* C:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\3.JPG
* C:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\4.JPG
* C:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\5.JPG
* C:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\6.JPG
* C:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA fO?
<i
x
???">C:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\4.JPGC:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\5.JPGC:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\6.JPGC:\DOCUMENTS AND SETSR
x
?P? TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\7.JPGC:\DOCUMENTS AND SETTINGS\RAZER\OMAT TIEDOSTOT\EA GAMES\THE SIMS 2\PAINTINGS\8.JPGC:\DOCUMENTS AND SETTINGS\RAZER\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_84C.DATC:\DOCUMENTS AND SETTINGS\RAZER\LOCAL SETTINGS\APPLICATION DATA\PARTICIPATORY CULTURE FOUNDATION\DEMOCRACY PLAYER\PROFILES\66ZASDVO.DEFAULT\CACHE\_CACHE_002_C:\DOCUMENTS AND SETTINGS\RAZER\LOCAL SETTINGS\APPLICATION DATA\PARTICIPATORY CULTURE FOUNDATION\DEMOCRACY PLAYER\PROFILES\66ZASDVO.DEFAULT\CACHE\_CACHE_003_C:\DOCUMENTS AND SETTINGS\RAZER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DATC:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-12-2007 - 15-33-47.SBU\{13F76BF6-7355-4E3A-98A0-D7D2ACACB335}C:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-15-2007 - 17-12-35.SBU\{04A7F58D-5E21-40F0-BA7A-8EB1DE3ACB67}C:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-23-2007 - 15-07-35.SBU\{130F2BA6-E797-4DF7-8D92-0583BD78BE6C}C:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-26-2007 - 18-50-32.SBU\{C75E595D-7B85-4C8D-AC21-FF15BF9B092A}C:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-08-2007 - 12-04-51.SBU\{0BC05ECE-CE34-4408-80A3-8F1764DA040F}C:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-06-2007 - 04-26-31.SBU\{051251D8-F380-4A72-9375-67A1DC58BF76}C:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-09-2006 - 21-27-55.SBU\{1A68C75D-C378-48CD-A2C2-1479EFCFB0E2}C:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2006 - 11-23-20.SBU\{5EDD4791-090D-4A5B-ACFF-DCB7A611F1E6}C:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-23-2006 - 15-02-05.SBU\{1F599175-D468-40E5-8D3C-9E68FEEA808C}C:\Documents and Settings\Razer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-30-2006 - 15-20-35.SBU\{00286D30-DB1F-4051-91C5-260A1A0092C6}C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DATC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DATC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DATC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-07-11
* F-Secure AVP: 7.0.171, 2007-07-11
* F-Secure Orion: 1.2.37, 2007-07-11
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-06-10

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Tässä combofix log

"Razer" - 2007-07-12 0:03:48 - ComboFix 07-07-10.1 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-11 18:59 <KANSIO> d-------- C:\WINDOWS\LastGood
2007-07-11 17:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 17:00 <KANSIO> d-------- C:\hjt
2007-07-09 21:29 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-07-09 21:24 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-08 18:16 <KANSIO> d-------- C:\cd
2007-07-05 02:19 <KANSIO> d-------- C:\ll
2007-07-03 18:19 <KANSIO> d-------- C:\quake3 teamarena
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\RealMedia
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\DScaler5
2007-07-02 19:27 <KANSIO> d-------- C:\Program Files\CD Audio Reader Filter
2007-07-02 19:26 <KANSIO> d-------- C:\Program Files\SHOUTcast Source
2007-07-02 19:26 <KANSIO> d-------- C:\Program Files\Haali
2007-07-02 19:25 <KANSIO> d-------- C:\Program Files\DS-MP3 Source
2007-07-02 19:24 <KANSIO> d-------- C:\Program Files\Zoom Player
2007-07-01 23:12 <KANSIO> d-------- C:\tcopy
2007-07-01 23:01 <KANSIO> d-------- C:\winscp
2007-07-01 23:00 <KANSIO> d-------- C:\hear
2007-07-01 20:28 <KANSIO> d-------- C:\DOCUME~1\Razer\APPLIC~1\TeraCopy
2007-07-01 13:30 <KANSIO> d-------- C:\df
2007-07-01 13:02 <KANSIO> d-------- C:\lol
2007-07-01 12:39 <KANSIO> d-------- C:\ipod
2007-06-30 22:58 <KANSIO> d-------- C:\pianoplayer
2007-06-30 16:33 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-27 20:21 <KANSIO> d-------- C:\HammerAutosave
2007-06-27 19:51 <KANSIO> d-------- C:\mappaus
2007-06-22 12:00 <KANSIO> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-18 23:15 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-18 22:24 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-06-18 22:23 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-06-18 21:29 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-06-13 16:00 <KANSIO> d-------- C:\WINDOWS\pss


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 19:48:20 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\Xfire
2007-07-11 15:55:12 83,718 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-07-11 15:55:12 410,162 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-07-11 15:51:22 -------- d-----r C:\Program Files\Xfire
2007-07-09 09:32:53 -------- d-----w C:\Program Files\3DO
2007-07-06 23:41:26 -------- d-----w C:\Program Files\mIRC
2007-07-05 23:37:40 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-07-02 16:25:49 -------- d-----w C:\Program Files\ffdshow
2007-07-02 16:06:37 -------- d-----w C:\Program Files\Xvid
2007-06-30 20:24:45 -------- d-----w C:\Program Files\StepMania
2007-06-30 13:33:41 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\CyberLink
2007-06-30 13:32:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-30 13:31:54 -------- d-----w C:\Program Files\CyberLink
2007-06-29 20:59:02 -------- d-----w C:\Program Files\Gran Paradiso
2007-06-29 20:58:41 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\uTorrent
2007-06-11 18:11:12 -------- d-----w C:\Program Files\Game_Maker7
2007-06-11 18:06:57 -------- d-----w C:\Program Files\ToniArts
2007-06-11 17:53:49 -------- d-----w C:\Program Files\LcdStudio
2007-06-11 17:51:45 -------- d-----w C:\Program Files\Video Convert Master
2007-06-11 00:29:11 37,057 ------w C:\WINDOWS\system32\kbpDinput.dll
2007-06-08 16:28:27 -------- d-----w C:\Program Files\Pivot Stickfigure Animator
2007-06-08 09:04:52 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\PlatformTeamKeep
2007-06-06 11:53:07 -------- d-----w C:\Program Files\Uusi kansio
2007-06-06 11:50:22 -------- d-----w C:\Program Files\MSBuild
2007-06-06 11:47:19 -------- d-----w C:\Program Files\Reference Assemblies
2007-06-05 17:35:02 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\dvdcss
2007-06-05 10:35:22 -------- d-----w C:\Program Files\WombatRSS
2007-06-05 10:13:31 -------- d-----w C:\Program Files\w(ombat)IRC
2007-06-03 19:44:25 -------- d-----w C:\DOCUME~1\Razer\APPLIC~1\teamspeak2
2007-05-26 19:12:38 39,424 ----a-w C:\WINDOWS\InjectMe.dll
2007-05-25 19:19:42 -------- d-----w C:\Program Files\StepMania CVS
2007-05-24 16:18:07 -------- d-----w C:\Program Files\AskTBar
2007-05-21 14:15:25 -------- d-----w C:\Program Files\Echovoice
2007-05-20 07:26:34 -------- d-----w C:\Program Files\D-Tools
2007-05-18 11:16:08 -------- d-----w C:\Program Files\3wPlayer
2007-05-18 11:14:34 -------- d-----w C:\Program Files\PlatformTeamKeep
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 10:54:48 -------- d-----w C:\Program Files\Blaze Media Pro
2007-05-12 09:51:11 -------- d-----w C:\Program Files\Ahead
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 15:25:30 9,008 --sh--r C:\WINDOWS\system32\msivs10.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 12:48:39 286,720 ------w C:\WINDOWS\Setup1.exe
2007-04-16 12:48:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-13 00:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-03-24 11:40:28 80 --sh--r C:\WINDOWS\system32\663413B7BE.dll
2007-03-24 11:44:08 9,008 --sh--r C:\WINDOWS\system32\msivsvt.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 16:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 10:49 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"@"="" []
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 15:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 15:14]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 17:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-06 23:11]
"ULiRaid"="C:\Program Files\ULiRaid\ULiRaid.exe" [2006-01-12 15:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 16:21]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-06-28 02:26]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-28 10:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2007-01-24 21:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-04-28 10:35 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507f0ebb-d541-11db-af54-00138fa42403}]
AutoRun\command- I:\USBNB.exe

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER

Contents of the 'Scheduled Tasks' folder
2007-06-28 06:48:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-11 20:37:13 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-12 00:06:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\F-Secure Standalone Minifilter]
"ImagePath"="\??\C:\DOCUME~1\Razer\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fsbl]
"ImagePath"="\??\C:\DOCUME~1\Razer\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys"

Completion time: 2007-07-12 0:06:45
C:\ComboFix-quarantined-files.txt ... 2007-07-12 00:06
C:\ComboFix2.txt ... 2007-07-11 20:07
C:\ComboFix3.txt ... 2007-07-11 18:15

--- E O F ---

Tässä HJT log

Logfile of HijackThis v1.99.1
Scan saved at 0:07:31, on 12.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
C:\Program Files\ULiRaid\ULiRaid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Gran Paradiso\firefox.exe
C:\WINDOWS\explorer.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mbnet.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159726745656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

tuplapostaus.

 

Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:

Comodo
Kerio
Zonealarm

========

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.


* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

Laita sitten viel uusi hjtlogi =)