Tarkastaisiko joku Hijack lokin?

Kone temppuilee. Tulee virheilmoituksia esim. C:\windows\system32\winusime.dll. Superantispyware pois n. 20 haittaohjelmaa mutta ilmoituksia tulee edelleen. Nyt pääsee nettiin mutta ennen sitä ei päässyt. Kiitos etukäteen.

Logfile of HijackThis v1.99.1
Scan saved at 12:02:35, on 19.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Asta\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2245167b-c368-4255-aca6-8a0eda784c3e} - C:\WINDOWS\system32\tanokoge.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CPMc3d5aca7] Rundll32.exe "c:\windows\system32\nuvoyijo.dll",a
O4 - HKLM\..\Run: [c0e69f3b] rundll32.exe "C:\WINDOWS\system32\rezizafo.dll",b
O4 - HKLM\..\Run: [sapunehilo] Rundll32.exe "C:\WINDOWS\system32\pozihibi.dll",s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\winusime.dll c:\windows\system32\nuvoyijo.dll,C:\WINDOWS\system32\wibopovo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

 

Morjens

Tee uusi kansio C -aseman juureen ja nimeä se HijackThis nimiseksi. Tämän jälkeen mene työpöydälle, paina hiiren oikealla napilla HijackThis.exeä ja valitse "leikkaa". Mene sitten juuri luotuun HijackThis kansion sisälle ja paina tyhjään kohtaan hiiren oikealla napilla ja valitse "Liitä".

Nyt HijackThis on paremmassa tallessa ja sen tulevat varmuuskopiot ovat myös tallessa.

Seuraavaksi lukaise ohje aja Combofix:

http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje

Lopuksi postita Combofixin loki uuden HijackThis lokin kera tänne

 

Sain työn tehtyä. ensin ComboFixin loki

ComboFix 09-05-19.08 - Asta 20.05.2009 12:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.511.246 [GMT 3:00]
Sijainti: c:\documents and settings\Asta\Työpöytä\ComboFix.exe
AV: Panda Antivirus Pro 2009 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\375013
c:\windows\system32\aluwaget.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\izuguhar.ini
c:\windows\system32\kavumefe.dll.tmp
c:\windows\system32\mopifobi.dll
c:\windows\system32\ofazizer.ini
c:\windows\system32\ovfsthbivpqriuyxeclvssvqjtbpvpbboimebv.dll
c:\windows\system32\ovfsthbpxovrbvaswqyrldidflckbebvxrigfm.dat
c:\windows\system32\ovfsthbvwypxskbseimbnejekxofjqgmeoewim.dat
c:\windows\system32\ovfsthhmufwbwvvymfedkjrqxsxdhkvxuxducr.dat
c:\windows\system32\ovfsthjpwmdivnyriemncdkxnqtpcbcegjvfqq.dat
c:\windows\system32\ovfsthkmkencoxuaowiagagsrjqttnowmydrtm.dat
c:\windows\system32\ovfsthlhhlxdtahdkmwolyrkyldotnlacfnfod.dat
c:\windows\system32\ovfsthrfmrrvrrjetgusixrennnssfvxvklrtx.dat
c:\windows\system32\ovfsthrjcfmwpfmtltkjehlwkcvrcocfxrooea.dat
c:\windows\system32\ovfsthsadpyfxupymnnsprlsbqljjotmjyruxp.dat
c:\windows\system32\ovfsthtaxrssflnriyvbfxrixubveqcrqgfbnm.dat
c:\windows\system32\ovfsthxidwktavjstngpphrrqjvrbmlwmkpmnr.dat
c:\windows\system32\ovfsthypmagyqpkaqatbnyrarksheboivqpgax.dat
c:\windows\system32\P3wFfSm5.exe.a_a
c:\windows\system32\pozihibi.dll
c:\windows\system32\rifofune.dll
c:\windows\system32\siruboma.dll.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\unokituv.ini
c:\windows\system32\wibopovo.dll
c:\windows\system32\vutikonu.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-04-20 to 2009-05-20 )))))))))))))))))
.

2009-05-20 09:15 . 2009-05-20 09:16 -------- d-----w C:\HijackThis
2009-05-19 15:31 . 2009-05-19 15:31 -------- d-----w c:\documents and settings\LocalService\Työpöytä
2009-05-19 15:07 . 2009-05-19 17:20 -------- dc-h--w c:\documents and settings\All Users\Application Data\~0
2009-05-19 15:07 . 2009-05-19 17:20 -------- d-----w c:\program files\Lavasoft
2009-05-19 15:07 . 2009-05-19 17:20 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-19 12:50 . 2009-05-19 14:54 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 14:41 . 2009-05-20 09:49 223076 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-05-18 14:41 . 2008-06-18 13:06 46720 ----a-w c:\windows\system32\drivers\wnmflt.sys
2009-05-18 14:41 . 2008-06-18 13:06 52992 ----a-w c:\windows\system32\drivers\dsaflt.sys
2009-05-18 14:41 . 2008-06-18 13:06 193792 ----a-w c:\windows\system32\drivers\idsflt.sys
2009-05-18 14:40 . 2008-03-28 08:25 22072 ----a-w c:\windows\system32\drivers\fnetmon.sys
2009-05-18 14:40 . 2008-06-25 12:42 73728 ----a-w c:\windows\system32\drivers\APPFLT.SYS
2009-05-18 14:40 . 2008-07-11 11:58 158848 ----a-w c:\windows\system32\drivers\NETFLTDI.SYS
2009-05-18 14:38 . 2009-05-20 09:47 13880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-05-18 14:38 . 2009-05-18 14:38 -------- d-----w c:\documents and settings\Asta\Local Settings\Application Data\Panda Security
2009-05-18 14:37 . 2008-04-28 14:35 84024 ----a-w c:\windows\system32\drivers\pavdrv51.sys
2009-05-18 14:37 . 2009-05-18 14:37 249 ----a-w c:\windows\system32\PavCPL.dat
2009-05-18 14:36 . 2003-10-22 15:23 446464 ----a-w c:\windows\system32\HHActiveX.dll
2009-05-18 14:36 . 2008-06-24 11:48 193280 ----a-w c:\windows\system32\TpUtil.dll
2009-05-18 14:36 . 2007-02-08 08:53 107568 ----a-w c:\windows\system32\SYSTOOLS.DLL
2009-05-18 14:36 . 2009-03-17 16:07 87296 ----a-w c:\windows\system32\PavLspHook.dll
2009-05-18 14:36 . 2008-06-18 15:03 55552 ----a-w c:\windows\system32\pavipc.dll
2009-05-18 14:36 . 2008-06-18 15:03 520448 ----a-w c:\windows\system32\PavSHook.dll
2009-05-18 14:36 . 2008-06-26 08:25 197888 ----a-w c:\windows\system32\drivers\neti1634.sys
2009-05-18 14:36 . 2008-03-18 13:58 58672 ----a-w c:\windows\system32\avldr.dll
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\windows\system32\PAV
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\documents and settings\Asta\Application Data\Panda Security
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\documents and settings\All Users\Application Data\Panda Security
2009-05-18 14:33 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-18 14:33 . 2008-03-04 12:59 41144 ----a-w c:\windows\system32\drivers\ShlDrv51.sys
2009-05-18 14:33 . 2008-02-07 09:03 179640 ----a-w c:\windows\system32\drivers\PavProc.sys
2009-05-18 14:33 . 2009-05-18 14:33 -------- d-----w c:\program files\Common Files\Panda Security
2009-05-03 14:33 . 2009-05-03 14:33 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 09:49 . 2009-05-18 14:41 223076 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-05-20 09:47 . 2009-05-18 14:41 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-05-20 09:47 . 2009-05-18 14:41 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-05-18 14:39 . 2004-09-15 12:00 64812 ----a-w c:\windows\system32\perfc00B.dat
2009-05-18 14:39 . 2004-09-15 12:00 354486 ----a-w c:\windows\system32\perfh00B.dat
2009-05-18 14:36 . 2007-12-04 09:59 -------- d-----w c:\program files\Panda Security
2009-05-11 08:10 . 2005-12-03 20:35 -------- d-----w c:\program files\Lexmark X1100 Series
2009-04-30 05:14 . 2008-04-01 10:39 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-25 11:15 . 2006-04-20 12:19 -------- d-----w c:\program files\BitComet
2009-04-06 09:19 . 2005-12-07 15:54 -------- d-----w c:\program files\Java
2009-04-03 12:52 . 2008-07-01 13:20 34 ----a-w c:\documents and settings\Asta\jagex_runescape_preferences.dat
2009-04-02 09:49 . 2008-11-27 10:28 -------- d-----w c:\program files\Vodafone PC Assistant
2009-03-25 12:21 . 2009-03-25 12:21 -------- d-----r c:\program files\Skype
2009-03-25 12:21 . 2009-03-25 12:21 -------- d-----w c:\program files\Common Files\Skype
2009-03-09 02:19 . 2008-12-16 08:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:21 . 2004-09-15 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2004-09-15 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:16 . 2004-09-15 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2008-11-08 07:54 . 2008-11-07 14:49 88 --sh--r c:\windows\system32\9E96D80CEF.sys
2008-11-08 08:10 . 2008-11-07 14:49 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 68856]
"IECheck"="c:\windows\IECheck.exe" [2005-11-17 108544]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-06-04 1400944]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-12 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-4 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-6-17 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-12-3 565248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 09:26 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wibopovo.dll c:\windows\system32\rifofune.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [18.5.2009 17:33 28544]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [18.10.2006 14:49 149376]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [18.5.2009 17:40 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [18.5.2009 17:41 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [18.5.2009 17:40 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [18.5.2009 17:41 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [18.5.2009 17:40 158848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [29.2.2008 16:03 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29.2.2008 16:03 55024]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [18.5.2009 17:33 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [18.5.2009 17:41 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [18.5.2009 17:33 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [18.5.2009 17:37 28928]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [18.5.2009 17:38 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [18.5.2009 17:36 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
S3 DIGIRPS;Digi PortServer -ohjain;c:\windows\system32\drivers\digirlpt.sys [21.2.2006 15:34 42432]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [27.11.2008 13:29 101120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
'Ajoitetut tehtävät'-kansion sisältö
.
- - - - POISTETUT JÄMÄRIVIT - - - -

BHO-{2245167b-c368-4255-aca6-8a0eda784c3e} - c:\windows\system32\tanokoge.dll
HKCU-Run-MsnMsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-prnet - c:\windows\system32\prnet.tmp
HKLM-Run-prnet - c:\windows\system32\prnet.tmp
HKLM-Run-c0e69f3b - c:\windows\system32\tegawula.dll
HKLM-Run-NWEReboot - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Asta\Application Data\Mozilla\Firefox\Profiles\i9kpghlj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Asta\Application Data\Mozilla\Firefox\Profiles\i9kpghlj.default\extensions\fi@dictionaries.addons.mozilla.org\platform\WINNT_x86-msvc\components\mozvoikko.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
.
.
------- Tiedostokytkennät -------
.
JSEFile=c:\progra~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 12:48
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\rifofune.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fin.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\imapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\FIREWALL\PSHost.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-05-20 12:55 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-05-20 09:55

Ennen ajoa: 34 006 904 832 tavua vapaana
Ajon jälkeen: 33 978 785 792 tavua vapaana

WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

297 --- E O F --- 2009-05-13 16:05




Tässä hijack loki.

Logfile of HijackThis v1.99.1
Scan saved at 12:59:47, on 20.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibopovo.dll c:\windows\system32\rifofune.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

 

Moi

Avaa HijackThis.
Klikkaa "Do system scan only".
Merkkaa nämä seuraavat tummennetut rivit:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibopovo.dll c:\windows\system32\rifofune.dll


Sulje kaikki muut ikkunat, paitsi HjT.
Sammuta myös selaimesi.
Klikkaa sitten HjT:ssä nappia "Fix checked".
Vastaa kysymyksiin "Kyllä"/"Yes".
Sulje HijackThis.

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna nimellä CFScript.

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne uuden HijackThis-lokin kera.
___________________

Lataa Atribunen ATF Cleaner:
http://www.atribune.org/ccount/click.php?id=1

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.

Main:n alla valitse: "Select All"
Klikkaa "Empty Selected" valintaa.

Jos käytät FireFoxia selaimenasi: Klikkaa "Firefox" yläpuolelta ja valitse: "Select All"
Klikkaa "Empty Selected" valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa "No" kun se sitä kysyy.

Jos käytät Operaa selaimenasi: Klikkaa "Opera" yläpuolelta ja valitse: "Select All"
Klikkaa "Empty Selected" valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa "No" kun se sitä kysyy.

Klikkaa "Exit" päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
_______________________

Lataa Malwarebytes' Anti-Malware työpöydällesi:
http://www.besttechie.net/tools/mbam-setup.exe

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
http://malwarebytes.gt500.org/mbam-setup.exe]Linkki1
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: "Päivitä Malwarebytes' Anti-Malware" ja "Käynnistä Malwarebytes' Anti-Malware" ja sen jälkeen klikkaa "Lopeta".
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset http://www.malwarebytes.org/mbam/database/mbam-rules.exe Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.

* Kun ohjelma on latautunut ja päivitykset tehty, valitse "Suorita täysi tarkistus" ja klikkaa "Tarkista".
* Kun tarkistus on valmis, klikkaa "OK" ja sitten "Näytä tulokset" nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa "Poista valitut".
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.

* Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.

Postita Combofixin loki, Mbamin loki ja uusi HijackThis loki tänne

 

Tervehdys.

Ohjelmat ajettu. Yksi vaihe jäi pois. Mitään queteboxin sisältöä ei tullut. Olisko johtunut siitä että käytössä oli vanhempi Hijack versio eli se raahaushomma ei onnistunut. Päivitin Hijackin. Tässä kuitenkin kaikki lokit.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:57, on 20.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavJobs.exe
C:\HIJACK\HijackThis.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Upgrader.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 13303 bytes

Sitten mbam loki

Malwarebytes' Anti-Malware 1.36
Tietokantaversio: 2158
Windows 5.1.2600 Service Pack 3

20.5.2009 20:33:20
mbam-log-2009-05-20 (20-33-20).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 178502
Kulunut aika: 59 minute(s), 26 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 3
Saastuneita rekisterikohteita: 1
Saastuneita hakemistoja: 4
Saastuneita tiedostoja: 25

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Program Files\Microsoft Games\Zoo Tycoon\dw.exe (Worm.Luder) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kavumefe.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\siruboma.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vutikonu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275448.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275449.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275455.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275456.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275458.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275459.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275460.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275463.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275464.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275467.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275469.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275470.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275472.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275473.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275475.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275461.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP944\A0275782.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.


Sitten ComboFix loki

ComboFix 09-05-19.08 - Asta 20.05.2009 20:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.511.98 [GMT 3:00]
Sijainti: c:\documents and settings\Asta\Työpöytä\ComboFix.exe
AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2009 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-04-20 to 2009-05-20 )))))))))))))))))
.

2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w c:\documents and settings\Asta\Application Data\Malwarebytes
2009-05-20 16:30 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 16:30 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 16:07 . 2009-05-20 16:08 -------- d-----w C:\HIJACK
2009-05-20 09:15 . 2009-05-20 16:17 -------- d-----w C:\HijackThis
2009-05-19 15:31 . 2009-05-19 15:31 -------- d-----w c:\documents and settings\LocalService\Työpöytä
2009-05-19 15:07 . 2009-05-19 17:20 -------- dc-h--w c:\documents and settings\All Users\Application Data\~0
2009-05-19 15:07 . 2009-05-19 17:20 -------- d-----w c:\program files\Lavasoft
2009-05-19 15:07 . 2009-05-19 17:20 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-19 12:50 . 2009-05-19 14:54 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 14:41 . 2009-05-20 17:39 225248 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-05-18 14:41 . 2008-06-18 13:06 46720 ----a-w c:\windows\system32\drivers\wnmflt.sys
2009-05-18 14:41 . 2008-06-18 13:06 52992 ----a-w c:\windows\system32\drivers\dsaflt.sys
2009-05-18 14:41 . 2008-06-18 13:06 193792 ----a-w c:\windows\system32\drivers\idsflt.sys
2009-05-18 14:40 . 2008-03-28 08:25 22072 ----a-w c:\windows\system32\drivers\fnetmon.sys
2009-05-18 14:40 . 2008-06-25 12:42 73728 ----a-w c:\windows\system32\drivers\APPFLT.SYS
2009-05-18 14:40 . 2008-07-11 11:58 158848 ----a-w c:\windows\system32\drivers\NETFLTDI.SYS
2009-05-18 14:38 . 2009-05-20 17:38 13880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-05-18 14:38 . 2009-05-18 14:38 -------- d-----w c:\documents and settings\Asta\Local Settings\Application Data\Panda Security
2009-05-18 14:37 . 2008-04-28 14:35 84024 ----a-w c:\windows\system32\drivers\pavdrv51.sys
2009-05-18 14:37 . 2009-05-18 14:37 249 ----a-w c:\windows\system32\PavCPL.dat
2009-05-18 14:36 . 2003-10-22 15:23 446464 ----a-w c:\windows\system32\HHActiveX.dll
2009-05-18 14:36 . 2008-06-24 11:48 193280 ----a-w c:\windows\system32\TpUtil.dll
2009-05-18 14:36 . 2007-02-08 08:53 107568 ----a-w c:\windows\system32\SYSTOOLS.DLL
2009-05-18 14:36 . 2009-03-17 16:07 87296 ----a-w c:\windows\system32\PavLspHook.dll
2009-05-18 14:36 . 2008-06-18 15:03 55552 ----a-w c:\windows\system32\pavipc.dll
2009-05-18 14:36 . 2008-06-18 15:03 520448 ----a-w c:\windows\system32\PavSHook.dll
2009-05-18 14:36 . 2008-06-26 08:25 197888 ----a-w c:\windows\system32\drivers\neti1634.sys
2009-05-18 14:36 . 2008-03-18 13:58 58672 ----a-w c:\windows\system32\avldr.dll
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\windows\system32\PAV
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\documents and settings\Asta\Application Data\Panda Security
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\documents and settings\All Users\Application Data\Panda Security
2009-05-18 14:33 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-18 14:33 . 2008-03-04 12:59 41144 ----a-w c:\windows\system32\drivers\ShlDrv51.sys
2009-05-18 14:33 . 2008-02-07 09:03 179640 ----a-w c:\windows\system32\drivers\PavProc.sys
2009-05-18 14:33 . 2009-05-18 14:33 -------- d-----w c:\program files\Common Files\Panda Security
2009-05-03 14:33 . 2009-05-03 14:33 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 17:39 . 2009-05-18 14:41 225248 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-05-20 17:39 . 2009-05-18 14:41 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-05-20 17:39 . 2009-05-18 14:41 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-05-18 14:39 . 2004-09-15 12:00 64812 ----a-w c:\windows\system32\perfc00B.dat
2009-05-18 14:39 . 2004-09-15 12:00 354486 ----a-w c:\windows\system32\perfh00B.dat
2009-05-18 14:36 . 2007-12-04 09:59 -------- d-----w c:\program files\Panda Security
2009-05-11 08:10 . 2005-12-03 20:35 -------- d-----w c:\program files\Lexmark X1100 Series
2009-04-30 05:14 . 2008-04-01 10:39 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-25 11:15 . 2006-04-20 12:19 -------- d-----w c:\program files\BitComet
2009-04-06 09:19 . 2005-12-07 15:54 -------- d-----w c:\program files\Java
2009-04-03 12:52 . 2008-07-01 13:20 34 ----a-w c:\documents and settings\Asta\jagex_runescape_preferences.dat
2009-04-02 09:49 . 2008-11-27 10:28 -------- d-----w c:\program files\Vodafone PC Assistant
2009-03-25 12:21 . 2009-03-25 12:21 -------- d-----r c:\program files\Skype
2009-03-25 12:21 . 2009-03-25 12:21 -------- d-----w c:\program files\Common Files\Skype
2009-03-09 02:19 . 2008-12-16 08:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:21 . 2004-09-15 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2004-09-15 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:16 . 2004-09-15 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2008-11-08 07:54 . 2008-11-07 14:49 88 --sh--r c:\windows\system32\9E96D80CEF.sys
2008-11-08 08:10 . 2008-11-07 14:49 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-20_09.49.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 17:37 . 2009-05-20 17:37 16384 c:\windows\Temp\Perflib_Perfdata_180.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 68856]
"IECheck"="c:\windows\IECheck.exe" [2005-11-17 108544]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-06-04 1400944]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-12 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-4 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-6-17 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-12-3 565248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 09:26 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [18.5.2009 17:33 28544]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [18.10.2006 14:49 149376]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [18.5.2009 17:40 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [18.5.2009 17:41 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [18.5.2009 17:40 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [18.5.2009 17:41 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [18.5.2009 17:40 158848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [29.2.2008 16:03 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29.2.2008 16:03 55024]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [18.5.2009 17:33 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [18.5.2009 17:41 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [18.5.2009 17:33 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [18.5.2009 17:37 28928]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [18.5.2009 17:38 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [18.5.2009 17:36 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
S3 DIGIRPS;Digi PortServer -ohjain;c:\windows\system32\drivers\digirlpt.sys [21.2.2006 15:34 42432]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [27.11.2008 13:29 101120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Asta\Application Data\Mozilla\Firefox\Profiles\i9kpghlj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Asta\Application Data\Mozilla\Firefox\Profiles\i9kpghlj.default\extensions\fi@dictionaries.addons.mozilla.org\platform\WINNT_x86-msvc\components\mozvoikko.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 20:48
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\rifofune.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(2204)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Valmistumisajankohta: 2009-05-20 20:50
ComboFix-quarantined-files.txt 2009-05-20 17:50
ComboFix2.txt 2009-05-20 09:56

Ennen ajoa: 33 968 898 048 tavua vapaana
Ajon jälkeen: 33 959 415 808 tavua vapaana

216 --- E O F --- 2009-05-13 16:05

 

moi

Sun pitää kopioida seuraava teksti tekstiedostoon ja nimetä se cfscriptiksi:
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]

Ja se pitää vetää Combofix.exeen, Ei HijackThis.exeen

Koita tuo combofix vaihe siis uudelleen ja postita Combofixin antama loki tänne

 

Huomenta.

Tässä uusi ComboFix loki.

ComboFix 09-05-19.08 - Asta 21.05.2009 10:31.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.511.205 [GMT 3:00]
Sijainti: c:\documents and settings\Asta\Työpöytä\ComboFix.exe
AV: Panda Antivirus Pro 2009 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-04-21 to 2009-05-21 )))))))))))))))))
.

2009-05-21 07:26 . 2009-05-21 07:27 -------- d-----w C:\32788R22FWJFW
2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w c:\documents and settings\Asta\Application Data\Malwarebytes
2009-05-20 16:30 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 16:30 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 16:07 . 2009-05-20 16:08 -------- d-----w C:\HIJACK
2009-05-20 09:15 . 2009-05-20 16:17 -------- d-----w C:\HijackThis
2009-05-19 15:31 . 2009-05-19 15:31 -------- d-----w c:\documents and settings\LocalService\Työpöytä
2009-05-19 15:07 . 2009-05-19 17:20 -------- dc-h--w c:\documents and settings\All Users\Application Data\~0
2009-05-19 15:07 . 2009-05-19 17:20 -------- d-----w c:\program files\Lavasoft
2009-05-19 15:07 . 2009-05-19 17:20 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-19 12:50 . 2009-05-19 14:54 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 14:41 . 2009-05-21 07:27 227420 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-05-18 14:41 . 2008-06-18 13:06 46720 ----a-w c:\windows\system32\drivers\wnmflt.sys
2009-05-18 14:41 . 2008-06-18 13:06 52992 ----a-w c:\windows\system32\drivers\dsaflt.sys
2009-05-18 14:41 . 2008-06-18 13:06 193792 ----a-w c:\windows\system32\drivers\idsflt.sys
2009-05-18 14:40 . 2008-03-28 08:25 22072 ----a-w c:\windows\system32\drivers\fnetmon.sys
2009-05-18 14:40 . 2008-06-25 12:42 73728 ----a-w c:\windows\system32\drivers\APPFLT.SYS
2009-05-18 14:40 . 2008-07-11 11:58 158848 ----a-w c:\windows\system32\drivers\NETFLTDI.SYS
2009-05-18 14:38 . 2009-05-21 07:08 13880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-05-18 14:38 . 2009-05-18 14:38 -------- d-----w c:\documents and settings\Asta\Local Settings\Application Data\Panda Security
2009-05-18 14:37 . 2008-04-28 14:35 84024 ----a-w c:\windows\system32\drivers\pavdrv51.sys
2009-05-18 14:37 . 2009-05-18 14:37 249 ----a-w c:\windows\system32\PavCPL.dat
2009-05-18 14:36 . 2003-10-22 15:23 446464 ----a-w c:\windows\system32\HHActiveX.dll
2009-05-18 14:36 . 2008-06-24 11:48 193280 ----a-w c:\windows\system32\TpUtil.dll
2009-05-18 14:36 . 2007-02-08 08:53 107568 ----a-w c:\windows\system32\SYSTOOLS.DLL
2009-05-18 14:36 . 2009-03-17 16:07 87296 ----a-w c:\windows\system32\PavLspHook.dll
2009-05-18 14:36 . 2008-06-18 15:03 55552 ----a-w c:\windows\system32\pavipc.dll
2009-05-18 14:36 . 2008-06-18 15:03 520448 ----a-w c:\windows\system32\PavSHook.dll
2009-05-18 14:36 . 2008-06-26 08:25 197888 ----a-w c:\windows\system32\drivers\neti1634.sys
2009-05-18 14:36 . 2008-03-18 13:58 58672 ----a-w c:\windows\system32\avldr.dll
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\windows\system32\PAV
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\documents and settings\Asta\Application Data\Panda Security
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\documents and settings\All Users\Application Data\Panda Security
2009-05-18 14:33 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-18 14:33 . 2008-03-04 12:59 41144 ----a-w c:\windows\system32\drivers\ShlDrv51.sys
2009-05-18 14:33 . 2008-02-07 09:03 179640 ----a-w c:\windows\system32\drivers\PavProc.sys
2009-05-18 14:33 . 2009-05-18 14:33 -------- d-----w c:\program files\Common Files\Panda Security
2009-05-03 14:33 . 2009-05-03 14:33 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 07:27 . 2009-05-18 14:41 227420 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-05-21 07:08 . 2009-05-18 14:41 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-05-21 07:08 . 2009-05-18 14:41 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-05-18 14:39 . 2004-09-15 12:00 64812 ----a-w c:\windows\system32\perfc00B.dat
2009-05-18 14:39 . 2004-09-15 12:00 354486 ----a-w c:\windows\system32\perfh00B.dat
2009-05-18 14:36 . 2007-12-04 09:59 -------- d-----w c:\program files\Panda Security
2009-05-11 08:10 . 2005-12-03 20:35 -------- d-----w c:\program files\Lexmark X1100 Series
2009-04-30 05:14 . 2008-04-01 10:39 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-25 11:15 . 2006-04-20 12:19 -------- d-----w c:\program files\BitComet
2009-04-06 09:19 . 2005-12-07 15:54 -------- d-----w c:\program files\Java
2009-04-03 12:52 . 2008-07-01 13:20 34 ----a-w c:\documents and settings\Asta\jagex_runescape_preferences.dat
2009-04-02 09:49 . 2008-11-27 10:28 -------- d-----w c:\program files\Vodafone PC Assistant
2009-03-25 12:21 . 2009-03-25 12:21 -------- d-----r c:\program files\Skype
2009-03-25 12:21 . 2009-03-25 12:21 -------- d-----w c:\program files\Common Files\Skype
2009-03-09 02:19 . 2008-12-16 08:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:21 . 2004-09-15 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2004-09-15 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:16 . 2004-09-15 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2008-11-08 07:54 . 2008-11-07 14:49 88 --sh--r c:\windows\system32\9E96D80CEF.sys
2008-11-08 08:10 . 2008-11-07 14:49 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-20_09.49.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-21 07:07 . 2009-05-21 07:07 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 68856]
"IECheck"="c:\windows\IECheck.exe" [2005-11-17 108544]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-06-04 1400944]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-12 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-4 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-6-17 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-12-3 565248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 09:26 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [18.5.2009 17:33 28544]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [18.10.2006 14:49 149376]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [18.5.2009 17:40 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [18.5.2009 17:41 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [18.5.2009 17:40 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [18.5.2009 17:41 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [18.5.2009 17:40 158848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [29.2.2008 16:03 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29.2.2008 16:03 55024]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [18.5.2009 17:33 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [18.5.2009 17:41 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [18.5.2009 17:33 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [18.5.2009 17:37 28928]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [18.5.2009 17:38 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [18.5.2009 17:36 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
S3 DIGIRPS;Digi PortServer -ohjain;c:\windows\system32\drivers\digirlpt.sys [21.2.2006 15:34 42432]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [27.11.2008 13:29 101120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Asta\Application Data\Mozilla\Firefox\Profiles\i9kpghlj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Asta\Application Data\Mozilla\Firefox\Profiles\i9kpghlj.default\extensions\fi@dictionaries.addons.mozilla.org\platform\WINNT_x86-msvc\components\mozvoikko.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
.
.
------- Tiedostokytkennät -------
.
JSEFile=c:\progra~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 10:35
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\rifofune.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(3860)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Valmistumisajankohta: 2009-05-21 10:37
ComboFix-quarantined-files.txt 2009-05-21 07:37
ComboFix2.txt 2009-05-20 17:50
ComboFix3.txt 2009-05-20 09:56

Ennen ajoa: 33 899 196 416 tavua vapaana
Ajon jälkeen: 33 887 703 040 tavua vapaana

225 --- E O F --- 2009-05-21 07:22

 

Combofix kertoo, että et ole onnistunut vetämään CFScript.txt tiedostoa siihen...

Teitkö kuten tässä kuvassa on?



Eli tallennat CFScript tiedoston työpöydälle (sisältää ton tekstinpätkän) ja sitten vedät sen tiedoston Combofixin päälle, kuten kuvassa. Tämän jälkeen Combofixin pitäisi ITSE aueta ja tehdä tarvittavat toimet (Jos kuitenkin kysyy jotain niin vastaa myöneisesti)

 

No joo. Olimpas tyhmä. Nyt onnistui.

ComboFix 09-05-19.08 - Asta 21.05.2009 12:05.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.511.210 [GMT 3:00]
Sijainti: c:\documents and settings\Asta\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\Asta\Työpöytä\cfscript.txt
AV: Panda Antivirus Pro 2009 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-04-21 to 2009-05-21 )))))))))))))))))
.

2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w c:\documents and settings\Asta\Application Data\Malwarebytes
2009-05-20 16:30 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 16:30 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 16:30 . 2009-05-20 16:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 16:07 . 2009-05-20 16:08 -------- d-----w C:\HIJACK
2009-05-20 09:15 . 2009-05-20 16:17 -------- d-----w C:\HijackThis
2009-05-19 15:31 . 2009-05-19 15:31 -------- d-----w c:\documents and settings\LocalService\Työpöytä
2009-05-19 15:07 . 2009-05-19 17:20 -------- dc-h--w c:\documents and settings\All Users\Application Data\~0
2009-05-19 15:07 . 2009-05-19 17:20 -------- d-----w c:\program files\Lavasoft
2009-05-19 15:07 . 2009-05-19 17:20 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-19 12:50 . 2009-05-19 14:54 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 14:41 . 2009-05-21 07:27 227420 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-05-18 14:41 . 2008-06-18 13:06 46720 ----a-w c:\windows\system32\drivers\wnmflt.sys
2009-05-18 14:41 . 2008-06-18 13:06 52992 ----a-w c:\windows\system32\drivers\dsaflt.sys
2009-05-18 14:41 . 2008-06-18 13:06 193792 ----a-w c:\windows\system32\drivers\idsflt.sys
2009-05-18 14:40 . 2008-03-28 08:25 22072 ----a-w c:\windows\system32\drivers\fnetmon.sys
2009-05-18 14:40 . 2008-06-25 12:42 73728 ----a-w c:\windows\system32\drivers\APPFLT.SYS
2009-05-18 14:40 . 2008-07-11 11:58 158848 ----a-w c:\windows\system32\drivers\NETFLTDI.SYS
2009-05-18 14:38 . 2009-05-21 07:08 13880 ----a-w c:\windows\system32\drivers\COMFiltr.sys
2009-05-18 14:38 . 2009-05-18 14:38 -------- d-----w c:\documents and settings\Asta\Local Settings\Application Data\Panda Security
2009-05-18 14:37 . 2008-04-28 14:35 84024 ----a-w c:\windows\system32\drivers\pavdrv51.sys
2009-05-18 14:37 . 2009-05-18 14:37 249 ----a-w c:\windows\system32\PavCPL.dat
2009-05-18 14:36 . 2003-10-22 15:23 446464 ----a-w c:\windows\system32\HHActiveX.dll
2009-05-18 14:36 . 2008-06-24 11:48 193280 ----a-w c:\windows\system32\TpUtil.dll
2009-05-18 14:36 . 2007-02-08 08:53 107568 ----a-w c:\windows\system32\SYSTOOLS.DLL
2009-05-18 14:36 . 2009-03-17 16:07 87296 ----a-w c:\windows\system32\PavLspHook.dll
2009-05-18 14:36 . 2008-06-18 15:03 55552 ----a-w c:\windows\system32\pavipc.dll
2009-05-18 14:36 . 2008-06-18 15:03 520448 ----a-w c:\windows\system32\PavSHook.dll
2009-05-18 14:36 . 2008-06-26 08:25 197888 ----a-w c:\windows\system32\drivers\neti1634.sys
2009-05-18 14:36 . 2008-03-18 13:58 58672 ----a-w c:\windows\system32\avldr.dll
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\windows\system32\PAV
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\documents and settings\Asta\Application Data\Panda Security
2009-05-18 14:36 . 2009-05-18 14:36 -------- d-----w c:\documents and settings\All Users\Application Data\Panda Security
2009-05-18 14:33 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-18 14:33 . 2008-03-04 12:59 41144 ----a-w c:\windows\system32\drivers\ShlDrv51.sys
2009-05-18 14:33 . 2008-02-07 09:03 179640 ----a-w c:\windows\system32\drivers\PavProc.sys
2009-05-18 14:33 . 2009-05-18 14:33 -------- d-----w c:\program files\Common Files\Panda Security
2009-05-03 14:33 . 2009-05-03 14:33 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 07:27 . 2009-05-18 14:41 227420 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-05-21 07:08 . 2009-05-18 14:41 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-05-21 07:08 . 2009-05-18 14:41 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-05-18 14:39 . 2004-09-15 12:00 64812 ----a-w c:\windows\system32\perfc00B.dat
2009-05-18 14:39 . 2004-09-15 12:00 354486 ----a-w c:\windows\system32\perfh00B.dat
2009-05-18 14:36 . 2007-12-04 09:59 -------- d-----w c:\program files\Panda Security
2009-05-11 08:10 . 2005-12-03 20:35 -------- d-----w c:\program files\Lexmark X1100 Series
2009-04-30 05:14 . 2008-04-01 10:39 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-25 11:15 . 2006-04-20 12:19 -------- d-----w c:\program files\BitComet
2009-04-06 09:19 . 2005-12-07 15:54 -------- d-----w c:\program files\Java
2009-04-03 12:52 . 2008-07-01 13:20 34 ----a-w c:\documents and settings\Asta\jagex_runescape_preferences.dat
2009-04-02 09:49 . 2008-11-27 10:28 -------- d-----w c:\program files\Vodafone PC Assistant
2009-03-25 12:21 . 2009-03-25 12:21 -------- d-----r c:\program files\Skype
2009-03-25 12:21 . 2009-03-25 12:21 -------- d-----w c:\program files\Common Files\Skype
2009-03-09 02:19 . 2008-12-16 08:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:21 . 2004-09-15 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2004-09-15 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:16 . 2004-09-15 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2008-11-08 07:54 . 2008-11-07 14:49 88 --sh--r c:\windows\system32\9E96D80CEF.sys
2008-11-08 08:10 . 2008-11-07 14:49 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-20_09.49.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-21 07:07 . 2009-05-21 07:07 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 68856]
"IECheck"="c:\windows\IECheck.exe" [2005-11-17 108544]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-06-04 1400944]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-12 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-4 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-6-17 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-12-3 565248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 09:26 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [18.5.2009 17:33 28544]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [18.10.2006 14:49 149376]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [18.5.2009 17:40 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [18.5.2009 17:41 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [18.5.2009 17:40 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [18.5.2009 17:41 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [18.5.2009 17:40 158848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [29.2.2008 16:03 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29.2.2008 16:03 55024]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [18.5.2009 17:33 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [18.5.2009 17:41 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [18.5.2009 17:33 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [18.5.2009 17:37 28928]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [18.5.2009 17:38 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [18.5.2009 17:36 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
S3 DIGIRPS;Digi PortServer -ohjain;c:\windows\system32\drivers\digirlpt.sys [21.2.2006 15:34 42432]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [27.11.2008 13:29 101120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Asta\Application Data\Mozilla\Firefox\Profiles\i9kpghlj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Asta\Application Data\Mozilla\Firefox\Profiles\i9kpghlj.default\extensions\fi@dictionaries.addons.mozilla.org\platform\WINNT_x86-msvc\components\mozvoikko.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 12:08
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(3740)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Valmistumisajankohta: 2009-05-21 12:11
ComboFix-quarantined-files.txt 2009-05-21 09:11
ComboFix2.txt 2009-05-21 07:37
ComboFix3.txt 2009-05-20 17:50
ComboFix4.txt 2009-05-20 09:56

Ennen ajoa: 33 895 403 520 tavua vapaana
Ajon jälkeen: 33 883 938 816 tavua vapaana

215 --- E O F --- 2009-05-21 07:22

 

Moi

Hyvä homma

Skannataan kone vielä Kasperskyllä koska Mbamkin poisti aika paljon roskaa.

Skannaa koneesi Kaspersky Online Skannerilla:
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa "Accept".
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa "Aja/Run".
* Kun lataus on valmis, klikkaa "Settings".
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa "Save":
"Spyware, Adware, Dialers, and other potentially dangerous programs"
"Archives"
"Mail databases"

* Klikkaa Oma Tietokone, "My Computer" "Scan"-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa "View Scan Report".
* Näet listan saastuneista kohteista. Klikkaa "Save Report As...".
* Tallenna tiedosto työpöydällesi. Muuta "Tiedostotyyppi/Files of type" muotoon "Tekstitiedosto/Text file(.txt)" ennen kuin klikkaat "Save".
* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

 

Siinä se raksutti kolmisen tuntia taas. Tässä lokit.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, May 21, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 21, 2009 12:35:56
Records in database: 2209486
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 88151
Threat name: 2
Infected objects: 14
Suspicious objects: 0
Duration of the scan: 03:31:55


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\mopifobi.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthbivpqriuyxeclvssvqjtbpvpbboimebv.dll.vir Infected: Trojan.Win32.Tdss.aalc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pozihibi.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rifofune.dll.vir Infected: Packed.Win32.Krap.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wibopovo.dll.vir Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP942\A0274428.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275468.dll Infected: Trojan.Win32.Tdss.aalc 1
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275471.dll Infected: Trojan.Win32.Tdss.aalc 1
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP943\A0275474.dll Infected: Trojan.Win32.Tdss.aalc 1
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP944\A0275768.dll Infected: Trojan.Win32.Tdss.aalc 1
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP944\A0275776.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP944\A0275778.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP944\A0275779.dll Infected: Packed.Win32.Krap.q 1
C:\System Volume Information\_restore{F1864305-6FE3-4209-A1F2-08CE65463C62}\RP944\A0275781.dll Infected: Packed.Win32.Krap.q 1

The selected area was scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:46, on 21.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Asta\Local Settings\temp\jkos-Asta\binaries\ScanningProcess.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\apvxdwin.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe
C:\HIJACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 13306 bytes

 

Seuraavaksi poistamme kaikki käytetyt työkalut.

Lataa OTCleanItja tallenna se työpöydällesi.

http://download.bleepingcomputer.com/oldtimer/OTC.exe

Tuplaklikkaa OTCleanIt.exe.
Klikkaa "CleanUp!".
Valitse "Yes" kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudelleen, valitse "Yes".
OTCleanIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

Puhdasta tuli, hyvä.
Tässä pieni ohje, kuinka pienennetään koneen saastumisriskiä

-> Tyhjennä järjestelmänpalautus -> Ohjeet Windows ME - XP
Ohjeet Windows Vista
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. Ohjelman saa suomenkieliseksi.
Opas saatavilla suomeksi! opas.

-> Käytä Malwarebytes' Anti-Malwarea -> Malwarebytes' Anti-Malware
Lataa ja asenna Malwarebytes' Anti-Malware. Päivitä se ja skannaa konettasi sillä säännöllisesti. Ohjelman saa suomenkieliseksi.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

-> Nopeuta tietokonettasi -> Nopeuta tietokonetta -opas
Tietokoneen hidastuminen voi johtua monesta asiasta, mutta yleisesti Keskusmuistin määrästä, Automaattisesti käynnistyvien ohjelmien määrästä, liiallisesta suojauksesta, ylimääräisten tiedostojen poistamattomuudesta taikka levyn pirtoutuneisuudesta. Nekon ohjeista löytyvät helpot ohjeet koneesi kuntoutukseen.

Pysy puhtaana

 

Kiitoksia ihan hirvittävästi vaivannäöstä! Muuta en osaa sanoa. Tämä kone ei ole koskaan ennen ollut näin sekaisin. Mukavaa Kesän jatkoa!

 

Oli ilo olla avuksi. Kyllä tollanen pöpölauma saa koneen toimimaan pahoin useasti