Elikkä tollane tuli sitten jostaki kummasta hankittua itelle. Tällä hetkellä on menos AntiVirin skanni, niin voin kopioida sen skannin reportin tähä kuha se on menny. Kaikki apu otetaan iloisin mielin vastaan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:05:26, on 8.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Sygate Personal Firewall\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe c:\program files\antivir personaledition classic\avcenter.exe C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1\smc.exe -startgui O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [274015ae] rundll32.exe "C:\WINDOWS\system32\xiwlftvm.dll",b O4 - HKLM\..\Run: [BM24732632] Rundll32.exe "C:\WINDOWS\system32\dihilukv.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Acrobat Reader 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate Personal Firewall\smc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing) -- End of file - 8678 bytes Ja antivir vielä: Avira AntiVir Personal Report file date: 8. kesäkuuta 2008 21:58 Scanning for 1313263 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: HUTTU-UUB0PHRM8 Version information: BUILD.DAT : 8.1.0.308 16478 Bytes 28.5.2008 17:03:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 20.4.2008 13:21:50 AVSCAN.DLL : 8.1.1.0 53505 Bytes 20.4.2008 13:21:50 LUKE.DLL : 8.1.2.9 151809 Bytes 20.4.2008 13:21:52 LUKERES.DLL : 8.1.2.1 12033 Bytes 20.4.2008 13:21:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.7.2007 19:38:38 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7.3.2008 19:21:40 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 1.6.2008 18:39:30 ANTIVIR3.VDF : 7.0.4.156 144896 Bytes 6.6.2008 14:25:24 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 20.4.2008 13:21:54 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 7.6.2008 14:25:30 AESCN.DLL : 8.1.0.21 119156 Bytes 7.6.2008 14:25:30 AERDL.DLL : 8.1.0.20 418165 Bytes 25.4.2008 16:25:58 AEPACK.DLL : 8.1.1.5 364918 Bytes 17.5.2008 10:19:26 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20.4.2008 13:21:54 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 7.6.2008 14:25:30 AEHELP.DLL : 8.1.0.15 115063 Bytes 30.5.2008 18:38:36 AEGEN.DLL : 8.1.0.28 307572 Bytes 7.6.2008 14:25:26 AEEMU.DLL : 8.1.0.6 430451 Bytes 8.5.2008 16:26:22 AECORE.DLL : 8.1.0.31 168310 Bytes 7.6.2008 14:25:26 AVWINLL.DLL : 1.0.0.7 14593 Bytes 20.4.2008 13:21:50 AVPREF.DLL : 8.0.0.1 25857 Bytes 20.4.2008 13:21:50 AVREP.DLL : 7.0.0.1 155688 Bytes 24.4.2007 04:46:22 AVREG.DLL : 8.0.0.0 30977 Bytes 20.4.2008 13:21:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 20.4.2008 13:21:50 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20.4.2008 13:21:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 20.4.2008 13:21:52 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20.4.2008 13:21:52 NETNT.DLL : 8.0.0.1 7937 Bytes 20.4.2008 13:21:52 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20.4.2008 13:21:46 RCTEXT.DLL : 8.0.32.0 86273 Bytes 20.4.2008 13:21:46 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 8. kesäkuuta 2008 21:58 The scan of running processes will be started Scan process 'AVSCAN.EXE' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned Scan process 'CTDetect.exe' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'AVGAS.EXE' - '1' Module(s) have been scanned Scan process 'DAEMON.EXE' - '1' Module(s) have been scanned Scan process 'CamTray.exe' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'InCD.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'GUARD.EXE' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'Smc.exe' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'F:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '33' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\mlJBsQIA.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file could not be deleted! C:\WINDOWS\system32\drivers\sptd8893.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\dtscsi.sys [WARNING] The file could not be opened! C:\Documents and Settings\Toni\Local Settings\Temporary Internet Files\Content.IE5\HDSWGMOX\kb713501[1] [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was deleted! C:\Documents and Settings\Toni\Local Settings\Temporary Internet Files\Content.IE5\CRKG7SC1\kb516107[1] [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was deleted! C:\System Volume Information\_restore{D99B6417-5678-474B-97D4-1F3FADD4C838}\RP681\A0184937.DLL [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was deleted! Begin scan in 'F:\' <HD-HSU2> End of the scan: 8. kesäkuuta 2008 23:00 Used time: 1:02:12 min The scan has been done completely. 10176 Scanning directories 535676 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 3 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 4 Files cannot be scanned 535672 Files not concerned 8661 Archives were scanned 5 Warnings 3 Notes
Lataa TÄSTÄ VundoFix.exe työpöydällesi. Tupla-klikkaa VundoFix.exe ajaaksesi sen. Klikkaa Scan for Vundo valintaa. Kun skannaus on valmis, klikkaa Fix Vundo valintaa. Sinulta kysytään haluatko poistaa filut - klikkaa YES. Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä. =============== 1.Lataa combofix.exe työpöydällesi yhdestä linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ========== Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi.
Malwarebytes' Anti-Malware 1.15 Tietokantaversio: 843 22:34:14 2008-06-09 mbam-log-6-9-2008 (22-34-14).txt Tarkistustyyppi: Täysi tarkistus (C:\|F:\|) Tarkistetut kohteet: 181094 Kulunut aika: 1 hour(s), 7 minute(s), 24 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 8 Saastuneita rekisteriarvoja: 1 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 5 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM24732632 (Trojan.Agent) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\Program Files\mIRC\mirc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D99B6417-5678-474B-97D4-1F3FADD4C838}\RP682\A0185007.DLL (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D99B6417-5678-474B-97D4-1F3FADD4C838}\RP683\A0185027.DLL (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\ptnbjjpw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Ja sitte tän jälkee HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:34, on 2008-06-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Sygate Personal Firewall\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Adobe Acrobat Reader 7.0\Reader\AcroRd32.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {03FC54CD-174A-46EC-A65E-500783795A1A} - C:\WINDOWS\system32\opnmJaYP.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {48db2fcd-4a3c-cbca-1694-5ff9cac40b8a} - {a8b04cac-9ff5-4961-acbc-c3a4dcf2bd84} - C:\WINDOWS\system32\egcmhljg.dll (file missing) O2 - BHO: (no name) - {EE317438-42B3-4F2A-A3D7-8B2629BE70EC} - C:\WINDOWS\system32\mlJBsQIA.dll (file missing) O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1\smc.exe -startgui O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Acrobat Reader 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate Personal Firewall\smc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing) -- End of file - 8793 bytes
scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {03FC54CD-174A-46EC-A65E-500783795A1A} - C:\WINDOWS\system32\opnmJaYP.dll (file missing) O2 - BHO: {48db2fcd-4a3c-cbca-1694-5ff9cac40b8a} - {a8b04cac-9ff5-4961-acbc-c3a4dcf2bd84} - C:\WINDOWS\system32\egcmhljg.dll (file missing) O2 - BHO: (no name) - {EE317438-42B3-4F2A-A3D7-8B2629BE70EC} - C:\WINDOWS\system32\mlJBsQIA.dll (file missing) O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized =============== vedäs toi combofix ja vundofix
ComboFix 08-06-08.8 - Toni 2008-06-09 23:06:22.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.577 [GMT 3:00] Running from: C:\Documents and Settings\Toni\Työpöytä\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-09 to 2008-06-09 ))))))))))))))))) . 2008-06-09 21:24 . 2008-06-09 21:24 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-09 21:24 . 2008-06-09 21:24 <KANSIO> d-------- C:\Documents and Settings\Toni\Application Data\Malwarebytes 2008-06-09 21:24 . 2008-06-09 21:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-09 21:24 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-09 21:24 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-09 21:04 . 2008-06-09 21:04 <KANSIO> d-------- C:\Documents and Settings\Iskõ 2008-06-09 20:29 . 2008-06-09 20:29 <KANSIO> d-------- C:\VundoFix Backups 2008-06-09 20:25 . 2008-06-09 20:25 8 --a------ C:\WINDOWS\system32\27400720 2008-06-08 22:05 . 2008-06-08 22:05 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-06-07 14:48 . 2008-06-07 14:48 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-06-06 14:30 . 2008-06-06 14:30 <KANSIO> d-------- C:\Program Files\TuneUp Utilities 2008 2008-06-06 14:30 . 2008-06-06 14:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-06-06 14:30 . 2008-06-06 14:30 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-06-06 14:30 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-05-26 20:11 . 2008-05-26 20:11 <KANSIO> d-------- C:\Program Files\Pekka Kana 2 2008-05-16 12:40 . 2008-05-16 12:40 <KANSIO> d-------- C:\Program Files\MSXML 4.0 2008-05-14 18:46 . 2008-05-14 18:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 2008-05-14 18:30 . 2008-05-14 18:30 <KANSIO> d-------- C:\Program Files\Microsoft Games 2008-05-14 16:29 . 2008-05-14 16:29 268 --ah----- C:\sqmdata02.sqm 2008-05-14 16:29 . 2008-05-14 16:29 244 --ah----- C:\sqmnoopt02.sqm 2008-05-14 14:52 . 2008-05-14 14:52 <KANSIO> d-------- C:\Program Files\TryMedia 2008-05-14 14:50 . 2008-05-14 14:50 <KANSIO> d-------- C:\Program Files\Team17 2008-05-13 14:57 . 2008-05-13 14:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\phenomedia 2008-05-13 14:56 . 2008-05-13 14:56 <KANSIO> d-------- C:\Program Files\phenomedia 2008-05-13 04:53 . 2008-05-13 04:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-05-13 04:53 . 2008-05-13 04:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-05-13 04:53 . 2008-05-13 04:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-05-13 04:51 . 2008-05-13 04:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-05-13 04:51 . 2008-05-13 04:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-05-13 04:49 . 2008-05-13 04:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-05-13 04:49 . 2008-05-13 04:49 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-05-13 04:49 . 2008-05-13 04:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-13 04:49 . 2008-05-13 04:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-09 13:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-09 13:11 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-05-07 19:08 --------- d-----w C:\Documents and Settings\Toni\Application Data\InstallShield Installation Information 2008-04-28 11:14 21,680 ----a-w C:\Documents and Settings\Toni\Application Data\GDIPFONTCACHEV1.DAT 2008-04-09 12:01 --------- d-----w C:\Documents and Settings\Iskä\Application Data\Grisoft 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2001-08-27 21:09 393,728 ----a-w C:\Documents and Settings\Toni\lxope320.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-09_21.03.57,12 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-09 19:10:06 32,768 --sha-w C:\WINDOWS\TEMP\Cookies\index.dat + 2008-06-09 19:10:06 32,768 --sha-w C:\WINDOWS\TEMP\History\History.IE5\index.dat + 2008-06-09 19:10:06 49,152 --sha-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12 15360] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-10 16:20 1397760] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-05-25 22:02 6746112] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-05-25 22:02 86016] "SoundMan"="SOUNDMAN.EXE" [2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE] "SmcService"="C:\PROGRA~1\SYGATE~1\smc.exe" [2004-08-13 19:05 2532576] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-20 16:21 262401] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 03:02 184320] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 01:00 128920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12 15360] C:\Documents and Settings\Toni\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe Acrobat Reader 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "SENTINEL"= snti386.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\The All-Seeing Eye\\eye.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\Program Files\\VentSrv\\ventrilo_srv.exe"= "C:\\Program Files\\Teamspeak2_RC3\\server_windows.exe"= "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.EXE"= "C:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\lerssimato\\condition zero\\hl.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\lerssimato\\counter-strike\\hl.exe"= "C:\\Program Files\\Java\\jre1.5.0_06\\BIN\\javaw.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\lerssimato\\dedicated server\\hlds.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\WINDOWS\\System32\\dpvsetup.exe"= "C:\\Program Files\\Last.fm\\LastFM.exe"= "C:\\Program Files\\Java\\jre1.5.0_11\\BIN\\JAVAW.EXE"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\lerssimato\\dedicated server\\hltv.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\NEXON\\EuropeMapleStory\\Patcher.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"= "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "C:\\Program Files\\Skype\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17054:TCP"= 17054:TCP:BitComet 17054 TCP "17054:UDP"= 17054:UDP:BitComet 17054 UDP R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-20 16:21] R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-04-20 16:21] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-15 01:12] R3 bfturboh;BUFFALO TurboUSB for HD Filter;C:\WINDOWS\system32\drivers\bfturboh.sys [2007-08-02 00:04] S2 DTVCap;anysee USB Tuner(2005.10.27.AD010318);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-10-27 10:03] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [] S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-03-16 11:31] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-06 14:30] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . 'Ajoitetut tehtävät'-kansion sisältö "2008-06-09 20:00:02 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-09 23:09:14 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant] "ImagePath"="" . Completion time: 2008-06-09 23:09:43 ComboFix-quarantined-files.txt 2008-06-09 20:09:42 ComboFix2.txt 2008-06-09 18:04:16 Pre-Run: 15,696,560,128 tavua vapaana Post-Run: 15,726,936,064 tavua vapaana 162 --- E O F --- 2008-05-29 07:56:50
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23, on 2008-06-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Sygate Personal Firewall\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1\smc.exe -startgui O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Acrobat Reader 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate Personal Firewall\smc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing) -- End of file - 7664 bytes
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla 2. Valitse ominaisuudet 3. Valitse järjestelmän palauttaminen välilehti 4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Käytä 6. Paina ok 7. Sammuta ja käynnistä 8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa 9. Käytä ja OK
