Troijan Downloader

Voiskohan joku auttaa minua kun olen vähän tälläinen tonttu torvelo.
Elikkäs minulla on tuo Troijan Downloader ongelma win32.dbm tai joku semmonen tais olla useinmiten.
Tuossa kuitenki HJT ku kuitenki sitä joku tulee kysymään.

Lisäksi jatkuvasti F-secure popuppaa näytölle kyselyn "Estä tämä sovellus" "salli tämä sovellus"
c\:windows\system32\jokurandom.dll
tuon tyylisenä.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:26, on 23.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\mIRC69\mirc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMa37347ac] Rundll32.exe "C:\WINDOWS\system32\bwiywjso.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?7abcbc8f013a49858c1907d7a8a6a1cd
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?7abcbc8f013a49858c1907d7a8a6a1cd
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6450 bytes

 

Saisiko vähän tarkempaa tietoa eli mikä dll tiedosto se tarkalleen ottaen on polussa c\:windows\system32\jokurandom.dll
On helpompaa auttaa jos tietää onko osa windowsin vai jonkun viruksen aiheuttama lisäymä

 

useampi niitä on ollut kuin yksi mutta ensi kerralla kun kyseinen ikkuna taas f-securelta aukeilee niin käyn kirjottelemassa tänne tarkan nimen tiedostolle.

 

se on vundo ja se voi muuttaa nimeä joka käynnistyksen yhteydessä
uudelleen nimeä C:\HijackThis\HijackThis.exe vaikkapa husky.exe:s

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi + uusi hjt-loki(mikä on otettu uudelleennimeämisen jälkeen).
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Elikkäs nyt kuitenki eka laitan tuon mitä f-secure ilmottelee.
Järjestelmän hallinta.
Tiedot
Nimi: BMa37347ac
Tiedot: Rundll32.exe "C:\WINDOWS\system32\yxgkglwq.dll" ,s
Nimi: a0407430
Tiedot: Rundll32.exe "C:\WINDOWS\system32\quogbyle.dll" ,s

nuita kahta ainakin.

Sit virus- ja vakoilusuojaus ilmottelee.
Tietokoneessa on havaittu Troijan-Downloader.Win32.Agent.qwe virus.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45, on 2008-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\huskyjackthis\Huskyjackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?7abcbc8f013a49858c1907d7a8a6a1cd
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?7abcbc8f013a49858c1907d7a8a6a1cd
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6964 bytes



Combofix.txt tiedostoa ei kyllä minun koneelta löydy :/
Tosin C:n juureen se teki kaksi kansiota Combofix & QooBox

 

moi
ois hirmu tärkeetä löytää lokin

Sitten käytä Windowsin "Etsi" toimintoa.
Käynnistä-valikko "Etsi"
->Lisävaihtoehdot
->Raksi seuraaviin:
-Etsi järjestelmäkansioista
-Etsi piilotiedostoista ja -kansioista
-Etsi alikansioista
->Hakusanaksi ComboFix.txt

 

yritin tuota eikä sitä sillon vielä löytynyt.
Unohdin käydä kirjoittaan uudelleen eilen kun ajoin tuon combofix ohjelman uudelleen niin tämän jälkeen se teki sen login c:\combofix\combofix.txt


ComboFix 08-01-28.2 - Ismo 2008-01-28 18:54:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1010 [GMT 2:00]
Se ejecuta desde: C:\Documents and Settings\Ismo\Työpöytä\ComboFix.exe

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkkkjj.dll
C:\WINDOWS\system32\aaetekvy.dll
C:\WINDOWS\system32\adlnepwp.ini
C:\WINDOWS\system32\afawewnh.ini
C:\WINDOWS\system32\alxdoiiw.ini
C:\WINDOWS\system32\aqvhfktu.ini
C:\WINDOWS\system32\axjfdobj.ini
C:\WINDOWS\system32\aycgpgdh.dll
C:\WINDOWS\system32\bebrhpqt.dll
C:\WINDOWS\system32\beksihmo.dll
C:\WINDOWS\system32\bevuuxjr.ini
C:\WINDOWS\system32\bglritxd.dll
C:\WINDOWS\system32\brhsrhjq.dll
C:\WINDOWS\system32\btywksnu.dll
C:\WINDOWS\system32\buggxxej.dll
C:\WINDOWS\system32\bujhspsy.ini
C:\WINDOWS\system32\bwiywjso.dll
C:\WINDOWS\system32\bvwiavpu.ini
C:\WINDOWS\system32\ccaeredv.dll
C:\WINDOWS\system32\cfiormsb.dll
C:\WINDOWS\system32\dadaayed.dll
C:\WINDOWS\system32\delhuppx.dll
C:\WINDOWS\system32\dhtodgev.ini
C:\WINDOWS\system32\dknejden.ini
C:\WINDOWS\system32\dosmptxi.dll
C:\WINDOWS\system32\dugkbhhc.dll
C:\WINDOWS\system32\efbrvbrr.dll
C:\WINDOWS\system32\efeoyonm.ini
C:\WINDOWS\system32\egtukwgl.dll
C:\WINDOWS\system32\ehqxivou.dll
C:\WINDOWS\system32\elybgouq.ini
C:\WINDOWS\system32\enagawqf.ini
C:\WINDOWS\system32\evfpgwwf.dll
C:\WINDOWS\system32\ffllovtt.ini
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fnfrxbky.ini
C:\WINDOWS\system32\foxcmwgm.dll
C:\WINDOWS\system32\ftmcchwm.dll
C:\WINDOWS\system32\ghmjxjwq.dll
C:\WINDOWS\system32\ghwwmgbe.dll
C:\WINDOWS\system32\gjhtdfll.ini
C:\WINDOWS\system32\gmfpdndf.ini
C:\WINDOWS\system32\gnsvrbjl.dll
C:\WINDOWS\system32\gwataukq.dll
C:\WINDOWS\system32\gvfcwxfu.ini
C:\WINDOWS\system32\haistavittusaatana.dll
C:\WINDOWS\system32\hlwwq54kly.dll
C:\WINDOWS\system32\hmetfybr.ini
C:\WINDOWS\system32\hnwewafa.dll
C:\WINDOWS\system32\hocohwng.ini
C:\WINDOWS\system32\hoprvnhv.ini
C:\WINDOWS\system32\hrimcytq.dll
C:\WINDOWS\system32\htdupwrg.dll
C:\WINDOWS\system32\hugwukkf.dll
C:\WINDOWS\system32\igwyulca.ini
C:\WINDOWS\system32\iqnniurx.dll
C:\WINDOWS\system32\iqotkbwc.ini
C:\WINDOWS\system32\iruyugto.dll
C:\WINDOWS\system32\jbgydftl.ini
C:\WINDOWS\system32\jganrgpr.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkkkjj.dll
C:\WINDOWS\system32\jppftjhr.dll
C:\WINDOWS\system32\jxjqdhvw.dll
C:\WINDOWS\system32\klokgfir.ini
C:\WINDOWS\system32\kukflgtk.dll
C:\WINDOWS\system32\lcrcdxmj.dll
C:\WINDOWS\system32\leppiuuf.dll
C:\WINDOWS\system32\lesttqbl.dll
C:\WINDOWS\system32\liidmnpj.dll
C:\WINDOWS\system32\llfdthjg.dll
C:\WINDOWS\system32\llictisj.ini
C:\WINDOWS\system32\ltfdygbj.dll
C:\WINDOWS\system32\mbxikprl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgwmcxof.ini
C:\WINDOWS\system32\mifekjeh.ini
C:\WINDOWS\system32\mnoyoefe.dll
C:\WINDOWS\system32\mnwjhcgo.dll
C:\WINDOWS\system32\mocdvxuw.dll
C:\WINDOWS\system32\ncbuojxi.ini
C:\WINDOWS\system32\neprlkbq.dll
C:\WINDOWS\system32\nfnepfts.ini
C:\WINDOWS\system32\olfgffua.dll
C:\WINDOWS\system32\omhiskeb.ini
C:\WINDOWS\system32\ovakhpyy.dll
C:\WINDOWS\system32\owphgrsb.ini
C:\WINDOWS\system32\parkeovv.dll
C:\WINDOWS\system32\pcqwqcbl.dll
C:\WINDOWS\system32\pkohhuyv.dll
C:\WINDOWS\system32\pnlnliow.ini
C:\WINDOWS\system32\poistaavois.dll
C:\WINDOWS\system32\puksofmq.dll
C:\WINDOWS\system32\pvxosdha.dll
C:\WINDOWS\system32\qcqetyvb.ini
C:\WINDOWS\system32\qekheowm.ini
C:\WINDOWS\system32\qfxrxped.dll
C:\WINDOWS\system32\qjffjxlj.dll
C:\WINDOWS\system32\qlbssnlx.dll
C:\WINDOWS\system32\qmysevpx.dll
C:\WINDOWS\system32\quogbyle.dll
C:\WINDOWS\system32\qvinkglk.dll
C:\WINDOWS\system32\qwjxjmhg.ini
C:\WINDOWS\system32\qxjukqyv.ini
C:\WINDOWS\system32\rboyibcy.dll
C:\WINDOWS\system32\rbyftemh.dll
C:\WINDOWS\system32\rhjtfppj.ini
C:\WINDOWS\system32\rjxuuveb.dll
C:\WINDOWS\system32\rlyxamjt.dll
C:\WINDOWS\system32\rplftvkc.dll
C:\WINDOWS\system32\rqpxjbek.dll
C:\WINDOWS\system32\rtdkyyub.dll
C:\WINDOWS\system32\siasklhh.dll
C:\WINDOWS\system32\snxhhrmf.ini
C:\WINDOWS\system32\stfpenfn.dll
C:\WINDOWS\system32\tqphrbeb.ini
C:\WINDOWS\system32\ttvollff.dll
C:\WINDOWS\system32\ttxhgkpf.dll
C:\WINDOWS\system32\uaybpmva.dll
C:\WINDOWS\system32\uhclofma.dll
C:\WINDOWS\system32\unracrkd.dll
C:\WINDOWS\system32\utkfhvqa.dll
C:\WINDOWS\system32\vegdothd.dll
C:\WINDOWS\system32\wfbsnywa.dll
C:\WINDOWS\system32\vgynxaiq.dll
C:\WINDOWS\system32\wiiodxla.dll
C:\WINDOWS\system32\vjwnqfnc.ini
C:\WINDOWS\system32\vninrsdo.dll
C:\WINDOWS\system32\woilnlnp.dll
C:\WINDOWS\system32\vtmqgyrn.dll
C:\WINDOWS\system32\wvhdqjxj.ini
C:\WINDOWS\system32\wxccvlam.ini
C:\WINDOWS\system32\wxwmoetb.dll
C:\WINDOWS\system32\vyuhhokp.ini
C:\WINDOWS\system32\xjvoevhp.ini
C:\WINDOWS\system32\xnetrxcj.dll
C:\WINDOWS\system32\xobrbctc.dll
C:\WINDOWS\system32\xqcppxlw.dll
C:\WINDOWS\system32\xtebsxuw.dll
C:\WINDOWS\system32\yjxninrx.dll
C:\WINDOWS\system32\ylkqwwlh.ini
C:\WINDOWS\system32\yuskeksb.dll
C:\WINDOWS\system32\yxgkglwq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip




((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-12-28 to 2008-01-28 )))))))))))))))))
.

2008-01-26 19:10 . 2008-01-26 19:10 <KANSIO> d-------- C:\Documents and Settings\Porukat\Application Data\Grisoft
2008-01-25 05:01 . 2008-01-25 05:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2008-01-25 04:50 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-25 04:49 . 2008-01-25 04:49 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-25 04:49 . 2008-01-25 04:49 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-25 04:47 . 2008-01-25 04:49 <KANSIO> d-------- C:\Program Files\RTL Winter Sports 2008
2008-01-23 18:47 . 2008-01-23 18:49 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\Simply Super Software
2008-01-23 18:47 . 2008-01-23 18:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-23 18:47 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-23 18:47 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-23 18:47 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-23 18:47 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-23 18:47 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-21 22:04 . 2008-01-21 22:04 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\Grisoft
2008-01-21 21:53 . 2008-01-21 21:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 21:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-21 21:52 . 2008-01-28 18:45 <KANSIO> d-------- C:\huskyjackthis
2008-01-16 08:32 . 2008-01-16 08:32 294 ---hs---- C:\WINDOWS\system32\hlqkmrbv.ini
2008-01-12 10:01 . 2008-01-27 17:58 <KANSIO> d-------- C:\mIRC69
2008-01-12 10:01 . 2008-01-12 10:24 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\mIRC
2008-01-11 07:24 . 2008-01-11 07:31 70,208 --a------ C:\WINDOWS\system32\homopaskal„hevittuu.dll
2008-01-11 07:24 . 2008-01-28 18:25 16,540 --a------ C:\WINDOWS\BMa37347ac.xml
2008-01-11 07:24 . 2008-01-28 18:29 21 --a------ C:\WINDOWS\pskt.ini
2008-01-10 06:27 . 2008-01-28 18:36 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\NoNameScript
2008-01-03 21:45 . 2008-01-25 01:55 <KANSIO> d-------- C:\leffat
2008-01-02 21:09 . 2008-01-02 21:09 <KANSIO> d-------- C:\Program Files\Ventrilo
2008-01-02 21:09 . 2008-01-02 21:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 18:37 --------- d-----w C:\Documents and Settings\Ismo\Application Data\uTorrent
2008-01-25 01:18 --------- d-----w C:\Program Files\Steam
2008-01-22 15:09 98,304 ----a-w C:\WINDOWS\DUMP538e.tmp
2008-01-22 15:07 98,304 ----a-w C:\WINDOWS\DUMP57b5.tmp
2008-01-13 00:38 --------- d-----w C:\Program Files\World of Warcraft
2008-01-06 15:33 --------- d-----w C:\Documents and Settings\Porukat\Application Data\dvdcss
2008-01-04 17:43 --------- d-----w C:\Program Files\MessengerDiscovery
2008-01-03 13:02 --------- d-----w C:\Program Files\PartyGaming
2007-12-24 16:53 --------- d-----w C:\Program Files\MouseBike
2007-12-15 05:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-02 18:42 --------- d-----w C:\Program Files\Euroword2004
2007-11-30 17:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 14:20 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Sports Interactive
2007-11-30 14:17 --------- d-----w C:\Program Files\Sports Interactive
2007-11-29 02:01 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-28 19:11 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Microgaming
2007-11-14 19:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-14 19:43 389,120 ------w C:\WINDOWS\Setup1.exe
2007-04-02 15:09 10,240 --sha-w C:\WINDOWS\rnapxs\rnapxs.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2005-06-03 00:37 122929]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [2005-08-23 15:38 372736]
"PC_Fun"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhhf.dll

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-08-29 16:12]
R2 BackWeb Plug-in - 1245240;F-Secure 2006 OEM;C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE [2007-04-02 17:08]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [2007-06-18 01:27]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 11:35]
S3 MEGAUSB0101;MegawinMa100;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-03 22:58]
S3 p2pgasvc;Vertaisverkon ryhmätodennus;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 p2pimsvc;Vertaisverkon käyttäjätietojen hallinta;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 p2psvc;Vertaisverkko;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 PNRPSvc;Vertaiskoneen nimenselvitysprotokolla;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b1e3635-b016-11dc-9a1a-0013d4af575b}]
\Shell\AutoRun\command - CruzerProfile.exe /autorun

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-01-23 15:29:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 00:05:26 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt
"2008-01-28 16:23:01 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"

 

moi
onko tietoa tästä C:\WINDOWS\system32\homopaskal„hevittuu.dll

Varmistu ensin, että piilotiedostot on näkyvillä.

Piilotiedostot näkyviin

Mene --> tänne

Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.

C:\WINDOWS\BMa37347ac.xml


Lähetä skannin tulokset seuraavassa viestissäsi.

Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html




Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne + virustotal tai jotin tulos.

 

Joo on siitä tietoa =D
meni hermot ku sitä ei saanu mitenkää poistettua en muista enää sen alkuperästä nimeä...
yrittelin kaikin keinoin ite päästä aluksi eroon tuosta sitten satuin löytämään onneksi näille foorumeille.


mutta asiaan...

File: BMa37347ac.xml
Status:
OK
MD5: d2aad322ed6f5d396ade3a738ee7b30c
Packers detected:
-
Bit9 reports: File not found
Scan taken on 29 Jan 2008 22:21:53 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

 

ComboFix 08-01-28.2 - Ismo 2008-01-30 0:30:26.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1086 [GMT 2:00]
Se ejecuta desde: C:\Documents and Settings\Ismo\Työpöytä\ComboFix.exe

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkkkjj.dll
C:\WINDOWS\system32\aaetekvy.dll
C:\WINDOWS\system32\adlnepwp.ini
C:\WINDOWS\system32\afawewnh.ini
C:\WINDOWS\system32\alxdoiiw.ini
C:\WINDOWS\system32\aqvhfktu.ini
C:\WINDOWS\system32\axjfdobj.ini
C:\WINDOWS\system32\aycgpgdh.dll
C:\WINDOWS\system32\bebrhpqt.dll
C:\WINDOWS\system32\beksihmo.dll
C:\WINDOWS\system32\bevuuxjr.ini
C:\WINDOWS\system32\bglritxd.dll
C:\WINDOWS\system32\brhsrhjq.dll
C:\WINDOWS\system32\btywksnu.dll
C:\WINDOWS\system32\buggxxej.dll
C:\WINDOWS\system32\bujhspsy.ini
C:\WINDOWS\system32\bwiywjso.dll
C:\WINDOWS\system32\bvwiavpu.ini
C:\WINDOWS\system32\ccaeredv.dll
C:\WINDOWS\system32\cfiormsb.dll
C:\WINDOWS\system32\dadaayed.dll
C:\WINDOWS\system32\delhuppx.dll
C:\WINDOWS\system32\dhtodgev.ini
C:\WINDOWS\system32\dknejden.ini
C:\WINDOWS\system32\dosmptxi.dll
C:\WINDOWS\system32\dugkbhhc.dll
C:\WINDOWS\system32\efbrvbrr.dll
C:\WINDOWS\system32\efeoyonm.ini
C:\WINDOWS\system32\egtukwgl.dll
C:\WINDOWS\system32\ehqxivou.dll
C:\WINDOWS\system32\elybgouq.ini
C:\WINDOWS\system32\enagawqf.ini
C:\WINDOWS\system32\evfpgwwf.dll
C:\WINDOWS\system32\ffllovtt.ini
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fnfrxbky.ini
C:\WINDOWS\system32\foxcmwgm.dll
C:\WINDOWS\system32\ftmcchwm.dll
C:\WINDOWS\system32\ghmjxjwq.dll
C:\WINDOWS\system32\ghwwmgbe.dll
C:\WINDOWS\system32\gjhtdfll.ini
C:\WINDOWS\system32\gmfpdndf.ini
C:\WINDOWS\system32\gnsvrbjl.dll
C:\WINDOWS\system32\gwataukq.dll
C:\WINDOWS\system32\gvfcwxfu.ini
C:\WINDOWS\system32\haistavittusaatana.dll
C:\WINDOWS\system32\hlwwq54kly.dll
C:\WINDOWS\system32\hmetfybr.ini
C:\WINDOWS\system32\hnwewafa.dll
C:\WINDOWS\system32\hocohwng.ini
C:\WINDOWS\system32\hoprvnhv.ini
C:\WINDOWS\system32\hrimcytq.dll
C:\WINDOWS\system32\htdupwrg.dll
C:\WINDOWS\system32\hugwukkf.dll
C:\WINDOWS\system32\igwyulca.ini
C:\WINDOWS\system32\iqnniurx.dll
C:\WINDOWS\system32\iqotkbwc.ini
C:\WINDOWS\system32\iruyugto.dll
C:\WINDOWS\system32\jbgydftl.ini
C:\WINDOWS\system32\jganrgpr.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkkkjj.dll
C:\WINDOWS\system32\jppftjhr.dll
C:\WINDOWS\system32\jxjqdhvw.dll
C:\WINDOWS\system32\klokgfir.ini
C:\WINDOWS\system32\kukflgtk.dll
C:\WINDOWS\system32\lcrcdxmj.dll
C:\WINDOWS\system32\leppiuuf.dll
C:\WINDOWS\system32\lesttqbl.dll
C:\WINDOWS\system32\liidmnpj.dll
C:\WINDOWS\system32\llfdthjg.dll
C:\WINDOWS\system32\llictisj.ini
C:\WINDOWS\system32\ltfdygbj.dll
C:\WINDOWS\system32\mbxikprl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgwmcxof.ini
C:\WINDOWS\system32\mifekjeh.ini
C:\WINDOWS\system32\mnoyoefe.dll
C:\WINDOWS\system32\mnwjhcgo.dll
C:\WINDOWS\system32\mocdvxuw.dll
C:\WINDOWS\system32\ncbuojxi.ini
C:\WINDOWS\system32\neprlkbq.dll
C:\WINDOWS\system32\nfnepfts.ini
C:\WINDOWS\system32\olfgffua.dll
C:\WINDOWS\system32\omhiskeb.ini
C:\WINDOWS\system32\ovakhpyy.dll
C:\WINDOWS\system32\owphgrsb.ini
C:\WINDOWS\system32\parkeovv.dll
C:\WINDOWS\system32\pcqwqcbl.dll
C:\WINDOWS\system32\pkohhuyv.dll
C:\WINDOWS\system32\pnlnliow.ini
C:\WINDOWS\system32\poistaavois.dll
C:\WINDOWS\system32\puksofmq.dll
C:\WINDOWS\system32\pvxosdha.dll
C:\WINDOWS\system32\qcqetyvb.ini
C:\WINDOWS\system32\qekheowm.ini
C:\WINDOWS\system32\qfxrxped.dll
C:\WINDOWS\system32\qjffjxlj.dll
C:\WINDOWS\system32\qlbssnlx.dll
C:\WINDOWS\system32\qmysevpx.dll
C:\WINDOWS\system32\quogbyle.dll
C:\WINDOWS\system32\qvinkglk.dll
C:\WINDOWS\system32\qwjxjmhg.ini
C:\WINDOWS\system32\qxjukqyv.ini
C:\WINDOWS\system32\rboyibcy.dll
C:\WINDOWS\system32\rbyftemh.dll
C:\WINDOWS\system32\rhjtfppj.ini
C:\WINDOWS\system32\rjxuuveb.dll
C:\WINDOWS\system32\rlyxamjt.dll
C:\WINDOWS\system32\rplftvkc.dll
C:\WINDOWS\system32\rqpxjbek.dll
C:\WINDOWS\system32\rtdkyyub.dll
C:\WINDOWS\system32\siasklhh.dll
C:\WINDOWS\system32\snxhhrmf.ini
C:\WINDOWS\system32\stfpenfn.dll
C:\WINDOWS\system32\tqphrbeb.ini
C:\WINDOWS\system32\ttvollff.dll
C:\WINDOWS\system32\ttxhgkpf.dll
C:\WINDOWS\system32\uaybpmva.dll
C:\WINDOWS\system32\uhclofma.dll
C:\WINDOWS\system32\unracrkd.dll
C:\WINDOWS\system32\utkfhvqa.dll
C:\WINDOWS\system32\vegdothd.dll
C:\WINDOWS\system32\wfbsnywa.dll
C:\WINDOWS\system32\vgynxaiq.dll
C:\WINDOWS\system32\wiiodxla.dll
C:\WINDOWS\system32\vjwnqfnc.ini
C:\WINDOWS\system32\vninrsdo.dll
C:\WINDOWS\system32\woilnlnp.dll
C:\WINDOWS\system32\vtmqgyrn.dll
C:\WINDOWS\system32\wvhdqjxj.ini
C:\WINDOWS\system32\wxccvlam.ini
C:\WINDOWS\system32\wxwmoetb.dll
C:\WINDOWS\system32\vyuhhokp.ini
C:\WINDOWS\system32\xjvoevhp.ini
C:\WINDOWS\system32\xnetrxcj.dll
C:\WINDOWS\system32\xobrbctc.dll
C:\WINDOWS\system32\xqcppxlw.dll
C:\WINDOWS\system32\xtebsxuw.dll
C:\WINDOWS\system32\yjxninrx.dll
C:\WINDOWS\system32\ylkqwwlh.ini
C:\WINDOWS\system32\yuskeksb.dll
C:\WINDOWS\system32\yxgkglwq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip








((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-12-28 to 2008-01-29 )))))))))))))))))
.

2008-01-26 19:10 . 2008-01-26 19:10 <KANSIO> d-------- C:\Documents and Settings\Porukat\Application Data\Grisoft
2008-01-25 05:01 . 2008-01-25 05:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2008-01-25 04:50 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-25 04:49 . 2008-01-25 04:49 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-25 04:49 . 2008-01-25 04:49 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-25 04:47 . 2008-01-25 04:49 <KANSIO> d-------- C:\Program Files\RTL Winter Sports 2008
2008-01-23 18:47 . 2008-01-23 18:49 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\Simply Super Software
2008-01-23 18:47 . 2008-01-23 18:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-23 18:47 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-23 18:47 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-23 18:47 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-23 18:47 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-23 18:47 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-21 22:04 . 2008-01-21 22:04 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\Grisoft
2008-01-21 21:53 . 2008-01-21 21:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 21:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-21 21:52 . 2008-01-28 18:45 <KANSIO> d-------- C:\huskyjackthis
2008-01-16 08:32 . 2008-01-16 08:32 294 ---hs---- C:\WINDOWS\system32\hlqkmrbv.ini
2008-01-12 10:01 . 2008-01-28 19:03 <KANSIO> d-------- C:\mIRC69
2008-01-12 10:01 . 2008-01-12 10:24 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\mIRC
2008-01-11 07:24 . 2008-01-11 07:31 70,208 --a------ C:\WINDOWS\system32\homopaskal„hevittuu.dll
2008-01-11 07:24 . 2008-01-28 18:25 16,540 --a------ C:\WINDOWS\BMa37347ac.xml
2008-01-11 07:24 . 2008-01-28 18:29 21 --a------ C:\WINDOWS\pskt.ini
2008-01-10 06:27 . 2008-01-30 00:12 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\NoNameScript
2008-01-03 21:45 . 2008-01-29 22:02 <KANSIO> d-------- C:\leffat
2008-01-02 21:09 . 2008-01-02 21:09 <KANSIO> d-------- C:\Program Files\Ventrilo
2008-01-02 21:09 . 2008-01-02 21:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 20:18 --------- d-----w C:\Program Files\Steam
2008-01-27 18:37 --------- d-----w C:\Documents and Settings\Ismo\Application Data\uTorrent
2008-01-22 15:09 98,304 ----a-w C:\WINDOWS\DUMP538e.tmp
2008-01-22 15:07 98,304 ----a-w C:\WINDOWS\DUMP57b5.tmp
2008-01-13 00:38 --------- d-----w C:\Program Files\World of Warcraft
2008-01-11 05:31 70,208 ----a-w C:\WINDOWS\system32\homopaskalähevittuu.dll
2008-01-06 15:33 --------- d-----w C:\Documents and Settings\Porukat\Application Data\dvdcss
2008-01-04 17:43 --------- d-----w C:\Program Files\MessengerDiscovery
2008-01-03 13:02 --------- d-----w C:\Program Files\PartyGaming
2007-12-24 16:53 --------- d-----w C:\Program Files\MouseBike
2007-12-18 16:55 3,520 ----a-w C:\WINDOWS\system32\tmp.reg
2007-12-15 05:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-02 18:42 --------- d-----w C:\Program Files\Euroword2004
2007-11-30 17:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 14:20 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Sports Interactive
2007-11-30 14:17 --------- d-----w C:\Program Files\Sports Interactive
2007-11-29 02:01 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-28 19:11 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Microgaming
2007-11-14 19:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-14 19:43 389,120 ------w C:\WINDOWS\Setup1.exe
2007-11-13 22:42 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-07 09:28 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-01 10:11 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2007-04-02 15:09 10,240 --sha-w C:\WINDOWS\rnapxs\rnapxs.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2005-06-03 00:37 122929]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [2005-08-23 15:38 372736]
"PC_Fun"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhhf.dll

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-08-29 16:12]
R2 BackWeb Plug-in - 1245240;F-Secure 2006 OEM;C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE [2007-04-02 17:08]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [2007-06-18 01:27]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 11:35]
S3 MEGAUSB0101;MegawinMa100;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-03 22:58]
S3 p2pgasvc;Vertaisverkon ryhmätodennus;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 p2pimsvc;Vertaisverkon käyttäjätietojen hallinta;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 p2psvc;Vertaisverkko;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 PNRPSvc;Vertaiskoneen nimenselvitysprotokolla;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b1e3635-b016-11dc-9a1a-0013d4af575b}]
\Shell\AutoRun\command - CruzerProfile.exe /autorun

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-01-23 15:29:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 00:03:44 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt
"2008-01-29 22:23:01 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"







Tuossa vielä tuo, en tiä sit menikö ihan oikein ku siirsin sen scriptan combofix.exee:n niin se poisti koneeltani sen combofix.txt:n sit jouduin erikseen heittään combofix.exe:n päälle että sain tuon txt tiedoston taas.

 

ei menny ihan putkeen
mä laitoi nyt mukaan tuo homo tiedoston tohon poistoon

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

 

taas sama homma että poistaa vain sen combofix.txt tiedoston koneelta ku siirrän tuon scriptan exeen

 

outoa....
kokeile windows "etsi toiminto" hakusanalla combofix.txt

 

ComboFix 08-01-28.2 - Ismo 2008-01-31 21:48:01.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.794 [GMT 2:00]
Se ejecuta desde: C:\Documents and Settings\Ismo\Työpöytä\ComboFix.exe

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkkkjj.dll
C:\WINDOWS\system32\aaetekvy.dll
C:\WINDOWS\system32\adlnepwp.ini
C:\WINDOWS\system32\afawewnh.ini
C:\WINDOWS\system32\alxdoiiw.ini
C:\WINDOWS\system32\aqvhfktu.ini
C:\WINDOWS\system32\axjfdobj.ini
C:\WINDOWS\system32\aycgpgdh.dll
C:\WINDOWS\system32\bebrhpqt.dll
C:\WINDOWS\system32\beksihmo.dll
C:\WINDOWS\system32\bevuuxjr.ini
C:\WINDOWS\system32\bglritxd.dll
C:\WINDOWS\system32\brhsrhjq.dll
C:\WINDOWS\system32\btywksnu.dll
C:\WINDOWS\system32\buggxxej.dll
C:\WINDOWS\system32\bujhspsy.ini
C:\WINDOWS\system32\bwiywjso.dll
C:\WINDOWS\system32\bvwiavpu.ini
C:\WINDOWS\system32\ccaeredv.dll
C:\WINDOWS\system32\cfiormsb.dll
C:\WINDOWS\system32\dadaayed.dll
C:\WINDOWS\system32\delhuppx.dll
C:\WINDOWS\system32\dhtodgev.ini
C:\WINDOWS\system32\dknejden.ini
C:\WINDOWS\system32\dosmptxi.dll
C:\WINDOWS\system32\dugkbhhc.dll
C:\WINDOWS\system32\efbrvbrr.dll
C:\WINDOWS\system32\efeoyonm.ini
C:\WINDOWS\system32\egtukwgl.dll
C:\WINDOWS\system32\ehqxivou.dll
C:\WINDOWS\system32\elybgouq.ini
C:\WINDOWS\system32\enagawqf.ini
C:\WINDOWS\system32\evfpgwwf.dll
C:\WINDOWS\system32\ffllovtt.ini
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fnfrxbky.ini
C:\WINDOWS\system32\foxcmwgm.dll
C:\WINDOWS\system32\ftmcchwm.dll
C:\WINDOWS\system32\ghmjxjwq.dll
C:\WINDOWS\system32\ghwwmgbe.dll
C:\WINDOWS\system32\gjhtdfll.ini
C:\WINDOWS\system32\gmfpdndf.ini
C:\WINDOWS\system32\gnsvrbjl.dll
C:\WINDOWS\system32\gwataukq.dll
C:\WINDOWS\system32\gvfcwxfu.ini
C:\WINDOWS\system32\haistavittusaatana.dll
C:\WINDOWS\system32\hlwwq54kly.dll
C:\WINDOWS\system32\hmetfybr.ini
C:\WINDOWS\system32\hnwewafa.dll
C:\WINDOWS\system32\hocohwng.ini
C:\WINDOWS\system32\hoprvnhv.ini
C:\WINDOWS\system32\hrimcytq.dll
C:\WINDOWS\system32\htdupwrg.dll
C:\WINDOWS\system32\hugwukkf.dll
C:\WINDOWS\system32\igwyulca.ini
C:\WINDOWS\system32\iqnniurx.dll
C:\WINDOWS\system32\iqotkbwc.ini
C:\WINDOWS\system32\iruyugto.dll
C:\WINDOWS\system32\jbgydftl.ini
C:\WINDOWS\system32\jganrgpr.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkkkjj.dll
C:\WINDOWS\system32\jppftjhr.dll
C:\WINDOWS\system32\jxjqdhvw.dll
C:\WINDOWS\system32\klokgfir.ini
C:\WINDOWS\system32\kukflgtk.dll
C:\WINDOWS\system32\lcrcdxmj.dll
C:\WINDOWS\system32\leppiuuf.dll
C:\WINDOWS\system32\lesttqbl.dll
C:\WINDOWS\system32\liidmnpj.dll
C:\WINDOWS\system32\llfdthjg.dll
C:\WINDOWS\system32\llictisj.ini
C:\WINDOWS\system32\ltfdygbj.dll
C:\WINDOWS\system32\mbxikprl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgwmcxof.ini
C:\WINDOWS\system32\mifekjeh.ini
C:\WINDOWS\system32\mnoyoefe.dll
C:\WINDOWS\system32\mnwjhcgo.dll
C:\WINDOWS\system32\mocdvxuw.dll
C:\WINDOWS\system32\ncbuojxi.ini
C:\WINDOWS\system32\neprlkbq.dll
C:\WINDOWS\system32\nfnepfts.ini
C:\WINDOWS\system32\olfgffua.dll
C:\WINDOWS\system32\omhiskeb.ini
C:\WINDOWS\system32\ovakhpyy.dll
C:\WINDOWS\system32\owphgrsb.ini
C:\WINDOWS\system32\parkeovv.dll
C:\WINDOWS\system32\pcqwqcbl.dll
C:\WINDOWS\system32\pkohhuyv.dll
C:\WINDOWS\system32\pnlnliow.ini
C:\WINDOWS\system32\poistaavois.dll
C:\WINDOWS\system32\puksofmq.dll
C:\WINDOWS\system32\pvxosdha.dll
C:\WINDOWS\system32\qcqetyvb.ini
C:\WINDOWS\system32\qekheowm.ini
C:\WINDOWS\system32\qfxrxped.dll
C:\WINDOWS\system32\qjffjxlj.dll
C:\WINDOWS\system32\qlbssnlx.dll
C:\WINDOWS\system32\qmysevpx.dll
C:\WINDOWS\system32\quogbyle.dll
C:\WINDOWS\system32\qvinkglk.dll
C:\WINDOWS\system32\qwjxjmhg.ini
C:\WINDOWS\system32\qxjukqyv.ini
C:\WINDOWS\system32\rboyibcy.dll
C:\WINDOWS\system32\rbyftemh.dll
C:\WINDOWS\system32\rhjtfppj.ini
C:\WINDOWS\system32\rjxuuveb.dll
C:\WINDOWS\system32\rlyxamjt.dll
C:\WINDOWS\system32\rplftvkc.dll
C:\WINDOWS\system32\rqpxjbek.dll
C:\WINDOWS\system32\rtdkyyub.dll
C:\WINDOWS\system32\siasklhh.dll
C:\WINDOWS\system32\snxhhrmf.ini
C:\WINDOWS\system32\stfpenfn.dll
C:\WINDOWS\system32\tqphrbeb.ini
C:\WINDOWS\system32\ttvollff.dll
C:\WINDOWS\system32\ttxhgkpf.dll
C:\WINDOWS\system32\uaybpmva.dll
C:\WINDOWS\system32\uhclofma.dll
C:\WINDOWS\system32\unracrkd.dll
C:\WINDOWS\system32\utkfhvqa.dll
C:\WINDOWS\system32\vegdothd.dll
C:\WINDOWS\system32\wfbsnywa.dll
C:\WINDOWS\system32\vgynxaiq.dll
C:\WINDOWS\system32\wiiodxla.dll
C:\WINDOWS\system32\vjwnqfnc.ini
C:\WINDOWS\system32\vninrsdo.dll
C:\WINDOWS\system32\woilnlnp.dll
C:\WINDOWS\system32\vtmqgyrn.dll
C:\WINDOWS\system32\wvhdqjxj.ini
C:\WINDOWS\system32\wxccvlam.ini
C:\WINDOWS\system32\wxwmoetb.dll
C:\WINDOWS\system32\vyuhhokp.ini
C:\WINDOWS\system32\xjvoevhp.ini
C:\WINDOWS\system32\xnetrxcj.dll
C:\WINDOWS\system32\xobrbctc.dll
C:\WINDOWS\system32\xqcppxlw.dll
C:\WINDOWS\system32\xtebsxuw.dll
C:\WINDOWS\system32\yjxninrx.dll
C:\WINDOWS\system32\ylkqwwlh.ini
C:\WINDOWS\system32\yuskeksb.dll
C:\WINDOWS\system32\yxgkglwq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip










((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-12-28 to 2008-01-31 )))))))))))))))))
.

2008-01-30 22:41 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-01-30 22:11 . 2008-01-30 22:11 <KANSIO> d-------- C:\Program Files\Codemasters
2008-01-26 19:10 . 2008-01-26 19:10 <KANSIO> d-------- C:\Documents and Settings\Porukat\Application Data\Grisoft
2008-01-25 05:01 . 2008-01-25 05:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2008-01-25 04:50 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-25 04:49 . 2008-01-25 04:49 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-25 04:49 . 2008-01-25 04:49 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-25 04:47 . 2008-01-25 04:49 <KANSIO> d-------- C:\Program Files\RTL Winter Sports 2008
2008-01-23 18:47 . 2008-01-23 18:49 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\Simply Super Software
2008-01-23 18:47 . 2008-01-23 18:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-23 18:47 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-23 18:47 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-23 18:47 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-23 18:47 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-23 18:47 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-21 22:04 . 2008-01-21 22:04 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\Grisoft
2008-01-21 21:53 . 2008-01-21 21:53 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 21:53 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-21 21:52 . 2008-01-28 18:45 <KANSIO> d-------- C:\huskyjackthis
2008-01-16 08:32 . 2008-01-16 08:32 294 ---hs---- C:\WINDOWS\system32\hlqkmrbv.ini
2008-01-12 10:01 . 2008-01-31 04:11 <KANSIO> d-------- C:\mIRC69
2008-01-12 10:01 . 2008-01-12 10:24 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\mIRC
2008-01-11 07:24 . 2008-01-11 07:31 70,208 --a------ C:\WINDOWS\system32\homopaskal„hevittuu.dll
2008-01-11 07:24 . 2008-01-28 18:25 16,540 --a------ C:\WINDOWS\BMa37347ac.xml
2008-01-11 07:24 . 2008-01-28 18:29 21 --a------ C:\WINDOWS\pskt.ini
2008-01-10 06:27 . 2008-01-31 21:53 <KANSIO> d-------- C:\Documents and Settings\Ismo\Application Data\NoNameScript
2008-01-03 21:45 . 2008-01-29 22:02 <KANSIO> d-------- C:\leffat
2008-01-02 21:09 . 2008-01-02 21:09 <KANSIO> d-------- C:\Program Files\Ventrilo
2008-01-02 21:09 . 2008-01-02 21:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 18:53 . 2007-12-24 18:53 <KANSIO> d-------- C:\Program Files\MouseBike
2007-12-24 18:52 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-24 18:52 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-24 18:51 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-12-24 18:51 . 2004-08-03 23:08 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2007-12-15 15:58 . 2007-11-14 16:09 9,741,701 --a------ C:\DJ_Husky_rappid„ppi.mp3
2007-12-15 10:11 . 2007-12-15 10:11 <KANSIO> d-------- C:\Documents and Settings\Ismo\usernotes
2007-12-15 07:37 . 2008-01-04 19:43 <KANSIO> d-------- C:\Program Files\MessengerDiscovery
2007-12-15 07:37 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
2007-12-12 19:17 . 2007-12-12 19:18 <KANSIO> d-------- C:\Documents and Settings\Ismo\vw

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 19:26 --------- d-----w C:\Program Files\Steam
2008-01-31 15:02 --------- d-----w C:\Documents and Settings\Ismo\Application Data\uTorrent
2008-01-31 01:45 --------- d-----w C:\Program Files\World of Warcraft
2008-01-30 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 15:09 98,304 ----a-w C:\WINDOWS\DUMP538e.tmp
2008-01-22 15:07 98,304 ----a-w C:\WINDOWS\DUMP57b5.tmp
2008-01-06 15:33 --------- d-----w C:\Documents and Settings\Porukat\Application Data\dvdcss
2008-01-03 13:02 --------- d-----w C:\Program Files\PartyGaming
2007-12-15 05:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-02 18:42 --------- d-----w C:\Program Files\Euroword2004
2007-11-30 17:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 14:20 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Sports Interactive
2007-11-30 14:17 --------- d-----w C:\Program Files\Sports Interactive
2007-11-29 02:01 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-28 19:11 --------- d-----w C:\Documents and Settings\Ismo\Application Data\Microgaming
2007-11-14 19:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-14 19:43 389,120 ------w C:\WINDOWS\Setup1.exe
2007-04-02 15:09 10,240 --sha-w C:\WINDOWS\rnapxs\rnapxs.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2005-06-03 00:37 122929]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [2005-08-23 15:38 372736]
"PC_Fun"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhhf.dll

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-08-29 16:12]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R2 BackWeb Plug-in - 1245240;F-Secure 2006 OEM;C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE [2007-04-02 17:08]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [2007-06-18 01:27]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 11:35]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 MEGAUSB0101;MegawinMa100;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-03 22:58]
S3 p2pgasvc;Vertaisverkon ryhmätodennus;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 p2pimsvc;Vertaisverkon käyttäjätietojen hallinta;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 p2psvc;Vertaisverkko;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 PNRPSvc;Vertaiskoneen nimenselvitysprotokolla;C:\WINDOWS\system32\svchost.exe [2004-09-15 14:00]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b1e3635-b016-11dc-9a1a-0013d4af575b}]
\Shell\AutoRun\command - CruzerProfile.exe /autorun

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-01-30 15:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-31 00:04:46 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt
"2008-01-31 19:23:10 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"


tuossa kuitenki taas ku jouduin ajamaan erikseen sen combofixin ku muuten se ei sitä txt filua tehe

 

jep,sen takia se ei toimi
löytyykö se combofix.txt koneelta c juuressa tai jossain muualla senjälkeen ku olet raahannu skriptin combofix.exe:n päälle

 

eipäs löydy :/

 

perkl.....
poistetaan vanhat...

Seuraavaksi poistamme kaikki käytetyt työkalut.

Lataa OTMoveIt2 ja tallenna se työpöydällesi.

*TuplaklikkaaOTMoveIt2.exe.
*Klikkaa CleanUp!.
*Valitse Yes kun kysytään "Begin cleanup Process?".
*Jos pyydetään, että saako koneen käynnistää uudelleen, valitse Yes.
*OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt2 yrittää päästä nettin, niin anna sen päästä sinne

sitten lataat uuden combofixin,ajat sen ja lähetä loki