Task manager ei toimi, levyn eheytys ei toimi, laitehallinta ei toimi, näyttö pätkii..Kaikki tuli oikeastaan kerralla, joten helpoin selitys olis jonkin sortin möttiäinen koneessa. Avast, windows defender tai Ad-aware ei auttanu, mut toivottavasti joku teistä osais auttaa. Tässä olis hijackthis-log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:19:57, on 7.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\pdbconf32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\WINDOWS\Explorer.EXE c:\fo-rpd9.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\Helper\1202393491.dll" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/fileshari ngctrl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site .cab?1134468695734 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{22F6E289-C713-4BEC-923A-BA3A53CBCEC4}: NameServer = 86.50.0.40,193.166.95.40,193.166.234.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{22F6E289-C713-4BEC-923A-BA3A53CBCEC4}: NameServer = 86.50.0.40,193.166.95.40,193.166.234.15 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: pdbconf32 - Unknown owner - C:\WINDOWS\pdbconf32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8824 bytes
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera. ======== 1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Tässä uusin HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:15, on 2008-02-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\pdbconf32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\Helper\1202414734.dll" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134468695734 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{22F6E289-C713-4BEC-923A-BA3A53CBCEC4}: NameServer = 86.50.0.40,193.166.95.40,193.166.234.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{22F6E289-C713-4BEC-923A-BA3A53CBCEC4}: NameServer = 86.50.0.40,193.166.95.40,193.166.234.15 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: pdbconf32 - Unknown owner - C:\WINDOWS\pdbconf32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8846 bytes Sitten report.txt: SDFix: Version 1.138 Run by Juha-Matti Hiltunen on pe 08.02.2008 at 12:47 Microsoft Windows XP [versio 5.1.2600] Running From: C:\DOCUME~1\JUHA-M~1\TYPYT~1\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\Program Files\Helper\1202393491.dll - Deleted C:\Program Files\Helper\1202414697.dll - Deleted C:\Program Files\Helper\1202414734.dll - Deleted Folder C:\Program Files\Helper - Removed Removing Temp Files... ADS Check: Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 13:14:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41] "ujdew"=hex:20,02,00,00,b1,27,2f,e2,11,79,41,b7,e0,cb,7e,55,83,a7,3d,1c,7a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg42] "ujdew"=hex:20,02,00,00,81,09,6e,98,81,c6,9b,de,50,0a,77,40,b3,4f,b8,e3,aa,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg43] "ujdew"=hex:20,02,00,00,1a,08,6e,98,ac,f7,72,47,9f,f8,1e,de,46,ca,0e,2c,71,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2] "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft (R) HTML Application host" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:EnabledNA" "C:\\Program Files\\BitTorrent2\\bittorrent.exe"="C:\\Program Files\\BitTorrent2\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\BitTorrent3\\bittorrent.exe"="C:\\Program Files\\BitTorrent3\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\DOCUME~1\JUHA-M~1\TYPYT~1\SDFix\backups\backups.zip Files with Hidden Attributes: Sat 26 Jan 2008 1,451,008 ..SHR --- "C:\WINDOWS\pdbconf32.exe" Tue 10 Oct 2006 88 ..SHR --- "C:\WINDOWS\system32\8C2FD8FBB0.sys" Tue 10 Oct 2006 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Mon 23 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 15 Nov 2005 78,104 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe" Tue 15 Nov 2005 12,912 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll" Tue 21 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT6.tmp" Wed 16 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT3.tmp" Finished! Ja vielä combofix: ComboFix 08-02.05.3 - Juha-Matti Hiltunen 2008-02-08 14:03:46.2 - NTFSx86 Running from: C:\Documents and Settings\Juha-Matti Hiltunen\Työpöytä\ComboFix(2).exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-08 to 2008-02-08 ))))))))))))))))) . 2008-02-08 14:02 . 2008-02-08 14:10 <KANSIO> d-------- C:\ComboFix(2) 2008-02-08 13:38 . 2008-02-08 13:48 <KANSIO> d-------- C:\QooBox 2008-02-08 13:38 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe 2008-02-08 13:38 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe 2008-02-08 13:38 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe 2008-02-08 13:38 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe 2008-02-08 13:38 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe 2008-02-08 13:38 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe 2008-02-08 13:38 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe 2008-02-08 13:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-02-08 13:38 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe 2008-02-08 13:37 . 2004-09-15 14:00 390,656 --a------ C:\WINDOWS\system32\kmd.exe 2008-02-08 12:43 . 2008-02-08 12:44 <KANSIO> d-------- C:\WINDOWS\ERUNT 2008-02-07 23:37 . 2008-02-07 23:37 122 --a------ C:\WINDOWS\WA.INI 2008-02-07 21:19 . 2008-02-07 21:19 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-02-07 16:12 . 2008-02-07 16:12 <KANSIO> d-------- C:\Program Files\TweakNow RegCleaner Professional 2008-02-07 16:11 . 2008-02-07 16:11 35,064,312 --a------ C:\fo-rpd9.exe 2008-02-07 14:22 . 2008-02-07 14:22 0 --a------ C:\WINDOWS\system32\history.aaw 2008-02-07 00:18 . 2008-02-07 00:18 <KANSIO> d-------- C:\Program Files\Windows Defender 2008-02-06 23:46 . 2008-02-06 23:46 <KANSIO> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-06 23:46 . 2008-02-06 23:48 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-06 23:46 . 2008-02-06 23:48 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-06 23:46 . 2008-02-06 23:48 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-06 21:29 . 2008-02-06 21:29 34,308 --a------ C:\WINDOWS\system32\BASSMOD.dll 2008-02-06 21:26 . 2008-02-06 21:26 <KANSIO> d-------- C:\Program Files\TechTracker 2008-02-06 13:31 . 2008-02-06 14:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-06 13:21 . 2008-02-06 13:21 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-06 00:28 . 2008-02-06 22:51 <KANSIO> d-------- C:\dvbdream 2008-02-06 00:02 . 2006-09-28 11:47 283,776 --a------ C:\WINDOWS\system32\drivers\AF15BDA.sys 2008-02-05 20:46 . 2008-02-05 21:36 33 --a------ C:\ProgDVB.ini 2008-02-05 19:58 . 2008-02-05 19:58 <KANSIO> d-------- C:\WINDOWS\nview 2008-02-05 19:58 . 2008-02-06 12:11 163,353 --a------ C:\WINDOWS\system32\nvapps.xml 2008-02-05 19:58 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-02-05 18:52 . 2008-02-05 18:58 <KANSIO> d-------- C:\Program Files\DVBViewer 2008-02-05 18:52 . 2008-02-05 18:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\CMUV 2008-02-05 17:13 . 2008-02-05 17:18 <KANSIO> d-------- C:\Documents and Settings\Juha-Matti Hiltunen\Application Data\ArcSoft 2008-02-05 17:13 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2008-02-05 17:10 . 2006-10-23 16:03 28,672 --a------ C:\WINDOWS\system32\AF15BDAEX.dll 2008-02-05 17:10 . 2007-07-25 07:26 126 --a------ C:\WINDOWS\system32\AF15IRTBL.bin 2008-02-05 14:19 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-02-05 14:16 . 2007-12-05 01:41 7,435,392 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-02-05 14:16 . 2007-12-05 01:41 7,435,392 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys 2008-02-05 14:16 . 2007-12-05 01:41 5,773,568 --a------ C:\WINDOWS\system32\nv4_disp.dll 2008-02-05 14:16 . 2007-12-05 01:41 5,773,568 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2008-02-04 12:56 . 2008-02-07 13:27 <KANSIO> d-------- C:\Documents and Settings\Juha-Matti Hiltunen\Application Data\DisplayTune 2008-02-04 12:46 . 2004-08-04 01:56 1,392,671 --a------ C:\WINDOWS\msvbvm60.dll 2008-02-04 12:46 . 2002-01-05 04:40 487,424 --a------ C:\WINDOWS\msvcp70.dll 2008-02-04 12:46 . 2002-01-05 04:37 344,064 --a------ C:\WINDOWS\msvcr70.dll 2008-01-29 19:29 . 2008-01-26 23:43 1,451,008 -r-hs---- C:\WINDOWS\pdbconf32.exe 2008-01-29 16:04 . 2008-01-29 16:04 <KANSIO> d-------- C:\Documents and Settings\Juha-Matti Hiltunen\Application Data\Steinberg 2008-01-29 11:11 . 2008-01-29 11:11 <KANSIO> d-------- C:\Program Files\Native Instruments 2008-01-29 11:07 . 2008-01-29 11:07 <KANSIO> d-------- C:\Program Files\FXpansion 2008-01-29 11:07 . 2008-01-29 11:07 <KANSIO> d-------- C:\Program Files\Common Files\Digidesign 2008-01-29 11:04 . 2008-02-07 00:26 <KANSIO> d-------- C:\Program Files\Steinberg 2008-01-29 11:04 . 2005-06-04 09:08 487,936 --a------ C:\WINDOWS\system32\rmbe3260.dll 2008-01-29 11:04 . 2005-06-04 09:09 352,768 --a------ C:\WINDOWS\system32\pngu3263.dll 2008-01-29 11:02 . 2008-02-07 00:24 <KANSIO> d-------- C:\Program Files\Syncrosoft 2008-01-29 11:02 . 2005-10-23 00:00 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys 2008-01-29 11:02 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys 2008-01-27 19:15 . 2008-01-27 19:39 <KANSIO> d-------- C:\Documents and Settings\Juha-Matti Hiltunen\Application Data\BSplayer PRO 2008-01-22 16:47 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-01-22 16:47 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-01-22 16:47 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2008-01-22 16:47 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-01-22 16:47 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2008-01-22 16:47 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-01-22 16:47 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-01-22 16:47 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2008-01-22 16:39 . 2008-01-22 16:39 32 --a------ C:\WINDOWS\WDIRECT.INI 2008-01-22 16:25 . 2008-02-07 00:03 <KANSIO> d-------- C:\TEMP 2008-01-18 16:21 . 2008-01-18 16:21 1,594,556 --a------ C:\WINDOWS\WANEUninstaller.exe 2008-01-18 16:15 . 2008-01-18 16:15 <KANSIO> d-------- C:\Games 2008-01-16 16:31 . 2008-01-16 16:31 <KANSIO> d-------- C:\Program Files\T6 2008-01-16 16:31 . 2008-01-16 16:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\T6 2008-01-09 14:13 . 2008-01-16 15:38 38 --a------ C:\WINDOWS\avisplitter.INI . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-08 12:01 --------- d-----w C:\Program Files\Mozilla Firefox 2008-02-08 11:55 2,097,152,000 --sha-w C:\pagefile.sys 2008-02-07 20:04 --------- d-----w C:\Documents and Settings\Juha-Matti Hiltunen\Application Data\BitTorrent 2008-02-07 12:51 --------- d-----w C:\Program Files\Common Files 2008-02-07 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-06 12:05 --------- d-----w C:\Program Files\Lavasoft 2008-02-06 12:05 --------- d-----w C:\Documents and Settings\Juha-Matti Hiltunen\Application Data\Lavasoft 2008-02-04 19:41 --------- d-----w C:\Program Files\SpeedFan 2008-02-03 09:34 --------- d-----w C:\Program Files\DC++ 2008-01-30 09:13 --------- d-----w C:\Program Files\WinRAR 2008-01-29 17:57 --------- d-----w C:\Program Files\Winamp 2008-01-27 17:15 --------- d-----w C:\Program Files\Webteh 2008-01-22 14:27 --------- d-----w C:\Program Files\Rockstar Games 2008-01-21 20:35 --------- d-----w C:\Program Files\Guitar Pro 4 2008-01-12 23:04 --------- d-----w C:\Documents and Settings\Juha-Matti Hiltunen\Application Data\Winamp 2008-01-02 18:21 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe 2007-12-18 17:39 --------- d-----w C:\Program Files\Guitar Pro 5 2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-12 16:03 --------- d-----w C:\Program Files\Internet Explorer 2007-12-11 22:38 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-11 22:37 --------- d-----w C:\Program Files\ffdshow 2007-12-10 21:34 --------- d-----w C:\Program Files\Java 2007-12-10 17:44 --------- d-----w C:\Program Files\MSECache 2007-12-10 17:44 --------- d-----w C:\Program Files\Microsoft Office 2007-12-10 17:44 --------- d-----w C:\Program Files\Common Files\Microsoft Shared 2007-12-05 00:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-04 23:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-04 23:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-04 23:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-04 23:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-04 23:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-04 23:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-04 23:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-04 23:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-04 23:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-04 23:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-04 23:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-04 23:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-04 23:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-04 23:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-04 23:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-04 23:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-04 23:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-04 23:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-04 23:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-04 23:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-04 23:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-04 23:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-04 23:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-04 23:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-04 23:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-04 23:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-04 23:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-11-13 11:31 60,416 ------w C:\WINDOWS\system32\tzchange.exe 2007-08-20 14:33 63,384 ----a-w C:\Documents and Settings\Juha-Matti Hiltunen\Application Data\GDIPFONTCACHEV1.DAT 2006-08-03 20:35 14 ----a-w C:\Program Files\scorpions 2005-09-24 14:18 22,211 ----a-w C:\Program Files\augly6.JPG 2006-10-10 15:00 88 --sh--r C:\WINDOWS\system32\8C2FD8FBB0.sys 2006-10-10 15:01 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 09:06 700416] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-25 18:42 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112] "P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll] "SoundMan"="SOUNDMAN.EXE" [2005-02-23 19:13 77824 C:\WINDOWS\SOUNDMAN.EXE] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54 241664] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 13:06 79224] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] "NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2007-11-12 15:43 823296] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "tempreg"="regsvr32 /s C:\Program Files\Helper\1202414734.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) R2 pdbconf32;pdbconf32;"C:\WINDOWS\pdbconf32.exe" [2008-01-26 23:43] R3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2006-09-28 11:47] S3 gAGP440p;gAGP440p;C:\DOCUME~1\JUHA-M~1\LOCALS~1\Temp\gAGP440p.sys [] S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [] S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [2007-06-04 16:14] S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2007-06-04 16:14] S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2007-06-04 16:14] S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2007-06-04 16:14] S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys [2007-06-04 16:14] . 'Ajoitetut tehtävät'-kansion sisältö "2008-02-08 11:59:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 14:10:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\NetLimiter\nl_lsp.dll -> C:\WINDOWS\system32\nl_msgc.dll .
Otas uudestaan uusi hjt:n loki ============= Ohje AVG:n Anti-Spyware 7.5:n käyttöön Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa. Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta Lataa AVG:n Anti-Spyware 7.5:n ja tallenna ohjelma työpöydällesi. o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. o Käynnistä AVG:n Anti-Spyware. o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". o Sitten "Reports" valikon alta: o Laita täppi kohtaan "Automatically generate report after every scan" o Ota täppi pois kohdasta"Only if threats were found" o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa o "Resident shield is", muuta tila active:sta inactive:ksi o Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä koneesi vikasietotilaan, sammuta ja käynnistä käynnistyksen yhteydessä naputtele F8 valitse nuoli näppäimellä vikasietotila paina enter ja enter Toisissa koneissa paukutetaan F8:sin sijasta F5:tä HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta. o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware. o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi. =============== Lataa: RegSeeker.zip työpöydälle: Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman. Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen. Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken). Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin. Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK". Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK". Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.
Niin ja siis suoritin testit samassa järjestyksessä kun edellä neuvottiin. Logit on eri järjestyksessä viestissäni.
scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\Helper\1202414734.dll"
Ongelma korjattu. Ongelma oli pdbconf32.exe. Ilmeisesti jonkin sortin malware: http://www.scanspyware.net/info/Themida.A.htm
