Elikkä kone sammuu ittekseen. esimerkiksi käynnistäessä counter strike sourcea tai gearsofwaria. account on lainassa btw (ettei tule valittamista kun on samasta aiheesta aikaisemminkin viesti... tässä hijack logia: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:49:24, on 19.9.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe E:\HYöty\zengine\Zboard.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe E:\HYöty\adware\aawservice.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE E:\HYöty\fire\firefox.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wuauclt.exe E:\HYöty\winrar\WinRAR.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {040CF5CF-AFC4-4393-B3AE-30B65A5460C4} - (no file) O2 - BHO: (no name) - {0e8b0718-51cf-465e-99d5-f8d011836710} - (no file) O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file) O2 - BHO: (no name) - {3129F2A8-8117-4E98-A529-ED4F62F51784} - (no file) O2 - BHO: (no name) - {39052663-A349-4D3A-99EB-14E269C82216} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\DWLDS\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {3E4EB4C1-821F-497A-8C4F-C833D2875DFC} - (no file) O2 - BHO: (no name) - {40170CB6-CC79-409C-8FAC-D0CBB4788D29} - (no file) O2 - BHO: (no name) - {40cde43a-f640-4777-95a6-bbbe667e5f01} - (no file) O2 - BHO: (no name) - {5a2b237c-2964-475f-bade-1772de4b4af3} - (no file) O2 - BHO: (no name) - {5B36345B-50A9-4F19-B163-EF74A3154CE1} - (no file) O2 - BHO: (no name) - {5E6026AD-23EF-4AE5-80F3-4BE4A43977F0} - (no file) O2 - BHO: (no name) - {6995B79E-22B3-454D-BFEF-26BA2BC160E6} - (no file) O2 - BHO: (no name) - {6c4a6a6d-2282-4828-92da-0c3ffee496dd} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {94dc4ef5-71f5-47d0-9e48-8ab011d83e8c} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {AC56EDFB-EC15-4F11-B890-A6692FB7E6F5} - (no file) O2 - BHO: (no name) - {b5afb124-253a-46ee-b4a7-31d0b1b5b5c5} - (no file) O2 - BHO: (no name) - {BCDA3AB1-C51E-4059-A51B-C8EE2AE9DFB9} - (no file) O2 - BHO: (no name) - {CDFDB77C-04F4-4956-BC1F-959190F4D34D} - (no file) O2 - BHO: (no name) - {DCE06FC7-3B5D-40F7-A9A2-F86A466D76F1} - (no file) O2 - BHO: (no name) - {e091722a-dd79-4721-b046-5785347180ce} - (no file) O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [DAEMON Tools] "E:\HYöty\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Zboard] E:\HYöty\zengine\Zboard.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [38740fc6] rundll32.exe "C:\WINDOWS\system32\ydmdpyvd.dll",b O4 - HKLM\..\Run: [BM3b473c5a] Rundll32.exe "C:\WINDOWS\system32\tuxwcduq.dll",s O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\HYöty\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Last.fm Helper.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Download all links using BitComet - res://E:\DWLDS\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://E:\DWLDS\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://E:\DWLDS\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{33CB88D0-AC9D-4F15-81DC-5299DE025E6A}: NameServer = 193.229.0.40,193.229.0.42 O17 - HKLM\System\CCS\Services\Tcpip\..\{3A36CBE9-11CE-40C4-8AFD-1F9694C6D0E1}: NameServer = 193.229.0.40,193.229.0.42 O17 - HKLM\System\CS1\Services\Tcpip\..\{33CB88D0-AC9D-4F15-81DC-5299DE025E6A}: NameServer = 193.229.0.40,193.229.0.42 O17 - HKLM\System\CS2\Services\Tcpip\..\{33CB88D0-AC9D-4F15-81DC-5299DE025E6A}: NameServer = 193.229.0.40,193.229.0.42 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: iifdayx - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\HYöty\adware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9477 bytes kiitos jo etukäteen
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. =============== scannaa hjt:llä merkkaa paina Fix checked O20 - Winlogon Notify: iifdayx - C:\WINDOWS\ =============== Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi
tässä combo fixin logi: ComboFix 08-09-19.06 - admin 2008-09-20 11:18:09.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.1239 [GMT 3:00] Sijainti: C:\Documents and Settings\admin\Ty”p”yt„\ComboFix.exe * Uusi palautuspiste luotu VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !! . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-20 to 2008-09-20 ))))))))))))))))) . 2008-09-19 20:37 . 2008-09-19 20:37 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-19 20:37 . 2008-09-19 20:37 <KANSIO> d-------- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com 2008-09-19 20:17 . 2008-09-19 20:17 <KANSIO> d-------- C:\VundoFix Backups 2008-09-19 20:05 . 2008-09-19 20:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-19 20:05 . 2008-09-19 20:05 <KANSIO> d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes 2008-09-19 20:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-19 20:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-19 19:48 . 2008-09-19 19:48 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-09-19 19:43 . 2008-09-19 19:43 4,096 --a------ C:\WINDOWS\system32\crash 2008-09-14 01:01 . 2008-09-14 01:01 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-09-11 13:17 . 2008-09-11 13:17 <KANSIO> d-------- C:\Documents and Settings\admin\Application Data\LaCie 2008-09-11 13:16 . 2008-09-11 13:16 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations 2008-09-08 07:30 . 2008-09-08 07:30 <KANSIO> d-------- C:\WINDOWS\system32\fi 2008-09-08 07:30 . 2008-09-08 07:30 <KANSIO> d-------- C:\WINDOWS\system32\bits 2008-09-08 07:30 . 2008-09-08 07:30 <KANSIO> d-------- C:\WINDOWS\l2schemas 2008-09-08 07:28 . 2008-09-08 07:31 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles 2008-09-08 07:23 . 2008-09-08 07:23 <KANSIO> d-------- C:\WINDOWS\EHome 2008-09-07 23:41 . 2004-09-14 16:06 326,912 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-20 08:24 91,092,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-09-20 08:22 1,227,020 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-09-19 18:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-19 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-19 17:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-19 16:32 --------- d-----w C:\Documents and Settings\admin\Application Data\Hamachi 2008-09-13 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania 2008-09-13 21:55 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-09-12 06:53 --------- d-----w C:\Documents and Settings\admin\Application Data\foobar2000 2008-09-11 16:42 --------- d-----w C:\Program Files\MSN Messenger 2008-09-08 08:28 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd6813.sys 2008-08-29 06:58 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-19 13:43 --------- d-----w C:\Program Files\Java 2008-08-02 14:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-02 14:27 --------- d-----w C:\Documents and Settings\admin\Application Data\InstallShield 2008-07-20 12:37 --------- d-----w C:\Documents and Settings\admin\Application Data\OpenOffice.org2 2008-03-06 08:08 78,676 --sha-w C:\WINDOWS\system32\lnnmp.ini2 . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 385024] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "F:\\PeLit\\FEAR\\FEAR.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "E:\\DWLDS\\BitComet\\BitComet.exe"= "E:\\DWLDS\\LimeWire\\LimeWire.exe"= "F:\\PeLit\\london\\Launcher.exe"= "F:\\PeLit\\GOW\\Binaries\\WarGame-G4WLive.exe"= "F:\\PeLit\\Warcraft III\\War3.exe"= "F:\\PeLit\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "F:\\PeLit\\homo\\HEROES3.ICD"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "F:\\PeLit\\romeTW\\RomeTW.exe"= "F:\\PeLit\\CoH\\RelicCOH.exe"= "F:\\PeLit\\GH3\\GH3.exe"= "F:\\PeLit\\css\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"= "F:\\PeLit\\css\\SteamApps\\niko_lesonen\\counter-strike\\hl.exe"= "F:\\PeLit\\ds2\\DungeonSiege2.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "F:\\PeLit\\css\\SteamApps\\niko_lesonen\\counter-strike source\\hl2.exe"= "F:\\PeLit\\css\\Steam.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22391:TCP"= 22391:TCP:BitComet 22391 TCP "22391:UDP"= 22391:UDP:BitComet 22391 UDP "23535:TCP"= 23535:TCP:BitComet 23535 TCP "23535:UDP"= 23535:UDP:BitComet 23535 UDP "6112:TCP"= 6112:TCP:Warcraft3 "6112:UDP"= 6112:UDP:Warcraft3 R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040] R3 Alpham;Ideazon Merc Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys [2006-03-12 37248] S3 dtvBDADEV;Digital TV stick USB 2.0 BDA;C:\WINDOWS\system32\Drivers\dtvbdadrv.sys [2005-07-21 62976] S3 dtvLOAD;Digital TV stick Firmware Loader;C:\WINDOWS\system32\DRIVERS\dtvloadp.sys [2005-07-21 16128] S3 PCnetHL;AMD PCnet-Home Adapter Driver;C:\WINDOWS\system32\DRIVERS\pcntn5hl.sys [2001-08-17 30282] . - - - - POISTETUT JÄMÄRIVIT - - - - BHO-{0e8b0718-51cf-465e-99d5-f8d011836710} - (no file) BHO-{3129F2A8-8117-4E98-A529-ED4F62F51784} - (no file) BHO-{39052663-A349-4D3A-99EB-14E269C82216} - (no file) BHO-{3E4EB4C1-821F-497A-8C4F-C833D2875DFC} - (no file) BHO-{40170CB6-CC79-409C-8FAC-D0CBB4788D29} - (no file) BHO-{40cde43a-f640-4777-95a6-bbbe667e5f01} - (no file) BHO-{5a2b237c-2964-475f-bade-1772de4b4af3} - (no file) BHO-{5B36345B-50A9-4F19-B163-EF74A3154CE1} - (no file) BHO-{5E6026AD-23EF-4AE5-80F3-4BE4A43977F0} - (no file) BHO-{6995B79E-22B3-454D-BFEF-26BA2BC160E6} - (no file) BHO-{6c4a6a6d-2282-4828-92da-0c3ffee496dd} - (no file) BHO-{94dc4ef5-71f5-47d0-9e48-8ab011d83e8c} - (no file) BHO-{AC56EDFB-EC15-4F11-B890-A6692FB7E6F5} - (no file) BHO-{b5afb124-253a-46ee-b4a7-31d0b1b5b5c5} - (no file) BHO-{BCDA3AB1-C51E-4059-A51B-C8EE2AE9DFB9} - (no file) BHO-{CDFDB77C-04F4-4956-BC1F-959190F4D34D} - (no file) BHO-{DCE06FC7-3B5D-40F7-A9A2-F86A466D76F1} - (no file) BHO-{e091722a-dd79-4721-b046-5785347180ce} - (no file) HKLM-Run-DAEMON Tools - E:\HYöty\DAEMON Tools\daemon.exe HKLM-Run-Zboard - E:\HYöty\zengine\Zboard.exe HKLM-Run-!AVG Anti-Spyware - E:\HYöty\AVG Anti-Spyware 7.5\avgas.exe HKLM-Run-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\HYöty\superantispy\SASSEH.DLL Notify-!SASWinLogon - E:\HYöty\superantispy\SASWINLO.dll Notify-iifdayx - (no file) . ------- Täydentävä tarkistus ------- . FireFox -: Profile - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d5v2tz02.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fi/ FF -: plugin - E:\HYöty\fire\plugins\npnul32.dll FF -: plugin - E:\HYöty\webdivx\DivX Web Player\npdivx32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-20 11:24:41 Windows 5.1.2600 Service Pack 3 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . ------------------------ Muut prosessit ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe E:\HYöty\adware\aawservice.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe E:\HYöty\Last.fm\LastFMHelper.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\control.exe . ************************************************************************** . Valmistumisajankohta: 2008-09-20 11:27:52 - kone käynnistettiin uudelleen ComboFix-quarantined-files.txt 2008-09-20 08:27:45 Ennen ajoa: 25ÿ158ÿ410ÿ240 tavua vapaana Ajon jälkeen: 25,486,319,616 tavua vapaana 178 --- E O F --- 2008-09-11 09:02:54
mbam-log: Malwarebytes' Anti-Malware 1.28 Tietokantaversio: 1176 Windows 5.1.2600 Service Pack 3 19.9.2008 20:42:45 mbam-log-2008-09-19 (20-42-45).txt Tarkistustyyppi: Pikatarkistus Tarkistetut kohteet: 59700 Kulunut aika: 6 minute(s), 58 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 12 Saastuneita rekisteriarvoja: 2 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 3 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{040cf5cf-afc4-4393-b3ae-30b65a5460c4} (Trojan.Conhook) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3b473c5a (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38740fc6 (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM3b473c5a.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM3b473c5a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
