Viiruksia koneella

Asia on tällälailla, että Avast ilmoittaa löytäneen tartuntoja, joita se ei voi poistaa.. Mitä pitäisi tehdä?

Tässä Avastin ilmoittamat:

C:\Users\Tomizz\AppData\Local\Temp\BITA245.tmp\0.exe - Infection: Win32:Frauder-F [Tri]
C:\Users\Tomizz\AppData\Local\Temp\BITA245.tmp\1.exe - Infection: Win32:Frauder-F [Tri]
C:\Users\Tomizz\AppData\Local\Temp\BITA245.tmp\2.exe - Infection: Win32:Frauder-F [Tri]
C:\Users\Tomizz\AppData\Local\Temp\BITA245.tmp\3.exe - Infection: Win32:Frauder-F [Tri]
C:\Users\Tomizz\AppData\Local\Temp\BITA245.tmp\4.exe - Infection: Win32:Frauder-F [Tri]
C:\Users\Tomizz\AppData\Local\Temp\BITA245.tmp\5.exe\MicroAV.cpl - Infection: Win32:Neptunia-AGB [Tri]
C:\Users\Tomizz\AppData\Local\Temp\BITA245.tmp\5.exe\MicroAV.exe - Infection: Win32:Spyware-gen [Tri]
C:\Users\Tomizz\AppData\Local\Temp\BITA245.tmp\7.exe - Infection: Win32:Frauder-F [Tri]

Tuossa oli Avastin antamat tiedot .. Ja jokaisen perässä lukee vielä "Error occurred during file deleting. The operation is not supported for this type of archive.

Seuraavaksi HiJackloki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:47, on 3.12.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GTGMOUSE] "C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9701 bytes


Jos joku viitsisi hieman autella mitä tehdä ?

 

Jos koneella on Malwarebytes' Anti-Malware ennestään suorita ensin päivitys aja sen jälkeen.

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Dodiin. Ohjelma tuli asennettua ja tässä tiedot:

Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1456
Windows 6.0.6000

4.12.2008 19:36:19
mbam-log-2008-12-04 (19-36-19).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 184986
Kulunut aika: 49 minute(s), 39 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Users\Tomizz\AppData\Local\Temp\TDSSa2ad.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Tomizz\AppData\Local\Temp\TDSSc61b.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Veikkaisin vielä että noiden poistojen jälkeen, kun pistän Avastin skannaamaan koneen läpi, niin löytyy samat viirukset sieltä.. Katsotaan joko 5. tai 6. päivä kun pistän skannaamaan. Ilmottelen lisää silloin.

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-12-03.04 - Tomizz 2008-12-04 20:57:16.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1186 [GMT 2:00]
Sijainti: c:\users\Tomizz\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Tomizz\AppData\Roaming\Adobe\crc.dat

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-04 to 2008-12-04 )))))))))))))))))
.

2008-12-04 18:07 . 2008-12-04 19:37 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-03 17:05 . 2008-12-03 17:05 <KANSIO> d-------- c:\program files\Trend Micro
2008-11-30 21:22 . 2008-11-30 21:22 <KANSIO> d-------- c:\users\Tomizz\AppData\Roaming\Malwarebytes
2008-11-30 21:22 . 2008-11-30 21:22 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2008-11-30 21:22 . 2008-11-30 21:22 <KANSIO> d-------- c:\programdata\Malwarebytes
2008-11-29 15:55 . 2008-11-29 15:55 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-26 14:58 . 2008-11-26 14:58 <KANSIO> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 14:58 . 2008-11-26 14:58 <KANSIO> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 14:58 . 2008-11-26 14:58 <KANSIO> d-------- c:\program files\iTunes
2008-11-26 14:58 . 2008-11-26 14:58 <KANSIO> d-------- c:\program files\iPod
2008-11-26 14:55 . 2008-11-26 14:56 <KANSIO> d-------- c:\program files\QuickTime
2008-11-19 19:37 . 2004-08-18 03:34 442,368 --a------ c:\windows\System32\vp6vfw.dll
2008-11-18 20:55 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2008-11-18 20:55 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2008-11-18 20:55 . 2006-11-29 13:06 440,080 --a------ c:\windows\System32\d3dx10.dll
2008-11-18 20:55 . 2006-12-08 12:02 251,672 --a------ c:\windows\System32\xactengine2_5.dll
2008-11-07 12:41 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
2008-11-07 12:41 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\System32\D3DCompiler_35.dll
2008-11-07 12:41 . 2007-07-19 18:14 444,776 --a------ c:\windows\System32\d3dx10_35.dll
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 13:54 --------- d-----w c:\program files\Java
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-26 16:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 16:19 --------- d-----w c:\program files\Microsoft Games
2008-11-26 12:58 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 17:00 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-22 12:09 --------- d-----w c:\program files\Office
2008-11-13 20:49 --------- d-----w c:\program files\Common Files\Adobe
2008-11-07 10:42 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-07 10:42 22,328 ----a-w c:\users\Tomizz\AppData\Roaming\PnkBstrK.sys
2008-11-07 10:42 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-07 10:41 669,184 ----a-w c:\windows\System32\pbsvc.exe
2008-11-03 13:37 --------- d-----w c:\users\Tomizz\AppData\Roaming\dvdcss
2008-10-26 14:49 --------- d-----w c:\program files\Audacity
2008-10-25 15:14 --------- d-----w c:\program files\Easy CD-DA Extractor 11
2008-10-22 18:59 --------- d-----w c:\program files\Microsoft Works
2008-10-22 18:59 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-22 18:59 --------- d-----w c:\program files\Common Files\L&H
2008-10-22 18:58 --------- d-----w c:\program files\Microsoft.NET
2008-10-22 17:26 --------- d-----w c:\programdata\Trymedia
2008-10-22 16:42 --------- d-----w c:\users\Sambu\AppData\Roaming\Creative
2008-10-21 10:56 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 08:03 --------- d-----w c:\users\Tomizz\AppData\Roaming\InstallShield
2008-10-19 08:03 --------- d-----w c:\program files\Ubisoft
2008-10-15 10:49 --------- d-----w c:\users\Tomizz\AppData\Roaming\Ubisoft
2008-10-13 13:54 --------- d-----w c:\users\Tomizz\AppData\Roaming\Creative
2008-10-13 13:21 --------- d--h--w c:\program files\Creative Installation Information
2008-10-13 13:18 --------- d-----w c:\program files\Creative
2008-10-07 12:32 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-10-07 12:32 --------- d-----w c:\program files\DAEMON Tools Lite
2008-09-30 14:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-07-22 12:48 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-22 12:48 56 ---ha-w c:\programdata\ezsidmv.dat
2008-07-09 14:13 174 --sha-w c:\program files\desktop.ini
2007-11-16 09:40 216 ----a-w c:\users\Sambu\AppData\Roaming\wklnhst.dat
2007-09-24 08:34 0 ----a-w c:\users\Tomizz\AppData\Roaming\wklnhst.dat
2007-12-06 08:53 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-06 08:53 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-06 08:53 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-04_20.44.57.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-04 18:40:35 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-04 18:55:30 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-04 18:40:35 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-04 18:55:30 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-04 18:40:54 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-04 18:57:09 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-04 18:57:09 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-04 18:41:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-04 18:57:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-04 18:57:04 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-04 15:58:33 107,416 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-04 18:51:10 107,416 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-04 15:58:33 88,416 ----a-w c:\windows\System32\perfc00B.dat
+ 2008-12-04 18:51:11 88,416 ----a-w c:\windows\System32\perfc00B.dat
- 2008-12-04 15:58:33 618,272 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-04 18:51:10 618,272 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-04 15:58:33 467,808 ----a-w c:\windows\System32\perfh00B.dat
+ 2008-12-04 18:51:17 467,808 ----a-w c:\windows\System32\perfh00B.dat
- 2008-12-04 13:51:46 12,012 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3638545603-1877097701-3798452901-1000_UserData.bin
+ 2008-12-04 18:57:34 12,444 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3638545603-1877097701-3798452901-1000_UserData.bin
- 2008-12-04 13:51:46 89,708 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 18:57:34 89,918 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-02 18:52:10 53,814 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 18:42:17 54,230 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [BU]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2006-11-23 57344]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2006-11-23 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"GTGMOUSE"="c:\program files\FSC\LASER MOUSE\1.0\GTGMouse.exe" [2006-12-07 483328]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 c:\windows\System32\CTXFIHLP.EXE]
"CTXFIREG"="CTxfiReg.exe" [2006-12-12 c:\windows\System32\CTXFIREG.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]

c:\users\Tomizz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Assassin's Creed.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2008-10-19 967304]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{86C55168-DC7C-4317-8931-E3C8906457F9}c:\\program files\\soldier of fortune ii - double helix\\sof2mp.exe"= UDP:c:\program files\soldier of fortune ii - double helix\sof2mp.exe:SoF2MP
"UDP Query User{D681E53C-1A74-4C99-B6D6-435DA2B16491}c:\\program files\\soldier of fortune ii - double helix\\sof2mp.exe"= TCP:c:\program files\soldier of fortune ii - double helix\sof2mp.exe:SoF2MP
"TCP Query User{DFFDC9A9-9E4A-4380-A2E3-2AE1CCC2A3E0}c:\\program files\\soldier of fortune ii - double helix\\sof2mp.exe"= UDP:c:\program files\soldier of fortune ii - double helix\sof2mp.exe:SoF2MP
"UDP Query User{B0F9151A-9FC9-448B-97CC-C3A6BF071243}c:\\program files\\soldier of fortune ii - double helix\\sof2mp.exe"= TCP:c:\program files\soldier of fortune ii - double helix\sof2mp.exe:SoF2MP
"TCP Query User{644D80E9-2E4F-4D76-861F-62E2BD802A60}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{95BEF253-E015-445E-9198-22022B5D4B1B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1451985B-56E7-49F8-936C-EF9F5B838304}c:\\users\\sambu\\desktop\\sdc205\\strongdc.exe"= UDP:c:\users\sambu\desktop\sdc205\strongdc.exe:strongdc.exe
"UDP Query User{49A0D862-9176-4136-ADA2-B7305B659EE9}c:\\users\\sambu\\desktop\\sdc205\\strongdc.exe"= TCP:c:\users\sambu\desktop\sdc205\strongdc.exe:strongdc.exe
"TCP Query User{AC17DEE8-1C42-45E7-9E26-637FACE9EDC0}c:\\users\\sambu\\desktop\\strongdc.exe"= UDP:c:\users\sambu\desktop\strongdc.exe:strongdc.exe
"UDP Query User{D47A22C2-0153-4CD1-944D-9393F10F7105}c:\\users\\sambu\\desktop\\strongdc.exe"= TCP:c:\users\sambu\desktop\strongdc.exe:strongdc.exe
"TCP Query User{D89A6F35-5FFB-4385-888C-1954025CCD60}c:\\users\\tomizz\\desktop\\dc++.exe"= UDP:c:\users\tomizz\desktop\dc++.exe:dc++.exe
"UDP Query User{56B60C75-5BDA-4FFB-83B8-2475061F8D9E}c:\\users\\tomizz\\desktop\\dc++.exe"= TCP:c:\users\tomizz\desktop\dc++.exe:dc++.exe
"TCP Query User{9662DB97-94AE-4C0F-94D1-9F935B259842}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query User{14DD31AA-423A-460D-B6AD-D26CABB4033F}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= TCP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"TCP Query User{8D72133A-1425-4588-A27D-5B13DA9E9888}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed
"UDP Query User{BEA6DA66-1395-4BA5-9D10-49FE313416FA}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed
"{171C5D87-EC64-4FDA-8656-08704428A23A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0BC886A6-1547-4DD8-B18A-FDCBB338E386}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{D7526508-F9A1-4238-992E-FE330F6009B5}c:\\users\\tomizz\\desktop\\chaos theory\\system\\splintercell3.exe"= UDP:c:\users\tomizz\desktop\chaos theory\system\splintercell3.exe:splintercell3.exe
"UDP Query User{593B3FD0-CE5D-443D-A625-D8685AFE5DE1}c:\\users\\tomizz\\desktop\\chaos theory\\system\\splintercell3.exe"= TCP:c:\users\tomizz\desktop\chaos theory\system\splintercell3.exe:splintercell3.exe
"TCP Query User{C43E5EE4-8DCB-4351-9243-916C2A7D587A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{478FEB30-4920-45C2-AB34-40B2BE278BF5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{7D0C9F94-B9DA-48C3-AA8A-3149B34BED1B}c:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegasserver.exe"= Disabled:UDP:c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegasserver.exe:R6VegasServer
"UDP Query User{E8F54DCA-8AA5-461B-9CA3-61A191DD846A}c:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegasserver.exe"= Disabled:TCP:c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegasserver.exe:R6VegasServer
"{58CB33C7-031D-473E-B302-6F5DA3C57269}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA
"{436EB0D8-661D-40B2-9F8E-D77DB9FA1B69}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{4E4BE86B-19D6-45FD-AFFF-496996300A40}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{3A81FDC6-2571-4567-B331-F9E1B13C6C3A}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"{353D2058-EB62-4CD4-9D64-1EE421A7DA2B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{050CA35B-6702-479B-AFAB-2420E0E09794}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{6741549C-AE0C-4B16-9B18-652D74F834CD}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{944798F1-B88A-4621-8F0C-32BC64946824}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{01C0CBC4-5B71-4BB1-B93A-D4427BC81566}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{4EBE53E6-7140-4F96-84A0-FC1C298EC2C1}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{F4348317-0EAD-473C-8254-A356E7AEE618}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{0DD84128-EEBD-4E35-BA91-297F4858EDEF}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{15A95067-DF42-402E-B8A3-290321E25FAD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AAB18B8C-6E2F-4341-9765-D3B353C5FECF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{8C5741BE-FE86-47D3-80C1-EA732C262124}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{80453AC2-92CA-43B0-82FC-8ACC031B6062}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{39D912C4-6686-4243-8DFB-49F939230EBE}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D5376EE4-14DD-442D-A4B5-2257B4FB5BDD}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F9663EDA-7448-4B8E-94D5-30A222018EFF}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8337FA7B-CDC4-4E7E-B722-7742271FF2C8}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8C35E63A-4B39-4DDC-9C78-2B77BF8960BC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2D20C90-331D-45DF-8116-963D82C160EB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-21 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-21 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-09-21 51792]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-09-21 215040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Tomizz\AppData\Roaming\Mozilla\Firefox\Profiles\nzhbkkdx.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.irc.fi
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 21:01:26
Windows 6.0.6000 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-12-04 21:02:20
ComboFix-quarantined-files.txt 2008-12-04 19:02:01

Ennen ajoa: 195,027,910,656 tavua vapaana
Ajon jälkeen: 194,970,398,720 tavua vapaana

248 --- E O F --- 2008-11-23 20:23:43

 

kirjoita suorita luukkuun

Combofix /u

Paina ok

 

edit

 

Jepjep kiitoksia vain. Avast ei löytänyt mitään viime skannauksessa. Joten olettaen että virukset ovat häipyneet. ! =)