virtumonde on iskenyt koneelle

Kanre · Feb 15, 2007

elikkä tommmonen virus on iskeny koneelle. tietäisikö joku kuinka sen saisi pois? olen kokeillut jo vundofixiä.

Marg3ra · Feb 22, 2007

Oletko jo kokeillut VirtumundoBegonea? Mikäli et, niin sen löydät täältä.
Ladattuasi ohjelman seuraa näitä ohjeita. Tuon jälkeen laita vielä Hjt-loki sivustolle pähkäiltäväksi.

sativa05 · Jul 31, 2007

Logfile of HijackThis v1.99.1
Scan saved at 13:12:09, on 30.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure Internet Security\Common\FSLAUNCHER0.EXE
C:\WINDOWS\system32\control.exe
C:\Documents and Settings\Heikki\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plaza.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {671CFEAF-30F0-4CF4-A5EE-58EAAF3185A9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7636434E-DDF6-4F85-928E-81652921DFA6} - (no file)
O2 - BHO: (no name) - {8BD68DDC-C1B4-4B25-8D87-74C80948530F} - (no file)
O2 - BHO: (no name) - {962D9AF6-0169-4E50-ACC2-3D9A98D206C6} - (no file)
O2 - BHO: (no name) - {A091BD53-0F87-47AA-B41F-15F064A6BD0D} - (no file)
O2 - BHO: (no name) - {AC6AE780-A9EE-406F-AC05-2F5FE0784011} - (no file)
O2 - BHO: (no name) - {F8344C27-C29D-46D6-A745-03DE4A99C35E} - (no file)
O2 - BHO: (no name) - {FD022181-3D29-45B1-84EC-7C4275DE8463} - C:\WINDOWS\system32\mljge.dll (file missing)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1184367103609
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uragvwbm.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

sativa05 · Jul 31, 2007

Onko tossa mitään ???

Auttaja · Aug 2, 2007

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Jannejt · Aug 2, 2007

sativa05 said:

Onko tossa mitään ???
Click to expand...

lue säännöt, ei bump viestejä, voit editoida viestiäsi jos haluat jotain lisätä.

sativa05 · Aug 23, 2007

ComboFix 07-08-17.2 - "Heikki" 2007-08-19 22:16:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.574 [GMT 3:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\UGA6P
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\ajhkkhdd.ini
C:\WINDOWS\system32\cdywbxbw.ini
C:\WINDOWS\system32\ddhkkhja.dll
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\etbhxksm.dll
C:\WINDOWS\system32\gedlajwv.ini
C:\WINDOWS\system32\gifdauty.ini
C:\WINDOWS\system32\hcvumsjx.dll
C:\WINDOWS\system32\hxgrjswt.ini
C:\WINDOWS\system32\koxjuowy.ini
C:\WINDOWS\system32\mjrchuoy.dll
C:\WINDOWS\system32\mskxhbte.ini
C:\WINDOWS\system32\smmufuvu.dll
C:\WINDOWS\system32\twsjrgxh.dll
C:\WINDOWS\system32\uvufumms.ini
C:\WINDOWS\system32\wbxbwydc.dll
C:\WINDOWS\system32\vwjaldeg.dll
C:\WINDOWS\system32\xjsmuvch.ini
C:\WINDOWS\system32\youhcrjm.ini
C:\WINDOWS\system32\ytuadfig.dll
C:\WINDOWS\system32\ywoujxok.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NTIO256
-------\LEGACY_RUNTIME2
-------\DomainService
-------\ntio256

((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))

2007-08-19 22:15 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-19 11:45 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-08-19 11:45 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-08-19 11:45 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-08-19 11:45 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-08-19 11:45 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-08-19 11:45 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-08-18 18:16 32,000 --ah----- C:\WINDOWS\system32\Tvsa3.exe
2007-08-18 18:16 248,832 --ah----- C:\WINDOWS\system32\ShrLk20.dll
2007-08-18 18:16 <KANSIO> d-------- C:\fortress
2007-08-14 14:25 <KANSIO> d-------- C:\Program Files\MSN Password Recovery
2007-08-13 11:56 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2007-08-13 11:24 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-11 17:47 <KANSIO> d-------- C:\Program Files\SpeedFan
2007-08-11 17:27 <KANSIO> d-------- C:\DOCUME~1\Heikki\APPLIC~1\Nokia Multimedia Player
2007-08-11 17:26 <KANSIO> d-------- C:\Uusi kansio
2007-08-11 17:25 <KANSIO> d-------- C:\puhelin
2007-08-11 17:23 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-08-11 17:21 <KANSIO> d-------- C:\DOCUME~1\Heikki\APPLIC~1\Nokia
2007-08-11 17:20 <KANSIO> d-------- C:\Program Files\DIFX
2007-08-11 17:20 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2007-08-11 17:20 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2007-08-11 17:19 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-08-11 17:19 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-11 17:19 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-11 17:19 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-11 17:19 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-11 17:19 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-08-11 17:19 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-11 17:19 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2007-08-11 17:19 <KANSIO> d-------- C:\Program Files\Nokia
2007-08-11 17:19 <KANSIO> d-------- C:\DOCUME~1\Heikki\APPLIC~1\PC Suite
2007-08-11 17:18 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-30 15:58 172,032 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-07-30 15:49 <KANSIO> d-------- C:\Program Files\GoldWave
2007-07-30 15:49 <KANSIO> d-------- C:\DOCUME~1\Heikki\APPLIC~1\Help

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-19 21:03 --------- d-------- C:\Program Files\Steam
2007-08-11 17:48 --------- d-------- C:\Program Files\mIRC
2007-07-17 10:29 --------- d-------- C:\Program Files\Enigma Software Group
2007-07-16 14:48 --------- d-------- C:\Program Files\Lavasoft
2007-07-16 13:02 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-15 15:42 7680 --a------ C:\WINDOWS\system32\drivers\ip6fw.0ys
2007-07-15 15:07 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-07-08 12:38 --------- d-------- C:\DOCUME~1\Heikki\APPLIC~1\uTorrent
2007-06-26 09:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 16:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 16:22 1033728 --a------ C:\WINDOWS\explorer.exe
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-06-06 14:23 33302 --a------ C:\WINDOWS\system32\byxuutu.dll.vir
2007-05-27 12:49 61440 --a------ C:\WINDOWS\KHALMNPRN.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{671CFEAF-30F0-4CF4-A5EE-58EAAF3185A9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7636434E-DDF6-4F85-928E-81652921DFA6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BD68DDC-C1B4-4B25-8D87-74C80948530F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{962D9AF6-0169-4E50-ACC2-3D9A98D206C6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A091BD53-0F87-47AA-B41F-15F064A6BD0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC6AE780-A9EE-406F-AC05-2F5FE0784011}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8344C27-C29D-46D6-A745-03DE4A99C35E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD022181-3D29-45B1-84EC-7C4275DE8463}]
C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 10:34 C:\WINDOWS\system32\sstray.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 C:\WINDOWS\system32\atiptaxx.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-04-26 22:06]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-04-26 22:06]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-10-12 17:13]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-26 20:18:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Heikki^Käynnistä-valikko^Ohjelmat^Käynnistys^MemTurbo.lnk]
path=C:\Documents and Settings\Heikki\Käynnistä-valikko\Ohjelmat\Käynnistys\MemTurbo.lnk
backup=C:\WINDOWS\pss\MemTurbo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDC]
C:\WINDOWS\system32\uragvwbm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Downloader]
C:\windows\KHALMNPRN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\system32\hcvumsjx.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
c:\program files\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uga6pcw]
"C:\PROGRA~1\COMMON~1\TRUSTE~1\uga6pcw.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys
R1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys
R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys
R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys
S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys

Contents of the 'Scheduled Tasks' folder
2007-08-19 00:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job - C:\Program Files\RegistrySmart\RegistrySmart.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 22:18:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 22:21:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-19 22:20

--- E O F ---

thermonen · Oct 11, 2007

EDIT:

Unohtakaa sainkin korjattua itse

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:41, on 11.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Outpost Firewall\outpost.exe
C:\Program Files\RemotelyAnywhere\RaMaint.exe
C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\RemotelyAnywhere\RAGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {594F2924-0179-4BB9-85DE-77221CCDC9DC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\RAGui.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Outpost Firewall\outpost.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Outpost Firewall\outpost.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe
O23 - Service: RemotelyAnywhere - 3am Labs, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4016 bytes

EDIT:

Unohtakaa sainkin korjattua itse

Log in or Sign up

virtumonde on iskenyt koneelle

Kanre Regular member

Marg3ra Member

sativa05 Member

sativa05 Member

Auttaja Guest

Jannejt Moderator Staff Member

sativa05 Member

thermonen Member

Share This Page

Log in or Sign up

virtumonde on iskenyt koneelle

Kanre Regular member

Marg3ra Member

sativa05 Member

sativa05 Member

Auttaja Guest

Jannejt Moderator Staff Member

sativa05 Member

thermonen Member

Share This Page

Useful Searches