moi yx päivä meses yx kamu laitto mukamas kuvan ja mä tyhmä tietty avasin sen ennenku tajusin etteise oo viisasta joten troijan-spy win32@mx näkyy tarttuneen ja varmaa muutakin PASKAA joten voisko joku kertoo miten nuo saa poisteltua kaspersky löytää jotai 17 juttua mut en osaa poistaa mitää eli eipä paljon lämmitä ja ewidon sivuille ei pääse jostainsyystä ollenkaa ja niin poispäin eli nyt ois neuvot paikallaan että kiitoksia jo etukäteen kaikille vaivautuville! nii joo ja spy worm.win32 myös ainaki löytyy ja pop-uppeja vaikka muille jakaa
Mulla ainaski avast! löysi just jotain 5 trojan.downloader virusta ja ne saa sillä kyllä poistettua ihan samantien ku ne löytyy... Että suosittelen sitä ohjelmaa. Tietty voit koittaa ettiä tiedoston ja poistaa sen. Muuta en osaa neuvoa
tässä tapauksessa avst ilmoitta että on örkkejä mutta kun se jotai muka tekee ni ei ongelma mihkään häivy
En usko, että tulee siitä kuvasta... Lataa ja avaa HjT ja sitten paina 'Do a system Scan and save a Logfile'. Sitten liitä teksti tänne. Lataa ja asenna Ad-aware täältä. Aja se läpi ja poista tulokset.
tässä ois loki jos jotai selviäis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:57:59, on 26.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\uqrgwfza.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?e111ed09e0af45b3b259f0f486a65e41 O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?e111ed09e0af45b3b259f0f486a65e41 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171999947358 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\geesgdhi.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 7535 bytes
moi ad-aware ei osaa vundoa poistaa.... uudelleen nimeä HijackThis.exe vaikkapa skode.exe:s Lataa VundoFix.exe työpöydällesi. *Tupla-klikkaa VundoFix.exe ajaaksesi sen. *Klikkaa Scan for Vundo valintaa. *Kun skannaus on valmis, klikkaa Remove Vundo valintaa. *Sinulta kysytään haluatko poistaa filut - klikkaa YES. *Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. *Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. *Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä. ja sitten... 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix.exe combofix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Lähetä C:\vundofix.txt + C:\ComboFix.txt + uusi hjt-loki
kiitoksia ainakin jotain alkoi tapahtua! aloin jo pikkuhiljaa harkita windowssin poistoa mutta pop-upit ainakin rauhottu saako muuten lisenssi windowssista tehtyä varmuuskopiolevyn ku mul ei oo ja vastaavassa tilanteessa ei tarvis uutta ostaa? tässä kuitenki nää logit Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:12:06, on 27.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {73E00092-5539-4661-9B61-3A66FC0D772E} - C:\WINDOWS\system32\ddcbxww.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {507fe794-d89a-a21b-9184-abe7c6ccba89} - {98abcc6c-7eba-4819-b12a-a98d497ef705} - C:\WINDOWS\system32\nyqgrvqr.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?e111ed09e0af45b3b259f0f486a65e41 O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?e111ed09e0af45b3b259f0f486a65e41 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171999947358 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: ddcbxww - C:\WINDOWS\SYSTEM32\ddcbxww.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 8182 bytes Beginning removal... VundoFix V6.6.2 Checking Java version... Scan started at 17:50:12 27.11.2007 Listing files found while scanning.... C:\windows\system32\uqrgwfza.dll C:\windows\system32\uqrgwfza.dllbox Beginning removal... Attempting to delete C:\windows\system32\uqrgwfza.dll C:\windows\system32\uqrgwfza.dll Has been deleted! Attempting to delete C:\windows\system32\uqrgwfza.dllbox C:\windows\system32\uqrgwfza.dllbox Has been deleted! Performing Repairs to the registry. Done! ComboFix 07-11-19.4 - Omistaja 2007-11-27 18:04:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.456 [GMT 2:00] Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Käynnistä-valikko\Live Safety Center.lnk C:\Documents and Settings\All Users\Käynnistä-valikko\Online Security Guide.lnk C:\Documents and Settings\Omistaja\Suosikit\Online Security Guide.lnk C:\Documents and Settings\Omistaja\Työpöytä\Live Safety Center.lnk C:\Documents and Settings\Omistaja\Työpöytä\Online Security Guide.lnk C:\WINDOWS\system32\dccdd.ini C:\WINDOWS\system32\dccdd.ini2 C:\WINDOWS\system32\ddccd.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-10-27 to 2007-11-27 ))))))))))))))))) . 2007-11-26 21:04 <KANSIO> d-------- C:\Program Files\Lavasoft 2007-11-26 21:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-25 20:36 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer 2007-11-25 11:21 <KANSIO> d-------- C:\Program Files\a-squared Anti-Malware 2007-11-25 09:01 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-24 22:35 <KANSIO> d-------- C:\Program Files\WinClamAVShield 2007-11-24 20:59 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-24 20:10 81,472 --a------ C:\WINDOWS\system32\nyqgrvqr.dll 2007-11-24 20:07 767,347 ---hs---- C:\WINDOWS\system32\tvglcotq.ini 2007-11-24 19:19 766,987 ---hs---- C:\WINDOWS\system32\jxbsmepv.ini 2007-11-24 19:17 <KANSIO> d-------- C:\Program Files\Spyware Terminator 2007-11-24 19:17 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Spyware Terminator 2007-11-24 19:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2007-11-24 19:01 83,520 --a------ C:\WINDOWS\system32\nmdtdqxe.dll 2007-11-23 19:18 766,867 ---hs---- C:\WINDOWS\system32\ihppunap.ini 2007-11-23 15:51 83,520 --a------ C:\WINDOWS\system32\ycfcebpy.dll 2007-11-22 07:55 79,936 --a------ C:\WINDOWS\system32\gabpmvck.dll 2007-11-22 07:52 773,189 ---hs---- C:\WINDOWS\system32\byeqpogv.ini 2007-11-21 20:28 35,840 --a------ C:\WINDOWS\system32\jkkllij.dll 2007-11-21 20:22 35,840 --a------ C:\WINDOWS\system32\gebbaxy.dll 2007-11-21 19:40 35,840 --a------ C:\WINDOWS\system32\ddcbxww.dll 2007-11-21 18:31 <KANSIO> d----c--- C:\Downloads 2007-11-21 18:25 <KANSIO> d----c--- C:\Kaspersky 2007-11-20 18:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-11-20 17:59 <KANSIO> d-------- C:\Program Files\MagicISO 2007-11-15 15:46 <KANSIO> d-------- C:\Program Files\Eazy VCD 2007-11-15 15:46 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX 2007-11-14 18:58 <KANSIO> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-26 19:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-26 18:51 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\FinalBurner DATA 2007-11-21 18:29 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\uTorrent 2007-10-21 10:04 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\FinalBurner Video DVD 2007-10-20 17:08 --------- d-----w C:\Program Files\URUSoft 2007-10-14 17:03 --------- d-----w C:\Program Files\Java 2007-10-14 17:02 --------- d-----w C:\Program Files\Common Files\Java 2007-10-13 14:36 --------- d-----w C:\Program Files\Trend Micro 2007-10-13 14:20 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Logitech 2007-10-13 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd 2007-10-13 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-10-13 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2007-10-13 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-10-13 14:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-13 14:17 --------- d-----w C:\Program Files\Logitech 2007-10-13 14:17 --------- d-----w C:\Program Files\Common Files\Logitech 2007-10-13 14:17 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\InstallShield 2007-10-13 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2007-10-13 13:56 --------- d-----w C:\Program Files\Yahoo! 2007-10-12 17:57 --------- d-----w C:\Program Files\SmartDraw 2008 2007-10-11 16:52 --------- d-----w C:\Program Files\CCleaner 2007-10-06 11:31 --------- d-----w C:\Program Files\Winamp 2007-08-28 11:32 303,208 ----a-w C:\WINDOWS\system32\AcSignOpt.exe 2007-08-28 11:31 185,448 ----a-w C:\WINDOWS\system32\AcSignIcon.dll 2007-08-28 11:31 177,768 ----a-w C:\WINDOWS\system32\AcSignExt.dll 2007-08-28 08:53 15,976 ----a-w C:\WINDOWS\system32\AcSignExtRes.dll . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E00092-5539-4661-9B61-3A66FC0D772E}] 2007-11-21 19:40 35840 --a------ C:\WINDOWS\system32\ddcbxww.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98abcc6c-7eba-4819-b12a-a98d497ef705}] 2007-11-24 20:10 81472 --a------ C:\WINDOWS\system32\nyqgrvqr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 17:53] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 C:\WINDOWS\soundman.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-04 19:38] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{73E00092-5539-4661-9B61-3A66FC0D772E}"= C:\WINDOWS\system32\ddcbxww.dll [2007-11-21 19:40 35840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxww] ddcbxww.dll 2007-11-21 19:40 35840 C:\WINDOWS\system32\ddcbxww.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\ZDPNDIS5.SYS . 'Ajoitetut teht„v„t'-kansion sis„lt” "2007-11-26 19:18:04 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job" . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 18:07:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-27 18:09:43 - machine was rebooted . --- E O F --- kiitos
moi niitä on koneella vielä.... Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa CFScript ComboFix.exeen kuten alla. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö + uusi hjt-loki tänne.
oisin luullu et oli jo puhas ko autto kummasti täs nää logit Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:35:10, on 27.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?e111ed09e0af45b3b259f0f486a65e41 O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?e111ed09e0af45b3b259f0f486a65e41 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171999947358 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: ddcbxww - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 7942 bytes ComboFix 07-11-19.4 - Omistaja 2007-11-27 19:28:16.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.427 [GMT 2:00] Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\byeqpogv.ini C:\WINDOWS\system32\ddcbxww.dll C:\WINDOWS\system32\gabpmvck.dll C:\WINDOWS\system32\gebbaxy.dll C:\WINDOWS\system32\ihppunap.ini C:\WINDOWS\system32\jkkllij.dll C:\WINDOWS\system32\jxbsmepv.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nmdtdqxe.dll C:\WINDOWS\system32\nyqgrvqr.dll C:\WINDOWS\system32\tvglcotq.ini C:\WINDOWS\system32\ycfcebpy.dll . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\byeqpogv.ini C:\WINDOWS\system32\ddcbxww.dll C:\WINDOWS\system32\gabpmvck.dll C:\WINDOWS\system32\gebbaxy.dll C:\WINDOWS\system32\ihppunap.ini C:\WINDOWS\system32\jkkllij.dll C:\WINDOWS\system32\jxbsmepv.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nmdtdqxe.dll C:\WINDOWS\system32\nyqgrvqr.dll C:\WINDOWS\system32\tvglcotq.ini C:\WINDOWS\system32\ycfcebpy.dll . ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-10-27 to 2007-11-27 ))))))))))))))))) . 2007-11-27 18:29 <KANSIO> C:\WINDOWS\LastGood.Tmp 2007-11-26 21:04 <KANSIO> d-------- C:\Program Files\Lavasoft 2007-11-26 21:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-25 20:36 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer 2007-11-25 11:21 <KANSIO> d-------- C:\Program Files\a-squared Anti-Malware 2007-11-24 22:35 <KANSIO> d-------- C:\Program Files\WinClamAVShield 2007-11-24 20:59 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-24 19:17 <KANSIO> d-------- C:\Program Files\Spyware Terminator 2007-11-24 19:17 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Spyware Terminator 2007-11-24 19:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2007-11-21 18:31 <KANSIO> d----c--- C:\Downloads 2007-11-21 18:25 <KANSIO> d----c--- C:\Kaspersky 2007-11-20 18:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-11-20 17:59 <KANSIO> d-------- C:\Program Files\MagicISO 2007-11-15 15:46 <KANSIO> d-------- C:\Program Files\Eazy VCD 2007-11-15 15:46 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX 2007-11-14 18:58 <KANSIO> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-26 19:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-26 18:51 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\FinalBurner DATA 2007-11-21 18:29 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\uTorrent 2007-10-21 10:04 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\FinalBurner Video DVD 2007-10-20 17:08 --------- d-----w C:\Program Files\URUSoft 2007-10-14 17:03 --------- d-----w C:\Program Files\Java 2007-10-14 17:02 --------- d-----w C:\Program Files\Common Files\Java 2007-10-13 14:36 --------- d-----w C:\Program Files\Trend Micro 2007-10-13 14:20 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Logitech 2007-10-13 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd 2007-10-13 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-10-13 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2007-10-13 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-10-13 14:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-13 14:17 --------- d-----w C:\Program Files\Logitech 2007-10-13 14:17 --------- d-----w C:\Program Files\Common Files\Logitech 2007-10-13 14:17 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\InstallShield 2007-10-13 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2007-10-13 13:56 --------- d-----w C:\Program Files\Yahoo! 2007-10-12 17:57 --------- d-----w C:\Program Files\SmartDraw 2008 2007-10-11 16:52 --------- d-----w C:\Program Files\CCleaner 2007-10-06 11:31 --------- d-----w C:\Program Files\Winamp 2007-08-28 11:32 303,208 ----a-w C:\WINDOWS\system32\AcSignOpt.exe 2007-08-28 11:31 185,448 ----a-w C:\WINDOWS\system32\AcSignIcon.dll 2007-08-28 11:31 177,768 ----a-w C:\WINDOWS\system32\AcSignExt.dll 2007-08-28 08:53 15,976 ----a-w C:\WINDOWS\system32\AcSignExtRes.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-27_18.08.52.56 ))))))))))))))))))))))))))))))))))))))))) . - 2007-02-15 16:01:04 1,476,992 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll + 2007-10-11 12:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll + 2007-11-27 17:31:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_728.dat . (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„ [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 17:53] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 C:\WINDOWS\soundman.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-04 19:38] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbxww] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\ZDPNDIS5.SYS . 'Ajoitetut teht„v„t'-kansion sis„lt” "2007-11-27 17:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job" . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 19:31:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-27 19:33:33 - machine was rebooted . --- E O F ---
ja sitten... Tee uusi hjt-scannaus Do a System scan only Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked O20 - Winlogon Notify: ddcbxww - C:\WINDOWS\ Käynnistä kone uudelleen lopputarkistus... Skannaa koneesi Kaspersky Online Skannerilla Käytä Internet Explorer Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä. Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen. Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next. Klikkaa nyt asetuksia, Scan Settings Tarkista asetuksista, että seuraavat ovat valittuina: o Scan using the following Anti-Virus database: + Extended (Jos valittavissa, muuten valitse Standard) o Scan Options: + Scan Archives + Scan Mail Bases Klikkaa OK Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut. Klikkaa nyt Save as Text-painiketta. Tallenna tiedosto työpöydällesi. Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.+ uusi hjt-loki
tälläset löyty KASPERSKY ONLINE SCANNER REPORT Wednesday, November 28, 2007 5:44:37 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 27/11/2007 Kaspersky Anti-Virus database records: 467104 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics Total number of scanned objects 39172 Number of viruses found 7 Number of infected objects 28 Number of suspicious objects 0 Duration of the scan process 00:33:03 Infected Object Name Virus Name Last Action C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Omistaja\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Omistaja\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Omistaja\Local Settings\Sivuhistoria\History.IE5\MSHist012007112720071128\index.dat Object is locked skipped C:\Documents and Settings\Omistaja\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Omistaja\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Omistaja\ntuser.dat.LOG Object is locked skipped C:\itouch_crash_info.txt Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Taustasuojaus.txt Object is locked skipped C:\Program Files\Sygate\SPF\debug.log Object is locked skipped C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped C:\qoobox\Quarantine\C\WINDOWS\system32\gebbaxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.atg skipped C:\qoobox\Quarantine\C\WINDOWS\system32\jkkllij.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.atg skipped C:\qoobox\Quarantine\C\WINDOWS\system32\nmdtdqxe.dll.vir Infected: Trojan.Win32.BHO.zo skipped C:\qoobox\Quarantine\C\WINDOWS\system32\nyqgrvqr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.h skipped C:\qoobox\Quarantine\C\WINDOWS\system32\ycfcebpy.dll.vir Infected: Trojan.Win32.BHO.zo skipped C:\qoobox\Quarantine\catchme2007-11-27_180739.15.zip/ddccd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayw skipped C:\qoobox\Quarantine\catchme2007-11-27_180739.15.zip ZIP: infected - 1 skipped C:\qoobox\Quarantine\catchme2007-11-27_193133.06.zip/ddcbxww.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atg skipped C:\qoobox\Quarantine\catchme2007-11-27_193133.06.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP213\A0025277.exe.mwt Infected: Backdoor.Win32.IRCBot.arf skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP213\A0025282.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP214\A0025348.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP214\A0025386.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP216\A0025437.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP216\A0025438.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP217\A0025466.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP218\A0025533.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP218\A0025534.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP219\A0025561.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP222\A0025815.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP223\A0025838.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayw skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP225\A0025901.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atg skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP225\A0025903.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atg skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP225\A0025905.dll Infected: Trojan.Win32.BHO.zo skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP225\A0025906.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.h skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP225\A0025908.dll Infected: Trojan.Win32.BHO.zo skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP225\A0025912.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.atg skipped C:\System Volume Information\_restore{F6B4BB8D-EEF4-47E7-92F7-AEAD1B67A106}\RP225\change.log Object is locked skipped C:\VundoFix Backups\uqrgwfza.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_738.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:47:41, on 28.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?e111ed09e0af45b3b259f0f486a65e41 O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?e111ed09e0af45b3b259f0f486a65e41 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171999947358 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 8108 bytes
jep hyvältä näyttää.. poista kansio: C:\qoobox C:\VundoFix Backups Tyhjennä roskakori Putsaa järjestelmän palautus: 1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta 2. Valitse Properties/ominaisuudet 3. Valitse System Restore/järjestelmän palauttaminen välilehti 4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Apply/käytä 6. Paina OK 7. Käynnistä kone uudelleen 8. Palauta asetukset takaisin vielä ongelmia ?????
ei näyttäs ongelmia enää esiintyvä eli kiitos TOSI paljon avusta! et sättus tai kukaa tietää et voiko lisenssiwindowssista tehdä varmuuskopion ku ei oo asennuslevyä ku vindows on vaa kovolla ei ollu varaa levyyn vai lisenssii
ilmeisesti sinulla on hp,eikö d asemasta löydy recovery tiedostot? tässä lisää http://www.google.fi/search?q=windo...&rls=org.mozilla:fi:official&client=firefox-a
Ovatko nuo lokitiedot tietokone kohtaisia vai voinko itsekkin käyttää noita samoja ohjeita? Sama viirus on jo pienen hetken minun konettani vihlonut.
