1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

rs32net poistettu jotain jäi, HJT

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi JaPeVu 13.01.2009.

  1. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    Meniköhän nyt ihan oikein. Laitoin sen scriptin siihen valkoiseen laatikkoon

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:


    Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\UACtubqkqmp.sys" not found!
    Deletion of driver "UACtubqkqmp.sys" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Completed script processing.

    *******************

    Finished! Terminate.
     
    Viimeksi muokattu: 16.01.2009
  2.  
  3. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    No nyt tuli tällainen

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.

    Hidden driver "UACd.sys" found!
    ImagePath: \systemroot\system32\drivers\UACtubqkqmp.sys
    Driver disabled successfully.

    Rootkit scan completed.


    Completed script processing.

    *******************

    Finished! Terminate.
     
  4. Hujo

    Hujo Guest

    Lataa OTMoveIt
    OTMoveIt ja tallenna se työpöydällesi.

    Tuplaklikkaa OTMoveIt.exe.
    Klikkaa CleanUp!.
    Valitse Yes kun kysytään "Begin cleanup Process?".
    Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

    HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

    ================

    Kirjoita suorita luukkuun

    ComboFix /u

    Klikkaa OK

    ===============

    Poista roskat
     
  5. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    OTmoveIT onnistui

    ComboFix /u, ei onnistu vieläkään
     
  6. Hujo

    Hujo Guest

    Poista se sieltä käsi pelissä
     
  7. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    ComboFix ja OTmoveIT poistettu, jos sitä tarkoitit?
     
  8. Hujo

    Hujo Guest

    juuh sitä tarkoitin

    lähtikös se tuolla pois kun pisti luukkuun
    ComboFix /u täräytti ok:n perään
     
  9. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    Suorita --> ComboFix /u -->Kohdetta ei löydy
    Käsin poistin roskikseen
     
  10. Hujo

    Hujo Guest

    daemon tool onkos tuo ollut koneella
     
  11. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    Daemon tools on edelleenkin koneella.
    Sitä ei näy "muuta sovellusta tai poista se"

    ComboFix lähti toimii omalla nimellä

    Ja tämä toimii:

    ================

    Kirjoita suorita luukkuun

    ComboFix /u

    Klikkaa OK

    ===============
     
    Viimeksi muokattu: 16.01.2009
  12. Hujo

    Hujo Guest

    otas sitten combofix loki
     
  13. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    ComboFix 09-01-16.02 - jani 2009-01-16 23:25:09.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.3006.2018 [GMT 2:00]
    Sijainti: c:\users\jani\Desktop\ComboFix.exe
    * Uusi palautuspiste luotu
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\AutoRun.inf
    c:\windows\system32\Drivers\UACtubqkqmp.sys
    c:\windows\system32\UACcgxsxoue.dll
    c:\windows\system32\UACdwetbbrv.dat
    c:\windows\system32\UACiprjpwir.dll
    c:\windows\system32\UACjscwnafr.dll
    c:\windows\system32\UACsncodxmq.log
    c:\windows\system32\UACviptwxif.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_UACd.sys


    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-16 to 2009-01-16 )))))))))))))))))
    .

    2009-01-16 18:40 . 2009-01-16 18:40 <KANSIO> d-------- c:\program files\CCleaner
    2009-01-16 18:30 . 2009-01-16 18:31 <KANSIO> d-------- C:\RomboFix
    2009-01-15 20:44 . 2009-01-15 20:44 1,905 --a------ c:\windows\diagwrn.xml
    2009-01-15 20:44 . 2009-01-15 20:44 1,905 --a------ c:\windows\diagerr.xml
    2009-01-15 20:32 . 2009-01-15 20:32 <KANSIO> d-------- c:\program files\DC++
    2009-01-15 17:59 . 2009-01-15 17:59 <KANSIO> d-------- c:\program files\Alwil Software
    2009-01-15 17:59 . 2008-11-26 19:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
    2009-01-15 05:50 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-13 21:40 . 2009-01-13 21:40 410,984 --a------ c:\windows\System32\deploytk.dll
    2009-01-13 21:31 . 2009-01-13 21:32 <KANSIO> d-------- c:\program files\Trend Micro
    2009-01-13 18:44 . 2009-01-13 18:44 0 --a------ c:\windows\nsreg.dat
    2009-01-13 17:40 . 2009-01-16 18:44 <KANSIO> d-a------ c:\users\All Users\TEMP
    2009-01-13 17:40 . 2009-01-16 18:46 <KANSIO> d-------- c:\program files\Spyware Doctor
    2009-01-13 17:40 . 2009-01-16 18:44 <KANSIO> d-a------ c:\progra~2\TEMP
    2009-01-12 21:36 . 2009-01-12 21:36 2 --a------ C:\-858457737
    2009-01-12 21:36 . 2009-01-12 21:36 0 -rahs---- C:\ctf
    2009-01-12 21:10 . 2009-01-12 21:10 <KANSIO> d-------- c:\program files\TNET113
    2009-01-11 17:06 . 2009-01-12 17:04 <KANSIO> d-------- c:\users\All Users\Lavasoft
    2009-01-11 17:06 . 2009-01-12 17:04 <KANSIO> d-------- c:\progra~2\Lavasoft
    2009-01-10 15:50 . 2009-01-10 15:50 <KANSIO> d-------- c:\program files\Atari
    2009-01-10 13:34 . 2009-01-15 20:56 <KANSIO> d-------- c:\users\jani\AppData\Roaming\Hamachi
    2009-01-10 13:34 . 2009-01-15 20:56 <KANSIO> d-------- c:\program files\Hamachi
    2009-01-09 21:07 . 2009-01-09 21:07 45 --a------ c:\windows\System32\initdebug.nfo
    2009-01-09 17:53 . 2009-01-09 17:53 54,156 --ah----- c:\windows\QTFont.qfn
    2009-01-09 17:53 . 2009-01-09 17:53 1,409 --a------ c:\windows\QTFont.for
    2009-01-09 06:58 . 2009-01-09 06:58 <KANSIO> d-------- c:\users\All Users\ATI
    2009-01-09 06:58 . 2009-01-09 06:58 <KANSIO> d-------- c:\progra~2\ATI
    2009-01-08 23:24 . 2009-01-08 23:24 <KANSIO> d-------- c:\users\All Users\NokiaMusic
    2009-01-08 23:24 . 2009-01-08 23:24 <KANSIO> d-------- c:\progra~2\NokiaMusic
    2009-01-08 23:22 . 2009-01-08 23:22 <KANSIO> d-------- c:\program files\Common Files\PCSuite
    2009-01-08 23:22 . 2009-01-08 23:22 <KANSIO> d-------- c:\program files\Common Files\muvee Technologies
    2009-01-08 23:10 . 2009-01-09 07:02 <KANSIO> d-------- c:\users\jani\AppData\Roaming\NSeries
    2009-01-08 23:04 . 2009-01-08 23:04 <KANSIO> d-------- c:\users\jani\AppData\Roaming\Nokia Multimedia Player
    2009-01-08 22:54 . 2009-01-09 16:09 <KANSIO> d-------- c:\users\jani\AppData\Roaming\Nokia
    2008-12-29 07:00 . 2009-01-15 20:56 <KANSIO> d-------- c:\users\jani\AppData\Roaming\Winamp
    2008-12-29 07:00 . 2008-12-29 07:01 <KANSIO> d-------- c:\program files\Winamp
    2008-12-29 07:00 . 2007-03-08 01:51 129,784 --------- c:\windows\System32\pxafs.dll
    2008-12-24 14:00 . 2008-12-24 14:00 <KANSIO> d-------- c:\program files\Warner Bros. Interactive Entertainment
    2008-12-21 18:34 . 2008-12-21 18:34 <KANSIO> d-------- c:\users\All Users\Media Center Programs
    2008-12-21 18:34 . 2008-12-21 18:34 <KANSIO> d-------- c:\progra~2\Media Center Programs
    2008-12-17 21:13 . 2008-12-17 21:13 4,179,968 --a------ c:\windows\System32\drivers\atikmdag.sys
    2008-12-17 19:50 . 2008-12-17 19:50 425,984 --a------ c:\windows\System32\ATIDEMGX.dll
    2008-12-17 19:48 . 2008-12-17 19:48 262,144 --a------ c:\windows\System32\Oemdspif.dll
    2008-12-17 19:36 . 2008-12-17 19:36 2,365,440 --a------ c:\windows\System32\atidxx32.dll
    2008-12-17 19:15 . 2008-12-17 19:15 10,981,376 --a------ c:\windows\System32\atioglxx.dll
    2008-12-17 18:54 . 2008-12-17 18:54 98,304 --a------ c:\windows\System32\atiadlxx.dll
    2008-12-17 18:54 . 2008-12-17 18:54 50,688 --a------ c:\windows\System32\amdpcom32.dll
    2008-12-17 18:52 . 2008-12-17 18:52 57,344 --a------ c:\windows\System32\amdcalrt.dll
    2008-12-17 18:52 . 2008-12-17 18:52 53,248 --a------ c:\windows\System32\amdcalcl.dll
    2008-12-17 18:49 . 2008-12-17 18:49 3,256,320 --a------ c:\windows\System32\amdcaldd.dll
    2008-12-17 18:39 . 2008-12-17 18:39 53,248 --a------ c:\windows\System32\drivers\ati2erec.dll
    2008-12-16 17:48 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
    2008-12-16 17:44 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll
    2008-12-16 17:44 . 2008-10-21 07:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-12-16 17:44 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
    2008-12-16 17:44 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe
    2008-12-16 17:40 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-12-16 17:40 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-12-16 17:40 . 2008-10-16 23:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-12-16 17:40 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-12-16 17:40 . 2008-10-16 22:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-12-16 17:40 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-12-16 17:40 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-12-16 17:40 . 2008-10-16 23:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-12-16 17:40 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-16 18:33 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-15 18:56 --------- d-----w c:\users\jani\AppData\Roaming\vlc
    2009-01-15 18:56 --------- d-----w c:\users\jani\AppData\Roaming\Ventrilo
    2009-01-15 18:56 --------- d-----w c:\users\jani\AppData\Roaming\teamspeak2
    2009-01-15 18:56 --------- d-----w c:\program files\Windows Mail
    2009-01-15 18:56 --------- d-----w c:\program files\Steam
    2009-01-15 18:56 --------- d-----w c:\program files\Common Files\Steam
    2009-01-13 19:40 --------- d-----w c:\program files\Java
    2009-01-09 14:07 --------- d-----w c:\program files\Nokia
    2009-01-09 05:30 --------- d-----w c:\progra~2\Installations
    2009-01-09 05:28 --------- d-----w c:\program files\Common Files\Nokia
    2009-01-09 04:57 --------- d-----w c:\program files\ATI Technologies
    2008-12-30 20:30 --------- d-----w c:\users\jani\AppData\Roaming\Xfire
    2008-12-27 08:44 --------- d-----w c:\program files\Xfire
    2008-12-27 08:44 --------- d-----w c:\progra~2\Xfire
    2008-12-25 15:09 --------- d-----w c:\users\jani\AppData\Roaming\PC Suite
    2008-12-24 12:09 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-15 17:56 --------- d-----w c:\users\jani\AppData\Roaming\Application Data
    2008-12-11 16:36 --------- d-----w c:\users\jani\AppData\Roaming\ATI
    2008-12-11 16:36 --------- d-----w c:\program files\ATI
    2008-12-04 15:47 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
    2008-12-04 14:53 --------- d-----w c:\program files\Rockstar Games
    2008-12-03 16:26 --------- d-----w c:\program files\Logitech
    2008-12-03 16:26 --------- d-----w c:\progra~2\Logitech
    2008-12-02 16:29 --------- d-----w c:\program files\Ventrilo
    2008-11-29 07:43 --------- d-----w c:\program files\Audacity
    2008-11-27 16:58 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
    2008-11-27 16:58 --------- d-----w c:\progra~2\PC Suite
    2008-11-27 16:47 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2008-11-27 16:45 --------- d-----w c:\progra~2\Nokia
    2008-11-27 16:44 --------- d-----w c:\program files\DIFX
    2008-11-27 16:39 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-11-24 19:36 --------- d-----w c:\program files\IceChat7
    2008-11-20 19:36 --------- d-----w c:\program files\Microsoft Silverlight
    2008-11-14 16:07 22,328 ----a-w c:\users\jani\AppData\Roaming\PnkBstrK.sys
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
    2008-04-16 18:33 174 --sha-w c:\program files\desktop.ini
    2007-12-02 09:24 417,792 ----a-w c:\users\jani\GL4JavbJauGljJNI14.dll
    2007-12-20 14:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-12-20 14:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-12-20 14:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-01-06 13:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 1687824]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

    c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-24 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm
    "VIDC.XFR1"= xfcodec.dll
    "msacm.divxa32"= divxa32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders credssp.dll, digeste.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{E04D2589-3499-4813-969F-7369C24BF645}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
    "UDP Query User{7882A51A-817B-4C6D-84A4-80A813421C0F}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
    "TCP Query User{8C84B170-A1F4-4423-BD5A-43984FCF2E1E}c:\\program files\\icechat7\\icechat7.exe"= UDP:c:\program files\icechat7\icechat7.exe:Internet Relay Chat Client
    "UDP Query User{4719FE7B-2C2D-4988-94CB-13117648FAE5}c:\\program files\\icechat7\\icechat7.exe"= TCP:c:\program files\icechat7\icechat7.exe:Internet Relay Chat Client
    "TCP Query User{04B66E87-0FAE-4396-B836-D3D903D49CC5}c:\\program files\\steam\\steam.exe"= UDP:c:\program files\steam\steam.exe:Steam
    "UDP Query User{40C576F0-CF4D-4558-BD3D-136AAD7A131B}c:\\program files\\steam\\steam.exe"= TCP:c:\program files\steam\steam.exe:Steam
    "TCP Query User{1DAC73CE-FBFB-4574-AC14-FA36A41149B3}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:BfVietnam
    "UDP Query User{412863F5-83DC-4C78-8E74-477748E5620D}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:BfVietnam
    "TCP Query User{C7F71AFB-C548-47DD-B48F-FDCE243093D7}c:\\program files\\steam\\steamapps\\common\\red orchestra\\system\\redorchestra.exe"= UDP:c:\program files\steam\steamapps\common\red orchestra\system\redorchestra.exe:RedOrchestra
    "UDP Query User{AC765237-FA52-43A6-B353-12A349877840}c:\\program files\\steam\\steamapps\\common\\red orchestra\\system\\redorchestra.exe"= TCP:c:\program files\steam\steamapps\common\red orchestra\system\redorchestra.exe:RedOrchestra
    "{8C49210E-EDBF-42A5-9457-052D2A25D0B8}"= UDP:c:\windows\System32\PnkBstrA.exe:pnkBstrA
    "{776EAD58-5EBF-48CF-A460-3C78ED914B07}"= TCP:c:\windows\System32\PnkBstrA.exe:pnkBstrA
    "{D750154E-F071-4CB7-A513-8EFA79EB38A9}"= UDP:c:\windows\System32\PnkBstrB.exe:pnkBstrB
    "{D776C43F-D3CE-43F2-9E26-2A0DC66343D2}"= TCP:c:\windows\System32\PnkBstrB.exe:pnkBstrB
    "TCP Query User{39C2E179-D91D-42F3-9EE3-7815FE591A5E}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "UDP Query User{2CCC7895-00B9-4443-8E4A-757CCCB1A9D5}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "TCP Query User{31663680-4679-46FE-B001-ACC84F8731ED}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "UDP Query User{B0DA7C76-BEAD-4EFE-9669-C33D02312490}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "TCP Query User{F3A5B1CC-E851-4C4F-B797-ECD9978615F2}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
    "UDP Query User{5DBAFAFC-8976-42A4-89F1-0AEF6B02A17B}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
    "TCP Query User{B22827A3-A738-49A5-95F5-7DB5A27E7F61}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp (2).exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe:iw3mp (2)
    "UDP Query User{10D42B8A-A26F-423B-B482-BADDFA3ED8B8}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp (2).exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe:iw3mp (2)
    "TCP Query User{4BBE007D-4892-46BD-B774-DAE2CA108423}c:\\program files\\crg\\formularacing\\client.exe"= UDP:c:\program files\crg\formularacing\client.exe:client
    "UDP Query User{CB901D0A-07E5-481B-A9C3-4BA320DA40AE}c:\\program files\\crg\\formularacing\\client.exe"= TCP:c:\program files\crg\formularacing\client.exe:client
    "TCP Query User{445D40FB-29A3-45D8-A7F3-11FD71E5FD38}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{F045E182-A69F-493B-8EF0-E6AB254B5E59}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{19BC5385-6233-45DC-B86C-6C6FCA4E09DE}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded
    "UDP Query User{1B38BA58-1A19-436D-8AC7-7FA7F1ABFCE1}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded
    "{BC07DE40-DF7C-4801-800F-FA5905241F1C}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
    "{E36022E4-8E92-4AF6-AC06-BF8D0D574CF5}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
    "TCP Query User{111DC48B-9B56-4B27-946C-60B11CE31D65}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{DF1EB48C-E982-4E9E-BC55-568B19204041}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{15E91D57-BB1A-491C-874B-1A977B67B89C}c:\\program files\\icechat7\\icechat7.exe"= UDP:c:\program files\icechat7\icechat7.exe:Internet Relay Chat Client
    "UDP Query User{44CB2F7F-1BCD-427C-9109-FC8CF30CA188}c:\\program files\\icechat7\\icechat7.exe"= TCP:c:\program files\icechat7\icechat7.exe:Internet Relay Chat Client
    "{4F6B349F-1F80-411F-B3F0-BEC6632E158C}"= UDP:c:\program files\PPLive\PPLive.exe:pPLive
    "{C2749D48-020F-4664-8E94-F1F60A75D139}"= TCP:c:\program files\PPLive\PPLive.exe:pPLive
    "TCP Query User{4779FA1B-5EDB-4102-9F9B-6951509FBC25}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
    "UDP Query User{BE6C3BBF-D143-4F79-93F2-B623F0265D0D}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
    "TCP Query User{98E0484B-4326-41F6-B5B0-3F8952FE9763}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{60DB6A74-C1E5-4DB4-9BDA-4DEB259A38F4}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{19FF7FB8-4D75-4CF3-BB6B-0607560CC22D}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "UDP Query User{5BE43AB5-2709-4C5F-8B9F-55648828634F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "TCP Query User{3AEF64C1-4F4B-427E-BDF3-25D14BB3A5E4}c:\\program files\\sopcast\\sopvod.exe"= UDP:c:\program files\sopcast\sopvod.exe:sopvod
    "UDP Query User{56787108-F95C-4489-B164-0C9F203E321E}c:\\program files\\sopcast\\sopvod.exe"= TCP:c:\program files\sopcast\sopvod.exe:sopvod
    "TCP Query User{6B334E17-41F6-40DA-90F4-A38CD84ED551}c:\\program files\\mediacenter 1.0a\\mediacenter.exe"= UDP:c:\program files\mediacenter 1.0a\mediacenter.exe:Mediacenter
    "UDP Query User{9BAD8560-638F-48EE-8E69-C1279AA525A1}c:\\program files\\mediacenter 1.0a\\mediacenter.exe"= TCP:c:\program files\mediacenter 1.0a\mediacenter.exe:Mediacenter
    "TCP Query User{882EC370-D116-4926-8C18-9FFA64216C6A}c:\\program files\\rfactor\\rfactor.exe"= UDP:c:\program files\rfactor\rfactor.exe:rFactor
    "UDP Query User{D7E74275-BEC1-4368-BBE6-9ED204809668}c:\\program files\\rfactor\\rfactor.exe"= TCP:c:\program files\rfactor\rfactor.exe:rFactor
    "TCP Query User{D96DFDD9-7059-4650-AB63-80EB7B10B60D}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{F673DAD3-4070-48B6-BC5E-454EB014E208}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
    "TCP Query User{48832025-A4A6-4D1A-B728-0EB94FBCA5E3}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{5E749BFB-EB7B-4D01-9C9E-E6EFC137B8B4}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "{F703847B-9EBC-457C-9B5C-9F4E9D8FE7B5}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{5870DA82-20EC-4D02-9B6F-5E2344677237}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "TCP Query User{E03B417A-BC8F-4261-8EB0-817F2831B8DF}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "UDP Query User{A30D0BC6-7A26-4543-89B6-FE76AEC5D348}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "TCP Query User{BF943E8B-A447-4E04-BAB5-E2CE11EBFC12}c:\\program files\\propilkki2\\propilkki2.exe"= UDP:c:\program files\propilkki2\propilkki2.exe:Main executable of PP2
    "UDP Query User{F9302D6E-14A1-4892-A647-5C68C97776C3}c:\\program files\\propilkki2\\propilkki2.exe"= TCP:c:\program files\propilkki2\propilkki2.exe:Main executable of PP2
    "TCP Query User{9F2F2B28-6093-4B42-A0A8-255719F46BB1}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
    "UDP Query User{9B42A7FE-F168-4716-AD05-E77FE3788973}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
    "{55F95671-6EFB-4B1B-A235-791B3627CF51}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
    "{244A061B-FED3-4484-A8F7-F8E88B46B57B}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
    "{6DB84C39-437F-48AA-AD2D-34439963EAE2}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
    "{F3E5D016-EDA5-4E55-9622-6CF1ED18159A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
    "{2FF7BB9F-582A-4A4B-85DD-9646C5C8C37D}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
    "{279D7412-3723-4669-A244-BA0C16354DBB}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
    "{970701EA-77D1-43C3-8BB5-1E744F1D1C3A}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{61BA796D-AB95-4909-A6D8-FEB236BE4466}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{BDF25BB7-69E3-407D-B2D0-77A6B0496310}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{50F7CB7F-DC58-4678-A7F0-5D1BC1E6432F}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{25C8E70D-BB14-403D-ADBE-798C405ACE08}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{2D34395D-B687-43E1-81F8-95250F40A9D0}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "{C9ABC6D7-5C19-449F-BD0A-0F94F4E1AAA4}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
    "{E767EFF1-12CD-4847-83AC-48208566D1E3}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
    "{0ABD9B10-F906-4A12-9D32-E28A917D68BC}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
    "{211B562A-A25D-43D5-B4F8-A6E26BABF656}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
    "TCP Query User{1FA8D0FD-B35E-4ECB-9435-B702812E85E0}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
    "UDP Query User{20C12880-19D9-415E-84C8-0E182D7EA1C0}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
    "TCP Query User{85A443EE-3585-43D2-8D52-E915809B1868}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
    "UDP Query User{64FBA6C9-F0AD-4C01-87E6-4EF916D09870}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

    R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\System32\drivers\pe3ah4nc.sys [2007-05-18 64880]
    R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\System32\drivers\ps6ah4nc.sys [2007-05-18 55160]
    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-15 111184]
    R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-15 20560]
    R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-15 51792]
    S3 EC168BDA;EC168BDA service;c:\windows\System32\drivers\EC168BDA.sys [2007-10-17 107904]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
    S4 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
    S4 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

    --- Muut muistissa olevat ajurit/palvelut ---

    *Deregistered* - sptd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{686c4c06-798d-11dc-8646-0002449068ad}]
    \shell\AutoRun\command - I:\Launcher.exe
    .
    .
    ------- Täydentävä tarkistus -------
    .
    uStart Page = hxxp://www.telkku.com/
    uInternet Settings,ProxyServer = proxy.inet.fi:80
    IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\jani\AppData\Roaming\Mozilla\Firefox\Profiles\wgdfuho7.default\
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-16 23:29:14
    Windows 6.0.6001 Service Pack 1 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    --------------------- Prosesseihin ladatut DLLt ---------------------

    - - - - - - - > 'Explorer.exe'(3576)
    c:\program files\Logitech\SetPoint\GameHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    ------------------------ Muut prosessit ------------------------
    .
    c:\windows\System32\Ati2evxx.exe
    c:\windows\System32\audiodg.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\System32\PnkBstrA.exe
    c:\windows\System32\UStorSrv.exe
    c:\windows\System32\Ati2evxx.exe
    c:\windows\System32\WUDFHost.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\System32\conime.exe
    c:\program files\Alwil Software\Avast4\ashDisp.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
    c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\windows\System32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Valmistumisajankohta: 2009-01-16 23:36:50 - kone käynnistettiin uudelleen
    ComboFix-quarantined-files.txt 2009-01-16 21:36:42

    Ennen ajoa: 25 113 337 856 tavua vapaana
    Ajon jälkeen: 25,461,563,392 tavua vapaana

    315 --- E O F --- 2009-01-15 03:52:40
     
  14. Hujo

    Hujo Guest

    Otas vielä uusi hjt:n loki
     
  15. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:46:21, on 16.1.2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.inet.fi:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
    O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe

    --
    End of file - 5363 bytes
     
  16. Hujo

    Hujo Guest

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
    Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
    3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
    löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
    Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    8. Lähetä lokin sisältö seuraavassa viestissäsi
     
    Moderaattorin viimeksi muokkaama: 17.01.2009
  17. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    Tietoturvakeskus lähti päälle
    Ccleaner ja Easycleaner poistaa kaikki tietostot
    DC++ muistaa asetukset

    Ainoa mikä ei nyt toimi on käyttäjätilien valvonta; se on päällä vaikka ei ole rastia. Ja vaikka sen rastittaa --> OK, niin rasti ei jää siihen.

    -------------------

    Malwarebytes' Anti-Malware 1.33
    Tietokantaversio: 1659
    Windows 6.0.6001 Service Pack 1

    17.1.2009 5:28:27
    mbam-log-2009-01-17 (05-28-27).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|)
    Tarkistetut kohteet: 255014
    Kulunut aika: 1 hour(s), 9 minute(s), 14 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 18
    Saastuneita rekisteriarvoja: 0
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 0

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    (Haitallisia kohteita ei löydetty)
     
    Viimeksi muokattu: 17.01.2009
  18. Hujo

    Hujo Guest

    Lataa SmitfraudFix (c) S!Ri
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita ponnahtava rapport – muistion sisältö viestiketjuusi.
    Löytyy myös C:\rapport.txt

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat
    (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja.
    A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä,
    silloin ne saattavat varoittaa käyttäjää.


     
  19. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    Ajoin vikasietotilassa, kun toi käytönvälvonta häiritsi

    SmitFraudFix v2.391

    Scan done at 14:07:54,89, la 17.01.2009
    Run from C:\Users\jani\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows [versio 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\jani


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\jani\AppData\Local\Temp


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\jani\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\jani\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, following keys are not inevitably infected!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{20CFECF5-C11D-438F-B66F-2DBD81400294}: DhcpNameServer=193.210.19.19 192.89.123.29
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{20CFECF5-C11D-438F-B66F-2DBD81400294}: DhcpNameServer=193.210.19.19 192.89.123.29
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{20CFECF5-C11D-438F-B66F-2DBD81400294}: DhcpNameServer=193.210.19.19 192.89.123.29
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.210.19.19 192.89.123.29
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.210.19.19 192.89.123.29
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.210.19.19 192.89.123.29


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
  20. Hujo

    Hujo Guest

    Poista koneelta

    C:\RomboFix
    SmitFraudFix

    ---------

    tyhjennä:

    Malwarebytes' Anti-Malware karanteeni

    --------

    Kirjoita suorita luukuun

    Combofix /u

    klikkaa ok

    -------

    Tyhjennä roskat

    -------

    Lataa OTMoveIt
    OTMoveIt ja tallenna se työpöydällesi.

    Tuplaklikkaa OTMoveIt.exe.
    Klikkaa CleanUp!.
    Valitse Yes kun kysytään "Begin cleanup Process?".
    Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

    HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
     
  21. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    ^tehty^
     

Jaa tämä sivu