Hjt log, viruksia koneella.

vieläkö tulee

sammuta ja käynnistä

====

scannaa sitten uusi combofix loki

====

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

vielä apauttia rallaa 10 menee malwarella 30 saastunutta nytten..poistanko ne kun valmis?
Sitten teen nuot ,mitkä tuossa ylemmässä sanoit!!

 

Mallware

Malwarebytes' Anti-Malware 1.15
Tietokantaversio: 840

17:53:14 8.6.2008
mbam-log-6-8-2008 (17-53-09).txt

Tarkistustyyppi: Täysi tarkistus (A:\|C:\|E:\|F:\|G:\|)
Tarkistetut kohteet: 193758
Kulunut aika: 50 minute(s), 15 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 4
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 27

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> No action taken.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\bot1.exe.vir (Backdoor.Bot) -> No action taken.
C:\QooBox\Quarantine\C\stup.exe.vir (Backdoor.Bot) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fccDTlMd.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fccyvUOi.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkJaywV.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ljJyvWOf.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJyATNe.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1240\A0295033.dll (Adware.PopCap) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1264\A0304607.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1264\A0304623.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1264\A0304629.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1264\A0304640.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1264\A0304647.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1265\A0304700.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1265\A0304719.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1265\A0304720.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1265\A0304726.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1265\A0304727.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1270\A0306970.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1270\A0306971.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1270\A0306972.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1270\A0306973.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1270\A0306974.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1272\A0307316.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1272\A0307327.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7AC8D85F-6012-461C-B56A-48B905950D0C}\RP1272\A0307330.exe (Backdoor.Bot) -> No action taken.

 

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

 

ComboFix 08-06-07.3 - User 2008-06-08 18:00:17.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1024 [GMT 3:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2080-04-06 17:51 . 2080-04-06 17:51 <DIR> d-------- C:\Program Files\7-Zip
2080-04-06 14:56 . 2004-08-04 08:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2080-03-28 16:12 . 2080-03-28 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2080-03-28 16:11 . 2080-03-28 16:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2080-03-27 17:32 . 2080-03-27 17:32 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2080-03-27 17:31 . 2008-06-08 17:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2080-03-27 17:31 . 2080-03-27 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2080-03-27 15:59 . 2080-03-27 15:59 <DIR> d-------- C:\WINDOWS\ERUNT
2080-03-27 15:21 . 2080-03-27 15:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2080-03-27 15:20 . 2080-03-27 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2080-03-27 15:20 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2080-03-26 23:17 . 2080-03-26 23:17 <DIR> d-------- C:\fsaua.data
2008-06-08 17:00 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-08 17:00 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 16:41 . 2008-06-08 16:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\TVU Networks
2008-06-08 16:40 . 2008-06-08 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-06-08 16:39 . 2008-06-08 16:39 <DIR> d-------- C:\Program Files\TVUPlayer
2008-06-08 16:39 . 2008-06-08 16:39 <DIR> d-------- C:\Documents and Settings\User\LocalLow
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-05-26 22:23 . 2008-05-26 22:32 <DIR> d-------- C:\Program Files\mIRC
2008-05-26 22:23 . 2008-05-26 22:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\mIRC
2008-05-19 17:48 . 2003-07-11 06:12 159,799 -ra------ C:\WINDOWS\system32\vm302prp.ax
2008-05-19 17:48 . 2002-08-22 11:34 147,456 -ra------ C:\WINDOWS\vmcap.exe
2008-05-19 17:48 . 2004-03-22 11:22 90,559 -ra------ C:\WINDOWS\system32\drivers\usbvm302.sys
2008-05-19 17:48 . 2003-05-15 12:16 61,440 -ra------ C:\WINDOWS\system32\vm302sti.dll
2008-05-19 17:48 . 2002-10-16 04:29 49,152 -ra------ C:\WINDOWS\amcap.exe
2008-05-19 17:48 . 2003-01-21 10:19 40,960 -ra------ C:\WINDOWS\VM_STI.EXE
2008-05-14 19:16 . 2008-05-14 20:49 122 --a------ C:\WINDOWS\blank

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2080-03-28 13:41 --------- d-----w C:\Program Files\Common Files\SupportSoft
2080-03-27 12:00 --------- d-----w C:\Program Files\Ahead
2080-03-27 11:59 --------- d-----w C:\Program Files\Common Files\Ahead
2080-03-27 11:57 --------- d-----w C:\Program Files\MultiMaker Studio Exam 8.0 Academic
2080-03-27 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2080-03-27 11:52 --------- d-----w C:\Program Files\Macromedia
2080-03-27 11:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 11:46 --------- d-----w C:\Program Files\DivX
2008-06-05 21:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-02 21:41 --------- d-----w C:\Program Files\DC++
2008-04-30 14:09 3,187,458 ----a-w C:\Program Files\Setup-SopCast-3.0.3-2008-4-30.exe
2008-04-30 14:07 3,813 ----a-w C:\Program Files\changeLog.txt
2008-04-18 12:05 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-18 12:02 --------- d-----w C:\Program Files\Windows Live
2008-04-18 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-18 11:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 16:31 --------- d-----w C:\Program Files\Lavalys
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\msjint40.dll
2008-03-21 15:37 499,568 ----a-w C:\Program Files\hijackthis_v2.0.2.zip
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-22 17:19 4,129,768 ----a-w C:\Program Files\DCPlusPlus-0.699.exe
2007-12-19 14:47 87,608 ----a-w C:\Documents and Settings\User\Application Data\ezpinst.exe
2007-12-19 14:47 47,360 ----a-w C:\Documents and Settings\User\Application Data\pcouffin.sys
2007-06-30 11:34 5,632 --sha-w C:\Program Files\Thumbs.db
2006-01-27 07:34 20,784 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2005-10-17 20:43 62 ----a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-06-13 10:23 290,110 --sh--r C:\WINDOWS\system32\wplayer.exe
.

((((((((((((((((((((((((((((( snapshot_2008-06-08_16.26.03,42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 13:18:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 14:58:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 13:18:47 230,103 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-08 14:59:13 230,106 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2008-06-08 13:23:15 111,210 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-08 15:03:47 111,210 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-08 13:23:15 550,312 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-08 15:03:48 550,312 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-18 09:32:38 807,032 ----a-w C:\WINDOWS\system32\wmv9dmod.dll
+ 2008-06-08 14:59:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_764.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 23:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:16 401491]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADSL_A2"="A2Installed" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20 6803456]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 17:20 86016]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 07:41 94208]
"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RegistryMechanic"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-22 13:00 180269]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 10:19 40960]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:56 15360]
"MSN Updater"="msnms.exe" []
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
ubisoft register.lnk - C:\Program Files\Ubi Soft\Register\schedule.exe [2007-10-15 20:39:45 28672]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]
PDF-Capture.lnk - C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe [2005-05-12 09:24:26 61440]
VPN Client.lnk - C:\WINDOWS\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-09-09 21:44:36 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\wmfhotfix.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.asv2"= asusasv2.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Outlook Express\\msimn.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Common Files\\Microsoft Shared\\Windows CE Tools\\Platman\\bin\\cemgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Web Publish\\WPWIZ.EXE"=
"C:\\Program Files\\Java\\jdk1.5.0_02\\jre\\bin\\java.exe"=
"C:\\Documents and Settings\\User\\.netbeans\\5.0\\emulators\\wtk22_win\\emulator\\wtk22\\bin\\emulator.exe"=
"C:\\Documents and Settings\\User\\.netbeans\\5.0\\emulators\\wtk22_win\\emulator\\wtk22\\bin\\zayit.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"=
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:smtp
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"23457:TCP"= 23457:TCP:eMule
"23457:UDP"= 23457:UDP:emule
"9842:TCP"= 9842:TCP:*isabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*isabled:SolidNetworkManager

R0 d343bus;d343bus;C:\WINDOWS\system32\DRIVERS\d343bus.sys [2003-12-15 18:46]
R0 d343port;d343port;C:\WINDOWS\system32\DRIVERS\d343port.sys [2003-12-15 17:29]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 MLPTDR_N;MLPTDR_N;C:\WINDOWS\system32\MLPTDR_N.sys [2003-07-17 16:44]
R2 MSF32;MSF32;C:\Program Files\MySecretFolder XP\MSF32.SYS [2007-01-25 01:00]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 12:15]
R3 ZSMC302;Audio Web Cam 31;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-03-22 11:22]
S3 itexadsla2;TW-IA300 Service;C:\WINDOWS\system32\DRIVERS\TWIn95a2.sys [2001-11-05 19:00]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2004-11-23 04:59]
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys [2005-07-26 12:13]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys [2005-07-26 12:15]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys [2005-07-26 12:15]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys [2005-07-26 12:16]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys [2005-07-26 12:18]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 14:28:07 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 18:05:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
"ImagePath"="\"C:\wamp\mysql\bin\bin\mysqld-nt\" --defaults-file=\"C:\wamp\mysql\bin\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\wmfhotfix.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\wmfhotfix.dll
.
Completion time: 2008-06-08 18:06:45
ComboFix-quarantined-files.txt 2008-06-08 15:06:21
ComboFix2.txt 2008-06-08 13:58:52
ComboFix3.txt 2008-06-08 13:26:33
ComboFix4.txt 2008-06-08 12:54:28
ComboFix5.txt 2008-06-08 12:30:04

Pre-Run: 21,488,156,672 bytes free
Post-Run: 21,470,142,464 bytes free

214 --- E O F --- 2008-06-05 21:33:21

 

ajas tuo tuolta ylhäältä

SDFix by AndyManchesta

 

SDFix: Version 1.189
Run by User on su 08.06.2008 at 18:22

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\User\Desktop\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\wplayer.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 18:34:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
"ujdew"=hex:20,02,00,00,e9,16,04,1a,49,0c,c5,ba,f8,d9,e0,0e,3b,c2,64,76,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41]
"ujdew"=hex:20,02,00,00,80,15,04,1a,3e,80,6c,b7,c9,23,89,5b,78,43,a4,b6,bb,..
"ljej40"=hex:60,17,ab,95,55,51,ce,e1,65,8e,2d,06,ea,12,73,c4,8a,64,71,0f,2b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b3ddf7]
"00174b1bd8ad"=hex:55,f5,c8,d6,7b,b3,17,78,ce,7d,78,cb,54,63,d4,27
"00174b44902c"=hex:5e,8a,a6,28,e7,8e,54,d4,8d,a7,b5,71,a7,b3,be,3d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b3ddf7]
"00174b1bd8ad"=hex:55,f5,c8,d6,7b,b3,17,78,ce,7d,78,cb,54,63,d4,27
"00174b44902c"=hex:5e,8a,a6,28,e7,8e,54,d4,8d,a7,b5,71,a7,b3,be,3d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001583b3ddf7]
"00174b1bd8ad"=hex:55,f5,c8,d6,7b,b3,17,78,ce,7d,78,cb,54,63,d4,27
"00174b44902c"=hex:5e,8a,a6,28,e7,8e,54,d4,8d,a7,b5,71,a7,b3,be,3d

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]
"Last Counter"=dword:00002424
"Last Help"=dword:00002425
"Updating"="WmiApRpl"

scanning hidden files ...

C:\Documents and Settings\User\My Documents\MySecretFolder

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\Common Files\\Microsoft Shared\\Windows CE Tools\\Platman\\bin\\cemgr.exe"="C:\\Program Files\\Common Files\\Microsoft Shared\\Windows CE Tools\\Platman\\bin\\cemgr.exe:*:Enabled:CEMGR Module"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Web Publish\\WPWIZ.EXE"="C:\\Program Files\\Web Publish\\WPWIZ.EXE:*:Enabled:Web Publishing Wizard executable"
"C:\\Program Files\\Java\\jdk1.5.0_02\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.5.0_02\\jre\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\User\\.netbeans\\5.0\\emulators\\wtk22_win\\emulator\\wtk22\\bin\\emulator.exe"="C:\\Documents and Settings\\User\\.netbeans\\5.0\\emulators\\wtk22_win\\emulator\\wtk22\\bin\\emulator.exe:*:Enabled:emulator"
"C:\\Documents and Settings\\User\\.netbeans\\5.0\\emulators\\wtk22_win\\emulator\\wtk22\\bin\\zayit.exe"="C:\\Documents and Settings\\User\\.netbeans\\5.0\\emulators\\wtk22_win\\emulator\\wtk22\\bin\\zayit.exe:*:Enabled:zayit"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="E:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform"
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"="C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe:*:Enabled:Elisa Avustaja"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\User\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 25 Feb 2008 51,712 ..SHR --- "C:\Program Files\Ski Jump International\Setup.exe"
Sat 25 Jun 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 30 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT3.tmp"
Fri 27 Jan 2006 21,504 A..H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Emulator for Windows CE\VPCKeyboard.dll"
Tue 20 Feb 2007 1,301 ...HR --- "C:\Documents and Settings\User\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 25 Jun 2005 4,348 ...H. --- "C:\Documents and Settings\User\My Documents\My Music\K„ytt”oikeuden varmuuskopio\drmv1key.bak"
Sun 13 Aug 2006 20 A..H. --- "C:\Documents and Settings\User\My Documents\My Music\K„ytt”oikeuden varmuuskopio\drmv1lic.bak"
Wed 30 Nov 2005 400 A.SH. --- "C:\Documents and Settings\User\My Documents\My Music\K„ytt”oikeuden varmuuskopio\drmv2key.bak"
Mon 5 Nov 2007 57,092 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp"

Finished!

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:40, on 8.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Advanced Searchbar - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Audio Web Cam 31
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDF-Capture.lnk = C:\Program Files\PDF-XChangeSDKEU\PDFSaver.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Matkaviestimen suosikkien luominen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Matkaviestimen suosikkien luominen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106078188394
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.lumonetti.fi/portaali/Virusskanneri/OLS3/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - I:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\wamp\mysql\bin\bin\mysqld-nt (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Unknown owner - I:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - I:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10583 bytes

 

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

 

Kiitokset..

 

Heitin tän nyt tänne
Jos hujo vois vaikka kattua tän....



Avira AntiVir Personal
Report file date: 10. kesäkuuta 2008 17:01

Scanning for 1321516 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: TIETOKONE

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28.5.2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 21.4.2008 09:01:36
AVSCAN.DLL : 8.1.1.0 53505 Bytes 21.4.2008 09:01:36
LUKE.DLL : 8.1.2.9 151809 Bytes 21.4.2008 09:01:37
LUKERES.DLL : 8.1.2.1 12033 Bytes 21.4.2008 09:01:37
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.7.2007 07:08:58
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7.3.2008 07:34:40
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 1.6.2008 13:26:33
ANTIVIR3.VDF : 7.0.4.171 257024 Bytes 10.6.2008 14:00:58
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 21.4.2008 09:01:38
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 8.6.2008 17:11:41
AESCN.DLL : 8.1.0.21 119156 Bytes 8.6.2008 17:11:41
AERDL.DLL : 8.1.0.20 418165 Bytes 27.4.2008 10:29:28
AEPACK.DLL : 8.1.1.5 364918 Bytes 17.5.2008 14:36:22
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 21.4.2008 09:01:37
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 8.6.2008 17:11:40
AEHELP.DLL : 8.1.0.15 115063 Bytes 2.6.2008 13:26:37
AEGEN.DLL : 8.1.0.28 307572 Bytes 8.6.2008 17:11:38
AEEMU.DLL : 8.1.0.6 430451 Bytes 9.5.2008 10:17:06
AECORE.DLL : 8.1.0.31 168310 Bytes 8.6.2008 17:11:37
AVWINLL.DLL : 1.0.0.7 14593 Bytes 21.4.2008 09:01:36
AVPREF.DLL : 8.0.0.1 25857 Bytes 21.4.2008 09:01:36
AVREP.DLL : 7.0.0.1 155688 Bytes 22.4.2007 14:29:21
AVREG.DLL : 8.0.0.0 30977 Bytes 21.4.2008 09:01:36
AVARKT.DLL : 1.0.0.23 307457 Bytes 21.4.2008 09:01:35
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 21.4.2008 09:01:35
SQLITE3.DLL : 3.3.17.1 339968 Bytes 21.4.2008 09:01:37
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 21.4.2008 09:01:37
NETNT.DLL : 8.0.0.1 7937 Bytes 21.4.2008 09:01:37
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 21.4.2008 09:01:29
RCTEXT.DLL : 8.0.32.0 86273 Bytes 21.4.2008 09:01:29

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 10. kesäkuuta 2008 17:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Laite ei ole valmiina.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Laite ei ole valmiina.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Laite ei ole valmiina.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Laite ei ole valmiina.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\' < >
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: 10. kesäkuuta 2008 18:44
Used time: 1:42:45 min

The scan has been done completely.

11320 Scanning directories
435224 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
435224 Files not concerned
14240 Archives were scanned
7 Warnings
0 Notes

 

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.