HJT logi koneestani joka ei käynnisty kuin vain vikasietotilassa

Logfile of HijackThis v1.99.1
Scan saved at 14:04:08, on 22.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - E:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - E:\PROGRA~1\PRINTV~1\PRINTH~1.DLL (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - E:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [VC8Player] E:\Program Files\Virtual CD v8\System\VC8Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetLimiter] E:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IpWins] E:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "E:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IECheck] E:\WINDOWS\IECheck.exe
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: &Estä tämä kohoikkuna - E:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O23 - Service: Apache2.2 - Unknown owner - E:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - E:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - E:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - E:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - E:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - E:\Program Files\Virtual CD v8\System\VC8SecS.exe

 

Ajoin juuri viirustutkan ("AVG Free")Se löysi kymmeniä viiruksia ja troijalaisia? Mitä pitäisi tehdä? :S

 

1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen

Lähetä combofixin loki ja uusi HjT-loki.

 

pertti roitto - 06-10-22 14:21:37,81 Service Pack 2
ComboFix 06.10.19 - Running from: "E:\Documents and Settings\pertti roitto\Ty”p”yt„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


E:\Program Files\Inetget2
E:\Program Files\Ipwins
E:\Program Files\ToolBar888
E:\Program Files\Common Files\{7C4B9A19-0578-1035-0711-020109280166}


((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))


2006-10-22 12:03 70,896 --a------ E:\WINDOWS\system32\drivers\fsdfw.sys
2006-10-22 12:03 33,584 --a------ E:\WINDOWS\system32\drivers\fsndis5.sys
2006-10-22 11:30 860,211 --a-s---- E:\WINDOWS\system32\XSIFtk-3.6.2.1.dll
2006-10-10 19:07 59,264 --a------ E:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-10-10 19:07 31,616 --a------ E:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-10 19:07 21,504 --a------ E:\WINDOWS\system32\hidserv.dll
2006-09-29 15:55 94,208 --a------ E:\WINDOWS\system32\China.dll
2006-09-26 19:01 8,704 --a------ E:\WINDOWS\system32\kbdjpn.dll
2006-09-26 19:01 8,192 --a------ E:\WINDOWS\system32\kbdkor.dll
2006-09-26 19:01 6,144 --a------ E:\WINDOWS\system32\kbd106.dll
2006-09-26 19:01 6,144 --a------ E:\WINDOWS\system32\kbd101c.dll
2006-09-26 19:01 6,144 --a------ E:\WINDOWS\system32\kbd101b.dll
2006-09-26 19:01 5,632 --a------ E:\WINDOWS\system32\kbd103.dll
2006-09-22 21:37 138,862 --a------ E:\WINDOWS\system32\alfa.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-22 14:22 -------- d-------- E:\Program Files\Common Files
2006-10-22 14:20 -------- d-------- E:\Program Files\Mozilla Firefox
2006-10-22 14:18 -------- d-------- E:\Program Files\Steam
2006-10-22 13:59 -------- d-------- E:\Program Files\CCleaner
2006-10-22 12:51 -------- d-------- E:\Program Files\IconChanger
2006-10-22 12:51 -------- d-------- E:\Program Files\ArtMoney
2006-10-22 12:43 -------- d-------- E:\Program Files\Winamp
2006-10-22 12:05 -------- d-------- E:\Program Files\mIRC
2006-10-22 11:57 -------- d-------- E:\Documents and Settings\pertti roitto\Application Data\Lavasoft
2006-10-22 11:30 -------- d-------- E:\Program Files\NaturalMotion
2006-10-18 16:39 -------- d-------- E:\Program Files\Dev-Cpp
2006-10-09 15:13 -------- d-------- E:\Program Files\Crimson Editor
2006-10-07 17:56 -------- d-------- E:\Program Files\Windows Media Player
2006-10-07 17:54 -------- d-------- E:\Program Files\Last.fm
2006-09-29 16:04 -------- d-------- E:\Program Files\KalOnlineEng
2006-09-29 15:55 -------- d--h----- E:\Program Files\InstallShield Installation Information
2006-09-29 07:12 -------- d-------- E:\Program Files\World of Warcraft
2006-09-29 07:12 -------- d-------- E:\Program Files\Common Files\Blizzard Entertainment
2006-09-28 22:28 -------- d-------- E:\Program Files\Softnyx
2006-09-28 22:28 -------- d-------- E:\Program Files\Quake III Arena
2006-09-28 09:12 778656 --a------ E:\WINDOWS\system32\drivers\avg7core.sys
2006-09-28 07:25 -------- d-------- E:\Documents and Settings\pertti roitto\Application Data\uTorrent
2006-09-26 15:48 -------- d-------- E:\Program Files\BitTorrent
2006-09-26 15:37 -------- d-------- E:\Documents and Settings\pertti roitto\Application Data\BitTorrent
2006-09-23 22:18 -------- d-------- E:\Program Files\Common Files\Autodesk Shared
2006-09-23 20:37 -------- d-------- E:\Program Files\Apache Software Foundation
2006-09-23 19:28 -------- d-------- E:\Program Files\Audacity
2006-09-23 17:19 -------- d-------- E:\Program Files\Autodesk
2006-09-23 08:34 -------- d-------- E:\Program Files\MSN Messenger
2006-09-21 14:37 -------- d-------- E:\Program Files\gmod9
2006-09-19 18:38 -------- d-------- E:\Program Files\CyberLink
2006-09-15 12:54 -------- d-------- E:\Program Files\UOGateway
2006-09-13 14:11 -------- d-------- E:\Program Files\FileZilla
2006-09-13 08:03 1084416 --a------ E:\WINDOWS\system32\msxml3.dll
2006-09-12 15:22 -------- d---s---- E:\Documents and Settings\pertti roitto\Application Data\Microsoft
2006-09-12 15:21 -------- d-------- E:\Program Files\MSXML 4.0
2006-09-12 15:17 -------- d-------- E:\Program Files\Microsoft Games
2006-09-12 15:17 -------- d-------- E:\Program Files\Common Files\Microsoft Shared
2006-09-11 17:46 -------- d-------- E:\Program Files\UOAM
2006-09-11 12:22 -------- d-------- E:\Program Files\Razor
2006-09-10 16:40 -------- d-------- E:\Program Files\EA GAMES
2006-09-09 17:10 -------- d-------- E:\Documents and Settings\pertti roitto\Application Data\Inkscape
2006-09-09 17:09 -------- d-------- E:\Program Files\Inkscape
2006-09-08 18:36 -------- d-------- E:\Program Files\Wolfenstein - Enemy Territory
2006-08-29 19:31 -------- d-------- E:\Program Files\Maplet
2006-08-28 20:46 -------- d-------- E:\Program Files\BSPlayer
2006-08-28 20:41 -------- d-------- E:\Program Files\valve
2006-08-26 15:45 -------- d-------- E:\Program Files\WinRAR
2006-08-26 13:29 -------- d-------- E:\Program Files\IconEdit2
2006-08-26 13:05 -------- d-------- E:\Program Files\MilkShape 3D 1.7.9
2006-08-26 12:03 -------- d-------- E:\Documents and Settings\pertti roitto\Application Data\Propellerhead Software
2006-08-26 12:00 233472 --a------ E:\WINDOWS\system32\REX Shared Library.dll
2006-08-26 12:00 225280 --a------ E:\WINDOWS\system32\ReWire.dll
2006-08-26 11:57 -------- d-------- E:\Program Files\Propellerhead
2006-08-25 18:49 617472 --a------ E:\WINDOWS\system32\comctl32.dll
2006-08-25 12:08 163644 --a------ E:\WINDOWS\system32\drivers\secdrv.sys
2006-08-24 19:43 -------- d-------- E:\Program Files\Rockstar Games
2006-08-23 12:56 -------- d-------- E:\Program Files\Virtual CD v8
2006-08-23 12:48 -------- d-------- E:\Program Files\Scorched3D
2006-08-23 12:37 -------- d-------- E:\Program Files\Ubi Soft
2006-08-22 20:00 -------- d-------- E:\Program Files\Movie Maker
2006-08-21 15:26 16896 --a------ E:\WINDOWS\system32\fltlib.dll
2006-08-21 12:14 23040 --a------ E:\WINDOWS\system32\fltmc.exe
2006-08-19 15:38 20480 --a------ E:\WINDOWS\system32\H@tKeysH@@k.DLL
2006-08-19 14:33 98304 --a------ E:\WINDOWS\system32\CmdLineExt.dll
2006-08-16 14:58 100352 --a------ E:\WINDOWS\system32\6to4svc.dll
2006-08-06 19:07 382 --a------ E:\Program Files\Pikakuvake Program Files.lnk
2006-08-01 12:32 73216 --a------ E:\WINDOWS\ST6UNST.EXE
2006-08-01 12:32 249856 --------- E:\WINDOWS\Setup1.exe
2006-07-27 16:26 679424 --a------ E:\WINDOWS\system32\inetcomm.dll
2006-07-13 17:44 128 --a------ E:\Program Files\mtachat.txt
2006-07-02 12:11 62 --ahs---- E:\Documents and Settings\pertti roitto\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"e:\\program files\\steam\\steam.exe\" -silent"
"LogitechSoftwareUpdate"="\"E:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"IECheck"="E:\\WINDOWS\\IECheck.exe"
"BitTorrent"="\"E:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VC8Player"="E:\\Program Files\\Virtual CD v8\\System\\VC8Play.exe"
"SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NetLimiter"="E:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
"NeroFilterCheck"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="E:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoTray"="E:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechVideoRepair"="E:\\Program Files\\Logitech\\Video\\ISStart.exe "
"DAEMON Tools-1033"="\"E:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"AVG7_CC"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AtiPTA"="atiptaxx.exe"
"F-Secure Manager"="\"E:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"E:\\Program Files\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"E:\\Program Files\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"E:\\Program Files\\F-Secure Internet Security\\FSGUI\\ispnews.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,04,00,00,00,00,00,00,34,03,00,00,e4,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
E:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: 06-10-22 14:22:40.10
E:\ComboFix.txt ... 06-10-22 14:22

 

ja hijackthis logi:






Logfile of HijackThis v1.99.1
Scan saved at 14:24:46, on 22.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\savedump.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [VC8Player] E:\Program Files\Virtual CD v8\System\VC8Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetLimiter] E:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "E:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IECheck] E:\WINDOWS\IECheck.exe
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: &Estä tämä kohoikkuna - E:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O23 - Service: Apache2.2 - Unknown owner - E:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - E:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - E:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - E:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - E:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - E:\Program Files\Virtual CD v8\System\VC8SecS.exe

 

Poista:

E:\WINDOWS\system32\alfa.exe

Tarkista nämä

E:\WINDOWS\system32\H@tKeysH@@k.DLL
E:\WINDOWS\system32\China.dll

täällä -> http://www.virustotal.com/flash/index_en.html

ja lähetä tulokset tänne.

 

Poistin alfa.exe cmd.exen kautta..
se ensimmäinen dll tiedosto ei toiminut tuossa sivustossa mutta toinen toimi:

Antivirus Version Update Result
AntiVir 7.2.0.32 10.20.2006 no virus found
Authentium 4.93.8 10.21.2006 no virus found
Avast 4.7.892.0 10.20.2006 no virus found
AVG 386 10.20.2006 no virus found
BitDefender 7.2 10.21.2006 no virus found
CAT-QuickHeal 8.00 10.20.2006 no virus found
ClamAV devel-20060426 10.21.2006 no virus found
DrWeb 4.33 10.21.2006 no virus found
eTrust-InoculateIT 23.73.32 10.21.2006 no virus found
eTrust-Vet 30.3.3146 10.20.2006 no virus found
Ewido 4.0 10.20.2006 no virus found
Fortinet 2.82.0.0 10.21.2006 no virus found

Aditional Information
File size: 94208 bytes
MD5: a7e2d6a78d5c71c639301b3f9517ffb8
SHA1: bc7762a4637ff248040caea5d380ed9b919d6602

 

Kokeilepa uudelleennimetä se -> hotkeyshook.dll ja yritä uudestaan.

 

nyt se toinenkin dll tiedosto toimi:

Antivirus Version Update Result
AntiVir 7.2.0.32 10.20.2006 no virus found
Authentium 4.93.8 10.21.2006 no virus found
Avast 4.7.892.0 10.20.2006 no virus found
AVG 386 10.20.2006 no virus found
BitDefender 7.2 10.21.2006 no virus found
CAT-QuickHeal 8.00 10.20.2006 CrackTool.HotHook.dll (Not a Virus)
ClamAV devel-20060426 10.21.2006 Trojan.W32.HotKeysHook.A-2
DrWeb 4.33 10.21.2006 no virus found
eTrust-InoculateIT 23.73.32 10.21.2006 no virus found
eTrust-Vet 30.3.3146 10.20.2006 no virus found
Ewido 4.0 10.20.2006 no virus found
Fortinet 2.82.0.0 10.21.2006 W32/Hotkeys.B!tr
F-Prot 3.16f 10.21.2006 no virus found
F-Prot4 4.2.1.29 10.21.2006 W32/Keylogger.BQ
Ikarus 0.2.65.0 10.21.2006 Win32.KeyLogger.HatKeys
Kaspersky 4.0.2.24 10.21.2006 no virus found
McAfee 4878 10.20.2006 no virus found
Microsoft 1.1603 10.21.2006 no virus found
NOD32v2 1.1821 10.21.2006 Win32/Keylogger.HotKeysHook.A
Norman 5.90.23 10.20.2006 W32/HotKeys.A
Panda 9.0.0.4 10.20.2006 no virus found
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.102 10.20.2006 no virus found
UNA 1.83 10.21.2006 Trojan.KeyLogger.6A9E
VBA32 3.11.1 10.20.2006 RiskWare.CrackTool.Win32.HotHook.dll
VirusBuster 4.3.7:9 10.20.2006 no virus found

Aditional Information
File size: 20480 bytes
MD5: 116ec20265b00cfe389518e2a0c7ed81
SHA1: d04c903ef681bb18dbf337ffa7ff2a9ccc8bedd6

 

Jep, eli sitten saman tien poista se, se on keylogger.

Myös vaihda kaikki online-salasanat ja ota yhteyttä verkkopankkiin/luottokorttifirmaan jos niiden palveluita olet käyttänyt ko.koneen kautta.

Lisäksi:

Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

 

tarviiko vaihtaa esim. tänki foorumin salasana? :S'
no koitan poistaa.. Oneeksi en ole käynyt pankissa, kuin eri koneella.

 

Itse vaihtaisin sähköpostin ja kaikkien keskustelupalstojen salasanat, jos koneellani olisi ollut keylogger.

 

tässä on:






File D:\EMULESIIRROT\WPE Pro.zip infected by "Sniffer.Win32.WpePro.b" Virus. Action Taken: File Renamed.
File D:\RECYCLER\S-1-5-21-1275210071-706699826-1060284298-1003\Dd210\WPE PRO.exe infected by "Sniffer.Win32.WpePro.b" Virus. Action Taken: File Renamed.
File D:\RECYCLER\S-1-5-21-1275210071-706699826-1060284298-1003\Dd210\WpeSpy.dll infected by "Sniffer.Win32.WpePro.c" Virus. Action Taken: File Renamed.
File D:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP46\A0033003.exe infected by "Sniffer.Win32.WpePro.b" Virus. Action Taken: File Renamed.
File D:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP46\A0033004.dll infected by "Sniffer.Win32.WpePro.c" Virus. Action Taken: File Renamed.
File E:\Program Files\mIRC\backup\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken.
File E:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken.
File E:\Program Files\MTA San Andreas\MTAClient-NoCRC-DRuG-v3.exe infected by "VirTool.Win32.Patcher.a" Virus. Action Taken: File Renamed.
File E:\Program Files\Multi Theft Auto\MTAClient-NoCRC-DRuG-v3.exe infected by "VirTool.Win32.Patcher.a" Virus. Action Taken: File Renamed.
File E:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP27\A0002055.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken.
File E:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP46\A0006448.exe tagged as not-a-virus:AdWare.Win32.PrintView.a. No Action Taken.
File E:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP46\A0029760.dll tagged as not-a-virus:AdWare.Win32.PrintView.a. No Action Taken.
File E:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP46\A0032980.dll tagged as not-a-virus:AdWare.Win32.Softomate.q. No Action Taken.
File E:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP46\A0032982.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File E:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP46\A0032998.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File E:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP46\A0033005.exe infected by "VirTool.Win32.Patcher.a" Virus. Action Taken: File Renamed.
File E:\System Volume Information\_restore{61CA8603-6F6B-47DB-870C-94457DAA4BC3}\RP46\A0033006.exe infected by "VirTool.Win32.Patcher.a" Virus. Action Taken: File Renamed.

 

Lähetä vielä uusi HjT-loki.

 

Logfile of HijackThis v1.99.1
Scan saved at 18:51:30, on 22.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [VC8Player] E:\Program Files\Virtual CD v8\System\VC8Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetLimiter] E:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "E:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IECheck] E:\WINDOWS\IECheck.exe
O4 - HKCU\..\Run: [BitTorrent] "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: &Estä tämä kohoikkuna - E:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O23 - Service: Apache2.2 - Unknown owner - E:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - E:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - E:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - E:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - E:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - E:\Program Files\Virtual CD v8\System\VC8SecS.exe

 

Putsaa järjestelmänpalautus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Päivitä java.

Vieläkään ei käynnisty normaalitilaan?

 

Ei toiminu..
Ainiin piti poistaa noi viirukset jotka näky tuolla?

 

Siis?

Näitä ei tarvitse poistaa:

File E:\Program Files\mIRC\backup\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken.
File E:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken.

Ja kaikki system volume informationissa olevat lähtevät kun järjestelmänapalautuksen tyhjentää.

 

Noh.. Silti, aina jos käynnistät windowsin oikein, niin se käynnistyy uudelleen.. KAnnattaisko vielä ajaa joku viirustutka?
emhh.. Paitsi, että mikään viirustutka ei enään toimi ;/ EI ainakaan AVG. Pitäisikö asentaa f secure uudelleen?
edit: eh.. poistin AVG freen ja taas käynnistyy kuin unelma :G

 

Korjausasennus voisi tehdä terää -> http://keskustelu.afterdawn.com/thread_view.cfm/313946