HjT-login tulkkaamistarve

Jos joku ystävällinen sielu viitsisi tutkia tuon login,olisin erittäin kiitollinen.
Ongelmana on että virustentorjunta-ohjelma piippaa tiedostolle mgaeohnm.dll ,sekä tiedostolle xkefqtgs.dll .
Nämä tiedostot löysin myös tuolla HijackThis ohjelmalla.
(Näytti olevan joitain käynnissä olevia prosesseja..?)
Mutta sitten itseasiaan, tässä olisi tuo logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15, on 11.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\SOUNDMAN.EXE
C:\WINDOWS1\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS1\system32\rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS1\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\PnkBstrA.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\WINDOWS1\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: QXK Olive - {857B1E65-F0D7-4AEB-B914-20DFBDCA1A1F} - C:\WINDOWS1\kvsdpfeaxpf.dll (file missing)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [3a191754] rundll32.exe "C:\WINDOWS1\system32\mgaeohnm.dll",b
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O21 - SSODL: xkefqtgs - {6D899F02-4126-4597-8829-53BB81A93788} - C:\WINDOWS1\xkefqtgs.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS1\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6199 bytes



Ja kiitoksia jo näin etukäteen!

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

ComboFix loki:
ComboFix 08-06-10.3 - Raimo 2008-06-11 20:45:15.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.245 [GMT 3:00]
Running from: C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Työpöytä\Hijacthis tms. ohjelmat\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 20:20 . 2008-06-11 20:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 20:20 . 2008-06-11 20:20 <KANSIO> d-------- C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\Malwarebytes
2008-06-11 20:20 . 2008-06-11 20:20 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
2008-06-11 20:20 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS1\system32\drivers\mbamcatchme.sys
2008-06-11 20:20 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS1\system32\drivers\mbam.sys
2008-06-11 17:01 . 2008-04-14 18:53 272,128 --------- C:\WINDOWS1\system32\drivers\bthport.sys
2008-06-11 17:01 . 2008-04-14 18:53 272,128 --------- C:\WINDOWS1\system32\dllcache\bthport.sys
2008-06-11 16:52 . 2008-06-11 16:52 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-11 16:52 . 2008-06-11 16:52 294 ---hs---- C:\WINDOWS1\system32\mnhoeagm.ini
2008-06-11 16:00 . 2008-06-11 16:00 <KANSIO> d---s---- C:\WINDOWS1\Downloaded Program Files
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-11 15:00 . 2008-06-11 15:00 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-06-10 16:26 . 2008-06-10 16:26 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-10 16:16 . 2008-06-10 16:16 <KANSIO> d--hs---- C:\FOUND.016
2008-06-10 16:12 . 2008-06-11 15:06 2,594 --a------ C:\WINDOWS1\system32\tmp.reg
2008-06-10 15:13 . 2008-06-10 15:13 <KANSIO> d-------- C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\Universal Boxing Manager
2008-06-10 13:23 . 2008-06-10 13:23 <KANSIO> d-------- C:\Documents and Settings\LocalService.NT-HALLINTA\Työpöytä
2008-06-05 11:54 . 2008-06-05 11:54 <KANSIO> d-------- C:\WINDOWS1\system32\Adobe
2008-05-28 09:43 . 2008-05-28 09:43 <KANSIO> d--hs---- C:\FOUND.015
2008-05-27 10:37 . 2008-05-27 10:37 43,520 --a------ C:\WINDOWS1\system32\CmdLineExt03.dll
2008-05-26 16:08 . 2008-05-26 16:08 <KANSIO> d-------- C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\Atari
2008-05-26 13:57 . 2008-05-26 13:57 <KANSIO> d-------- C:\Program Files\Common Files\PocketSoft
2008-05-26 13:57 . 2008-05-26 13:57 <KANSIO> d-------- C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\Leadertech
2008-05-26 13:57 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS1\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS1\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS1\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS1\system32\quartz.dll
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS1\system32\dllcache\quartz.dll
2008-04-27 15:23 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-26 07:40 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-26 07:40 --------- d-----w C:\Program Files\Windows Live
2008-04-26 07:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\WLInstaller
2008-04-23 19:16 3,591,680 ------w C:\WINDOWS1\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS1\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS1\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS1\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS1\system32\dllcache\ieakui.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS1\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS1\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS1\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS1\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS1\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS1\system32\dllcache\win32k.sys
2008-02-29 20:20 22,264 ----a-w C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-06-11_16.51.53.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 13:47:10 2,048 --s-a-w C:\WINDOWS1\bootstat.dat
+ 2008-06-11 15:08:18 2,048 --s-a-w C:\WINDOWS1\bootstat.dat
+ 2008-04-14 15:53:00 272,128 ------w C:\WINDOWS1\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:01:50 124,928 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:01:50 347,136 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:01:50 214,528 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:01:50 133,120 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:01:50 63,488 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:56 70,656 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:01:50 153,088 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:01:50 230,400 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:26 161,792 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:01:52 383,488 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:01:52 384,512 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:01:52 6,066,176 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:01:52 44,544 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:01:52 267,776 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:52 13,824 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:56:26 625,664 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:01:52 27,648 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:01:52 459,264 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:01:52 52,224 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 15:31:54 3,591,680 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:01:54 478,208 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:01:54 193,024 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:01:54 671,232 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:01:54 102,912 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:01:54 44,544 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:31:14 214,752 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:32:24 380,640 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:01:54 105,984 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:01:54 1,159,680 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:01:54 233,472 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:01:54 826,368 ------w C:\WINDOWS1\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:01:50 124,928 ----a-w C:\WINDOWS1\system32\advpack.dll
+ 2008-04-23 04:16:42 124,928 ----a-w C:\WINDOWS1\system32\advpack.dll
- 2008-03-01 13:01:50 124,928 ------w C:\WINDOWS1\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:42 124,928 ------w C:\WINDOWS1\system32\dllcache\advpack.dll
- 2008-03-01 13:01:50 347,136 ----a-w C:\WINDOWS1\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:42 347,136 ----a-w C:\WINDOWS1\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:01:50 214,528 ------w C:\WINDOWS1\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:42 214,528 ------w C:\WINDOWS1\system32\dllcache\dxtrans.dll
- 2008-03-01 13:01:50 133,120 ------w C:\WINDOWS1\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:42 133,120 ------w C:\WINDOWS1\system32\dllcache\extmgr.dll
- 2008-03-01 13:01:50 63,488 ------w C:\WINDOWS1\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:42 63,488 ------w C:\WINDOWS1\system32\dllcache\icardie.dll
- 2008-03-01 13:01:50 153,088 ------w C:\WINDOWS1\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:42 153,088 ------w C:\WINDOWS1\system32\dllcache\ieakeng.dll
- 2008-03-01 13:01:50 230,400 ------w C:\WINDOWS1\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:42 230,400 ------w C:\WINDOWS1\system32\dllcache\ieaksie.dll
- 2008-03-01 13:01:52 383,488 ------w C:\WINDOWS1\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:42 383,488 ------w C:\WINDOWS1\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:01:52 384,512 ------w C:\WINDOWS1\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:42 384,512 ------w C:\WINDOWS1\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:01:52 6,066,176 ------w C:\WINDOWS1\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:42 6,066,176 ------w C:\WINDOWS1\system32\dllcache\ieframe.dll
- 2008-03-01 13:01:52 44,544 ------w C:\WINDOWS1\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:42 44,544 ------w C:\WINDOWS1\system32\dllcache\iernonce.dll
- 2008-03-01 13:01:52 267,776 ------w C:\WINDOWS1\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:42 267,776 ------w C:\WINDOWS1\system32\dllcache\iertutil.dll
- 2008-03-01 13:01:52 27,648 ------w C:\WINDOWS1\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:42 27,648 ------w C:\WINDOWS1\system32\dllcache\jsproxy.dll
- 2008-03-01 13:01:52 459,264 ------w C:\WINDOWS1\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:42 459,264 ------w C:\WINDOWS1\system32\dllcache\msfeeds.dll
- 2008-03-01 13:01:52 52,224 ------w C:\WINDOWS1\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:42 52,224 ------w C:\WINDOWS1\system32\dllcache\msfeedsbs.dll
- 2008-03-01 13:01:54 478,208 ------w C:\WINDOWS1\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:42 478,208 ------w C:\WINDOWS1\system32\dllcache\mshtmled.dll
- 2008-03-01 13:01:54 193,024 ------w C:\WINDOWS1\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:42 193,024 ------w C:\WINDOWS1\system32\dllcache\msrating.dll
- 2008-03-01 13:01:54 671,232 ------w C:\WINDOWS1\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:42 671,232 ------w C:\WINDOWS1\system32\dllcache\mstime.dll
- 2008-03-01 13:01:54 102,912 ------w C:\WINDOWS1\system32\dllcache\occache.dll
+ 2008-04-23 04:16:42 102,912 ------w C:\WINDOWS1\system32\dllcache\occache.dll
- 2008-03-01 13:01:54 44,544 ----a-w C:\WINDOWS1\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:42 44,544 ----a-w C:\WINDOWS1\system32\dllcache\pngfilt.dll
- 2008-03-01 13:01:54 105,984 ------w C:\WINDOWS1\system32\dllcache\url.dll
+ 2008-04-23 04:16:42 105,984 ------w C:\WINDOWS1\system32\dllcache\url.dll
- 2008-03-01 13:01:54 1,159,680 ------w C:\WINDOWS1\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:44 1,159,680 ------w C:\WINDOWS1\system32\dllcache\urlmon.dll
- 2008-03-01 13:01:54 233,472 ------w C:\WINDOWS1\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:44 233,472 ------w C:\WINDOWS1\system32\dllcache\webcheck.dll
- 2008-03-01 13:01:54 826,368 ------w C:\WINDOWS1\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:44 826,368 ------w C:\WINDOWS1\system32\dllcache\wininet.dll
- 2008-03-01 13:01:50 347,136 ----a-w C:\WINDOWS1\system32\dxtmsft.dll
+ 2008-04-23 04:16:42 347,136 ----a-w C:\WINDOWS1\system32\dxtmsft.dll
- 2008-03-01 13:01:50 214,528 ----a-w C:\WINDOWS1\system32\dxtrans.dll
+ 2008-04-23 04:16:42 214,528 ----a-w C:\WINDOWS1\system32\dxtrans.dll
- 2008-03-01 13:01:50 133,120 ------w C:\WINDOWS1\system32\extmgr.dll
+ 2008-04-23 04:16:42 133,120 ------w C:\WINDOWS1\system32\extmgr.dll
- 2008-03-01 13:01:50 63,488 ----a-w C:\WINDOWS1\system32\icardie.dll
+ 2008-04-23 04:16:42 63,488 ----a-w C:\WINDOWS1\system32\icardie.dll
- 2008-02-29 08:55:56 70,656 ------w C:\WINDOWS1\system32\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 ------w C:\WINDOWS1\system32\ie4uinit.exe
- 2008-03-01 13:01:50 153,088 ------w C:\WINDOWS1\system32\ieakeng.dll
+ 2008-04-23 04:16:42 153,088 ------w C:\WINDOWS1\system32\ieakeng.dll
- 2008-03-01 13:01:50 230,400 ------w C:\WINDOWS1\system32\ieaksie.dll
+ 2008-04-23 04:16:42 230,400 ------w C:\WINDOWS1\system32\ieaksie.dll
- 2008-02-15 05:44:26 161,792 ------w C:\WINDOWS1\system32\ieakui.dll
+ 2008-04-20 05:07:52 161,792 ------w C:\WINDOWS1\system32\ieakui.dll
- 2008-03-01 13:01:52 383,488 ----a-w C:\WINDOWS1\system32\ieapfltr.dll
+ 2008-04-23 04:16:42 383,488 ----a-w C:\WINDOWS1\system32\ieapfltr.dll
- 2008-03-01 13:01:52 384,512 ------w C:\WINDOWS1\system32\iedkcs32.dll
+ 2008-04-23 04:16:42 384,512 ------w C:\WINDOWS1\system32\iedkcs32.dll
- 2008-03-01 13:01:52 6,066,176 ----a-w C:\WINDOWS1\system32\ieframe.dll
+ 2008-04-23 04:16:42 6,066,176 ----a-w C:\WINDOWS1\system32\ieframe.dll
- 2008-03-01 13:01:52 44,544 ------w C:\WINDOWS1\system32\iernonce.dll
+ 2008-04-23 04:16:42 44,544 ------w C:\WINDOWS1\system32\iernonce.dll
- 2008-03-01 13:01:52 267,776 ----a-w C:\WINDOWS1\system32\iertutil.dll
+ 2008-04-23 04:16:42 267,776 ----a-w C:\WINDOWS1\system32\iertutil.dll
- 2008-02-22 10:00:52 13,824 ----a-w C:\WINDOWS1\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS1\system32\ieudinit.exe
- 2008-03-01 13:01:52 27,648 ------w C:\WINDOWS1\system32\jsproxy.dll
+ 2008-04-23 04:16:42 27,648 ------w C:\WINDOWS1\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS1\system32\MRT.exe
+ 2008-05-29 23:35:12 17,486,968 ----a-w C:\WINDOWS1\system32\MRT.exe
- 2008-03-01 13:01:52 459,264 ----a-w C:\WINDOWS1\system32\msfeeds.dll
+ 2008-04-23 04:16:42 459,264 ----a-w C:\WINDOWS1\system32\msfeeds.dll
- 2008-03-01 13:01:52 52,224 ----a-w C:\WINDOWS1\system32\msfeedsbs.dll
+ 2008-04-23 04:16:42 52,224 ----a-w C:\WINDOWS1\system32\msfeedsbs.dll
- 2008-03-01 15:31:54 3,591,680 ----a-w C:\WINDOWS1\system32\mshtml.dll
+ 2008-04-23 19:16:44 3,591,680 ----a-w C:\WINDOWS1\system32\mshtml.dll
- 2008-03-01 13:01:54 478,208 ----a-w C:\WINDOWS1\system32\mshtmled.dll
+ 2008-04-23 04:16:42 478,208 ----a-w C:\WINDOWS1\system32\mshtmled.dll
- 2008-03-01 13:01:54 193,024 ------w C:\WINDOWS1\system32\msrating.dll
+ 2008-04-23 04:16:42 193,024 ------w C:\WINDOWS1\system32\msrating.dll
- 2008-03-01 13:01:54 671,232 ------w C:\WINDOWS1\system32\mstime.dll
+ 2008-04-23 04:16:42 671,232 ------w C:\WINDOWS1\system32\mstime.dll
- 2008-03-01 13:01:54 102,912 ------w C:\WINDOWS1\system32\occache.dll
+ 2008-04-23 04:16:42 102,912 ------w C:\WINDOWS1\system32\occache.dll
- 2008-03-01 13:01:54 44,544 ----a-w C:\WINDOWS1\system32\pngfilt.dll
+ 2008-04-23 04:16:42 44,544 ----a-w C:\WINDOWS1\system32\pngfilt.dll
- 2006-09-16 00:02:34 14,640 ------w C:\WINDOWS1\system32\spmsg.dll
+ 2007-11-30 11:19:02 17,272 ------w C:\WINDOWS1\system32\spmsg.dll
- 2008-03-01 13:01:54 105,984 ----a-w C:\WINDOWS1\system32\url.dll
+ 2008-04-23 04:16:42 105,984 ----a-w C:\WINDOWS1\system32\url.dll
- 2008-03-01 13:01:54 1,159,680 ----a-w C:\WINDOWS1\system32\urlmon.dll
+ 2008-04-23 04:16:44 1,159,680 ----a-w C:\WINDOWS1\system32\urlmon.dll
- 2008-03-01 13:01:54 233,472 ----a-w C:\WINDOWS1\system32\webcheck.dll
+ 2008-04-23 04:16:44 233,472 ----a-w C:\WINDOWS1\system32\webcheck.dll
- 2008-03-01 13:01:54 826,368 ----a-w C:\WINDOWS1\system32\wininet.dll
+ 2008-04-23 04:16:44 826,368 ----a-w C:\WINDOWS1\system32\wininet.dll
+ 2008-06-11 15:08:38 16,384 ----a-w C:\WINDOWS1\Temp\Perflib_Perfdata_78c.dat
+ 2008-06-11 15:09:22 16,384 ----a-w C:\WINDOWS1\Temp\Perflib_Perfdata_ed4.dat
+ 2008-06-11 15:09:22 16,384 ----a-w C:\WINDOWS1\Temp\Perflib_Perfdata_ee0.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{857B1E65-F0D7-4AEB-B914-20DFBDCA1A1F}]
C:\WINDOWS1\kvsdpfeaxpf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 11:55 289088]
"ctfmon.exe"="C:\WINDOWS1\system32\ctfmon.exe" [2004-09-14 13:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio -ominaisuussivun pikakuvake"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS1\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 21:27 77824 C:\WINDOWS1\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 20:06 2559488 C:\WINDOWS1\ALCWZRD.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-20 17:31 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-28 15:52 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\CTFMON.EXE" [2004-09-14 13:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users.WINDOWS1\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xkefqtgs"= {6D899F02-4126-4597-8829-53BB81A93788} - C:\WINDOWS1\xkefqtgs.dll [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\WINDOWS1\\System32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10540:TCP"= 10540:TCP:BitComet 10540 TCP
"10540:UDP"= 10540:UDP:BitComet 10540 UDP


*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-20 04:33:06 C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 20:47:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 20:48:05
ComboFix-quarantined-files.txt 2008-06-11 17:48:02
ComboFix2.txt 2008-06-11 13:52:32

Pre-Run: 55,124,033,536 tavua vapaana
Post-Run: 55,151,034,368 tavua vapaana

280 --- E O F --- 2008-06-11 14:30:55


Ja sitten tuo Malwarebytes loki:

Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 848

20:44:36 11.6.2008
mbam-log-6-11-2008 (20-44-33).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 120827
Kulunut aika: 21 minute(s), 9 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\etlrlws.brno (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\etlrlws.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3a191754 (Trojan.Vundo) -> No action taken.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\WINDOWS1\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

==========

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: QXK Olive - {857B1E65-F0D7-4AEB-B914-20DFBDCA1A1F} - C:\WINDOWS1\kvsdpfeaxpf.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [3a191754] rundll32.exe "C:\WINDOWS1\system32\mgaeohnm.dll",b
O21 - SSODL: xkefqtgs - {6D899F02-4126-4597-8829-53BB81A93788} - C:\WINDOWS1\xkefqtgs.dll (file missing)

 

Elikkä tässä ois ComboFix:
ComboFix 08-06-10.3 - Raimo 2008-06-11 21:36:17.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.238 [GMT 3:00]
Running from: C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Työpöytä\Hijacthis tms. ohjelmat\ComboFix.exe
Command switches used :: C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS1\kvsdpfeaxpf.dll
C:\WINDOWS1\system32\mgaeohnm.dll
C:\WINDOWS1\xkefqtgs.dll
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 20:20 . 2008-06-11 20:20 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 20:20 . 2008-06-11 20:20 <KANSIO> d-------- C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\Malwarebytes
2008-06-11 20:20 . 2008-06-11 20:20 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
2008-06-11 20:20 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS1\system32\drivers\mbamcatchme.sys
2008-06-11 20:20 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS1\system32\drivers\mbam.sys
2008-06-11 17:01 . 2008-04-14 18:53 272,128 --------- C:\WINDOWS1\system32\drivers\bthport.sys
2008-06-11 17:01 . 2008-04-14 18:53 272,128 --------- C:\WINDOWS1\system32\dllcache\bthport.sys
2008-06-11 16:52 . 2008-06-11 16:52 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-06-11 16:52 . 2008-06-11 16:52 294 ---hs---- C:\WINDOWS1\system32\mnhoeagm.ini
2008-06-11 16:00 . 2008-06-11 16:00 <KANSIO> d---s---- C:\WINDOWS1\Downloaded Program Files
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-11 15:00 . 2007-01-08 20:03 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-11 15:00 . 2008-06-11 15:00 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-06-10 16:26 . 2008-06-10 16:26 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-10 16:16 . 2008-06-10 16:16 <KANSIO> d--hs---- C:\FOUND.016
2008-06-10 16:12 . 2008-06-11 15:06 2,594 --a------ C:\WINDOWS1\system32\tmp.reg
2008-06-10 15:13 . 2008-06-10 15:13 <KANSIO> d-------- C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\Universal Boxing Manager
2008-06-10 13:23 . 2008-06-10 13:23 <KANSIO> d-------- C:\Documents and Settings\LocalService.NT-HALLINTA\Työpöytä
2008-06-05 11:54 . 2008-06-05 11:54 <KANSIO> d-------- C:\WINDOWS1\system32\Adobe
2008-05-28 09:43 . 2008-05-28 09:43 <KANSIO> d--hs---- C:\FOUND.015
2008-05-27 10:37 . 2008-05-27 10:37 43,520 --a------ C:\WINDOWS1\system32\CmdLineExt03.dll
2008-05-26 16:08 . 2008-05-26 16:08 <KANSIO> d-------- C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\Atari
2008-05-26 13:57 . 2008-05-26 13:57 <KANSIO> d-------- C:\Program Files\Common Files\PocketSoft
2008-05-26 13:57 . 2008-05-26 13:57 <KANSIO> d-------- C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\Leadertech
2008-05-26 13:57 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS1\patchw32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS1\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS1\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS1\system32\quartz.dll
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS1\system32\dllcache\quartz.dll
2008-04-27 15:23 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-26 07:40 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-26 07:40 --------- d-----w C:\Program Files\Windows Live
2008-04-26 07:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\WLInstaller
2008-04-23 19:16 3,591,680 ------w C:\WINDOWS1\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS1\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS1\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS1\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS1\system32\dllcache\ieakui.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS1\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS1\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS1\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS1\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS1\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS1\system32\dllcache\win32k.sys
2008-02-29 20:20 22,264 ----a-w C:\Documents and Settings\Raimo.RAIMO-3A24E969E\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{857B1E65-F0D7-4AEB-B914-20DFBDCA1A1F}]
C:\WINDOWS1\kvsdpfeaxpf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 11:55 289088]
"ctfmon.exe"="C:\WINDOWS1\system32\ctfmon.exe" [2004-09-14 13:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio -ominaisuussivun pikakuvake"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS1\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 21:27 77824 C:\WINDOWS1\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 20:06 2559488 C:\WINDOWS1\ALCWZRD.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-20 17:31 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-28 15:52 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\CTFMON.EXE" [2004-09-14 13:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users.WINDOWS1\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xkefqtgs"= {6D899F02-4126-4597-8829-53BB81A93788} - C:\WINDOWS1\xkefqtgs.dll [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\WINDOWS1\\System32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10540:TCP"= 10540:TCP:BitComet 10540 TCP
"10540:UDP"= 10540:UDP:BitComet 10540 UDP


*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-20 04:33:06 C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 21:38:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 21:38:44
ComboFix-quarantined-files.txt 2008-06-11 18:38:42
ComboFix3.txt 2008-06-11 13:52:32
ComboFix2.txt 2008-06-11 17:48:08

Pre-Run: 55,082,680,320 tavua vapaana
Post-Run: 55,100,243,968 tavua vapaana

137 --- E O F --- 2008-06-11 14:30:55

 

scannaa uusi hjt:n loki

 

Tässäpä tämä:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00, on 11.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS1\SOUNDMAN.EXE
C:\WINDOWS1\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS1\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\WINDOWS1\system32\PnkBstrA.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS1\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kase.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS1\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5310 bytes

 

Malwarebytes' Anti-Malware uusinta ajoon

tuota kohtaa ei oltu noudatettu

5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.

 

No tässä ois nyt uusi yritys.

Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 848

10:31:58 2008-06-12
mbam-log-6-12-2008 (10-31-58).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 121312
Kulunut aika: 20 minute(s), 6 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

Loki kunnossa