kone ihan jumisssa

ctf kysy pari kertaa ni painoin ok mikä on ctf ???

ctf.monfix.bat

 

tota noi oli siellä missä on toi välilyönti poistanko vai???
tuli pieni ajatuskatkos heh

 

eli ymmärsinkö oikein
1. nimeän uudelleen
2. poistan tiedostostot
???

 

Ensin poistat viestin ylemmässä osassa olevat tiedostot.
jäljelle jää ne joissa on vlilyönti.
Niistä joissa on se völilyönti poistat sen vlin.
lopuksi ne näyttää alkuperäisiltä.
Se on hyvä, että kysyt jos et ole varma.

 

ok, ei ollu kuin ne missä oli välilyönti tuossa combon logi


ComboFix 08-01-17.5 - Jani Vartia 2008-01-18 17:55:57.24 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.789 [GMT 2:00]
Running from: C:\Documents and Settings\Jani Vartia\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-12-18 to 2008-01-18 )))))))))))))))))
.

2008-01-18 17:00 . 2008-01-18 17:00 <KANSIO> d-------- C:\Documents and Settings\LocalService\Työpöytä
2008-01-18 16:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 09:06 . 2008-01-18 09:06 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\Grisoft
2008-01-18 09:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-14 15:28 . 2008-01-14 15:28 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-01-12 14:53 . 2008-01-12 14:53 <KANSIO> d-------- C:\Documents and Settings\Jani Vartia\Application Data\F-Secure
2008-01-12 13:29 . 2008-01-12 13:47 51,040 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-12 13:29 . 2008-01-12 13:47 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-12 13:25 . 2008-01-12 13:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-01-12 13:24 . 2008-01-12 14:44 <KANSIO> d-------- C:\Program Files\Sonera Tietoturva
2008-01-12 12:12 . 2008-01-12 12:13 418,135 --a------ C:\UITool3-370a.zip
2008-01-12 11:39 . 2006-03-02 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-12 11:38 . 2006-03-02 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-12 11:37 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-12 11:33 . 2008-01-12 11:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-12 11:31 . 2006-03-02 14:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-01-12 11:31 . 2006-03-02 14:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-12 11:17 . 2006-03-02 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-12 11:17 . 2008-01-12 11:17 34 --a------ C:\WINDOWS\system\oeminfo.ini
2008-01-09 18:43 . 2008-01-09 18:45 <KANSIO> d-------- C:\Program Files\Windows Live
2008-01-09 17:26 . 2008-01-16 12:45 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-07 17:42 . 2007-10-25 18:44 8,464,384 --a------ C:\WINDOWS\system32\drivers\vmxnet.sys
2008-01-07 17:35 . 2008-01-12 13:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-03 00:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-02 23:20 . 2008-01-12 12:22 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 13:52 . 2008-01-12 09:02 4,410 --a------ C:\WINDOWS\setupapi.old
2007-12-29 22:05 . 2007-12-29 22:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-29 22:05 . 2008-01-09 18:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-29 16:36 . 2008-01-14 15:17 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-12-29 16:01 . 2007-12-29 16:26 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-12-27 14:17 . 2007-12-27 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-27 14:16 . 2007-12-27 14:17 <KANSIO> d-------- C:\Program Files\Winamp Remote

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 16:56 --------- d-----w C:\Documents and Settings\Jani Vartia\Application Data\Microgaming
2008-01-06 10:32 --------- d-----w C:\Program Files\DC++
2008-01-04 21:21 --------- d-----w C:\Program Files\Winamp
2008-01-02 22:56 --------- d-----w C:\Program Files\Java
2007-12-30 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 16:38 --------- d-----w C:\Program Files\Steam
2007-12-29 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 12:04 --------- d-----w C:\Program Files\Macrogaming
2007-12-22 13:32 --------- d-----w C:\Program Files\eMule
2007-11-25 21:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-18 09:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe]
"!AVG Anti-Spyware"="C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-07 15:11 185896]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-09 13:15:46]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-09-06 05:10 450560 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-09 13:15 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-12-18 03:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-03-09 11:05 65536 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2004-04-23 14:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 14:38 1266936 c:\program files\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-01-07 15:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-07 15:11 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-01-12 13:47]
R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-02-05 07:00]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 04:28]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Sonera Tietoturva\HIPS\fshs.sys [2007-04-26 19:11]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]
S4 si3112r;si3112r;C:\WINDOWS\system32\drivers\si3112r.sys [2003-05-09 15:55]
S4 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 17:31]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-01-18 15:00:17 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SONERA~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SONERA~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 17:58:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 17:59:39
ComboFix-quarantined-files.txt 2008-01-18 15:59:17
ComboFix2.txt 2008-01-19 10:07:19
ComboFix3.txt 2008-01-19 09:42:37
ComboFix4.txt 2008-01-18 15:05:50
.
2008-01-19 09:11:05 --- E O F ---

 

Oikein hyvä !!!
Sä hoitelit käsin sen mihin erikoistyökalut eivät pystyneet (vundo on valmis)
(ollaan voiton puolelella).
----------------------
Toimii ainoastaan Explorerilla ==> salli ActiveX
Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
* Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
* Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
* Klikkaa nyt asetuksia, Scan Settings
* Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

* Klikkaa OK
* Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
* Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
* Klikkaa nyt Save as Text-painiketta.
* Tallenna tiedosto työpöydällesi.
* Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
* HJT:n logi myös.

 

ok.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:12, on 18.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\hoojiitee\hoojiitee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157102305475
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5285 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 18, 2008 8:12:18 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/01/2008
Kaspersky Anti-Virus database records: 522081
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 54866
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:53:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jani Vartia\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jani Vartia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jani Vartia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jani Vartia\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jani Vartia\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jani Vartia\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jani Vartia\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\L0000094.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jani Vartia\Data\storydb.idx Object is locked skipped
C:\Program Files\Sonera Tietoturva\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Sonera Tietoturva\Anti-Virus\deleteme_msg.log Object is locked skipped
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
C:\Program Files\Sonera Tietoturva\Anti-Virus\perf.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\Anti-Virus\power.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\Common\policy.bpf Object is locked skipped
C:\Program Files\Sonera Tietoturva\Common\policy.ipf Object is locked skipped
C:\Program Files\Sonera Tietoturva\FSAUA\fsbwupst.log Object is locked skipped
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.dbg Object is locked skipped
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP12\A0003967.dll Object is locked skipped
C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP17\A0010039.dll Object is locked skipped
C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP19\A0011222.dll Object is locked skipped
C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP19\A0011223.dll Object is locked skipped
C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP27\change.log Object is locked skipped
C:\System Volume Information\_restore{9C233CE6-52B4-4664-BECB-4A48ADBDBB76}\RP5\A0000758.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C0DE585A-B221-433A-9552-C6F8C145FDF1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\AVP47BA.tmp Object is locked skipped
C:\WINDOWS\TEMP\AVP47BB.tmp Object is locked skipped
C:\WINDOWS\TEMP\AVP47BE.tmp Object is locked skipped
C:\WINDOWS\TEMP\AVP47BF.tmp Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_b4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

jatketaan huomenna jos vain jaksat ja kiitos tähän astisesta asvusta

 

OK

 

huomenta miltä näytti

 

Oikein hyvää huomenta !!!
Viruksia ei näkynyt enään, mutta F-Sekuren pitää varmaan asentaa uudelleen
Olisko lie saanut senverran siipeensä.
Laita sen jäkeen HJT logi
PS.
miltä se kone alkaa tuntua ???

 

kone tuntuu hyvältä mut mese kuulemma lähettelee viestejä itekseen ja näyttää et oisin kirjautuneena

 

Sitä mese hommaa on ollut monilla
Ovat käskeneet vaihtaa salasanaa.

Tämä on myös käynnistyksessä tarpeeton Fixaa HJT:llä pois.
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

ctf.monfix.bat Hiiren oikealla napilla ja muokkaa valinta.
Lähetä sen siltö tänne.

 

täs hj logi


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:15, on 19.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sonera Tietoturva\FSAUA\program\fsus.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\hoojiitee\hoojiitee.exe
C:\WINDOWS\SoftwareDistribution\Download\48e8301ea45ef4d00cbc2e18d22d00ea\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157102305475
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Jani Vartia\Työpöytä\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5849 bytes

 

@echo on
Regsvr32.exe /u msimtf.dll
Regsvr32.exe /u Msctf.dll


täytyy vaihtaa sit messengerin salasana

 

Aina vaan paranee Fsecurekin nousi pystyyn. Vinukan muurin saa sammuttaa.

=> ctf.monfix.bat tämän saat poistaa ei tarvita enään.

Luultavasti tämä lähettelee mesejä:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Fixaa pois:
poista myös tiedosto:
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

Joko mese rauhoittui ???

Aloitetaanko virus-suojien raketelu ????

 

sori ku kesti piti käydä pelaamassa peli välissä
juu aletaan vaan rakentelee

 

Joko mese rauhoittui ???

 

joo ei kuulemma heittele viestejä enään itekseen

 

joo ei oo mese enää lähetelly