Mömmöäkö masiinassa!!!!

otas se combofix ja uusi hjt:n loki

 

"Combofix" ajettu, sen jälkeen HJT.
Logit alla. "Combo.txt" kokonaisuudessaan, en leikannut
vanhoja tietoja pois.

Taitaa tässä hermo mennä ja kohta pistän format c:, mutta
kun on tuota "tärkeää" ohjelmaa ym. kerääntynyt
jo sen verran. Sanohan kyllä yks' kaveri asentavansa
Windows'n kerran kuussa uusiks', kun se kerää kaiken
itseensä hidastuttaen toimintaa.

Mutta kokeillaan nyt näin vielä viikonloppuun asti.

Onneks' on "varakone", joka on tällä erää kunnossa )

-undo-




ComboFix 08-02-12.1 - jakke 2008-02-14 7:40:00.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.552 [GMT 2:00]
Running from: C:\Documents and Settings\jakke\Työpöytä\ComboFix(2).exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Helper
C:\Program Files\Helper\1202738063.dll
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\awtqqpq.dll
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\iiyndkds.dll
C:\WINDOWS\system32\jkkhffg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\winhab32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME










((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-14 to 2008-02-14 )))))))))))))))))
.

2008-02-14 07:20 . 2008-02-14 07:20 8,704 --a------ C:\WINDOWS\system32\LogCrypt.dl_
2008-02-13 21:04 . 2008-02-13 21:09 10,240 --a------ C:\Program Files\tmp7410265.exe
2008-02-13 21:04 . 2008-02-13 21:09 10,240 --a------ C:\Program Files\tmp7406671.exe
2008-02-13 16:04 . 2008-02-13 16:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-13 15:52 . 2008-02-13 15:52 <KANSIO> d-------- C:\RegSeeker
2008-02-13 15:39 . 2008-02-13 21:11 8,704 --a------ C:\WINDOWS\system32\LogCrypt.dll
2008-02-13 12:45 . 1,072,746,496 C:\hiberfil.sys
2008-02-13 07:13 . 2008-02-13 07:11 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 07:13 . 2008-02-13 07:13 3,459 --a------ C:\WINDOWS\unins000.dat
2008-02-13 07:07 . 2008-02-13 07:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 06:14 . 2008-02-13 06:14 <KANSIO> d-------- C:\VundoFix Backups
2008-02-13 05:59 . 2008-02-13 05:59 106 --a------ C:\delete.bat
2008-02-12 21:00 . 2005-06-11 01:32 18,944 --a------ C:\Documents and Settings\jakke\Application Data\nvsvc1024.dll
2008-02-12 20:39 . 2008-02-12 20:39 <KANSIO> d-------- C:\Program Files\SysCleaner
2008-02-12 07:58 . 2008-02-13 22:01 25,984 --a------ C:\WINDOWS\system32\drivers\Xek41.sys
2008-02-12 07:43 . 2008-02-12 07:43 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-02-12 07:39 . 2008-02-12 08:01 <KANSIO> d-------- C:\SDFix
2008-02-12 07:29 . 2008-02-12 08:25 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-12 07:19 . 2008-02-12 17:15 <KANSIO> d-------- C:\QooBox
2008-02-12 07:18 . 2004-09-15 14:00 390,656 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-12 07:18 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-02-12 07:18 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-02-12 07:18 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-02-12 07:18 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-12 07:18 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-12 07:18 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-12 07:18 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-12 07:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-12 07:18 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-02-11 22:05 . 2008-02-13 15:40 <KANSIO> d-------- C:\hijackthis
2008-02-11 15:53 . 2008-02-13 06:33 14 --ah----- C:\WINDOWS\mmax_hren2.ini
2008-02-11 15:52 . 2008-02-11 15:52 40,960 --a------ C:\WINDOWS\mmhren1.exe
2008-02-11 15:51 . 2008-02-11 15:51 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-10 23:27 . 2008-02-10 23:27 <KANSIO> d-------- C:\Program Files\Common Files\Download Manager
2008-02-10 12:11 . 2008-02-10 12:11 <KANSIO> d-------- C:\Documents and Settings\jakke\WINDOWS
2008-02-10 12:11 . 1998-07-30 18:40 306,176 --a------ C:\WINDOWS\IsUn0413.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 05:26 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-14 05:19 805,306,368 --sha-w C:\pagefile.sys
2008-02-13 17:01 --------- d-----w C:\Program Files\Internet Explorer
2008-02-13 09:41 --------- d-----w C:\Program Files\KeyLogger
2008-02-13 05:00 --------- d--h--w C:\Program Files\Common Files\NonShare
2008-02-12 20:55 --------- d-----w C:\Program Files\utorrent
2008-02-11 14:27 --------- d-----w C:\Documents and Settings\jakke\Application Data\uTorrent
2008-02-10 21:27 --------- d-----w C:\Program Files\Common Files
2008-02-10 10:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 10:18 --------- d-----w C:\Program Files\Adobe
2008-02-09 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
2008-01-23 06:36 --------- d-----w C:\Documents and Settings\jakke\Application Data\Joost
2008-01-11 05:37 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
2008-01-03 18:16 --------- d-----w C:\Program Files\Sony
2008-01-02 17:05 --------- d-----w C:\Documents and Settings\jakke\Application Data\TVU Networks
2008-01-01 20:23 --------- d-----w C:\Program Files\Java
2007-12-26 18:26 --------- d-----w C:\Documents and Settings\jakke\Application Data\Ahead
2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-08 05:14 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:14 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
2007-12-07 02:14 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
2007-12-07 02:14 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
2007-12-07 02:14 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
2007-12-07 02:14 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
2007-12-07 02:14 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
2007-12-07 02:14 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
2007-12-07 02:14 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
2007-12-07 02:14 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
2007-12-07 02:14 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
2007-12-07 02:14 105,984 ----a-w C:\WINDOWS\system32\url.dll
2007-12-07 02:14 102,912 ----a-w C:\WINDOWS\system32\occache.dll
2007-12-07 02:14 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
2007-12-07 02:13 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
2007-12-07 02:13 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
2007-12-07 02:13 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
2007-12-07 02:13 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
2007-12-07 02:13 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
2007-12-07 02:13 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
2007-12-07 02:13 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
2007-12-07 02:13 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"SpybotSD TeaTimer"="e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-23 22:26 5537792]
"AGRSMMSG"="AGRSMMSG.exe" [2004-03-19 13:40 88363 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-10-17 14:51 196670]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03 149024]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"PWRISOVM.EXE"="e:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2004-06-02 17:48:22 565309]
TMMonitor.lnk - E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2007-09-10 19:53:27 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {758acbab-0e72-4897-af24-c4b15e20c626} - C:\WINDOWS\Installer\{758acbab-0e72-4897-af24-c4b15e20c626}\zip.dll [2008-02-14 07:20 38438]
"SetupAlrt"= {49ed79ae-4a24-4b56-b431-7289a569dc25} - C:\WINDOWS\Installer\{49ed79ae-4a24-4b56-b431-7289a569dc25}\SetupAlrt.dll [2008-02-11 15:51 14374]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
LogCrypt.dll 2008-02-13 21:11 8704 C:\WINDOWS\system32\LogCrypt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-23 22:26 1495040 C:\WINDOWS\system32\nwiz.exe

R0 Xek41;Xek41;C:\WINDOWS\system32\Drivers\Xek41.sys [2008-02-13 22:01]
S3 bdacap;%BdaSWCapture.DeviceDesc%;C:\WINDOWS\system32\drivers\bdacap.sys [2006-05-18 09:01]
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 08:55]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a212171-d7b9-11dc-85b9-00904b916ce3}]
\Shell\AutoRun\command - H:\setup\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 07:42:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?1?9?9??????? ?(?B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\LogCrypt.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\Installer\{758acbab-0e72-4897-af24-c4b15e20c626}\zip.dll
-> C:\WINDOWS\Installer\{49ed79ae-4a24-4b56-b431-7289a569dc25}\SetupAlrt.dll
.


**********************


Logfile of HijackThis v1.99.1
Scan saved at 07:52, on 2008-02-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] e:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TMMonitor.lnk = E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\googletoolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\googletoolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\googletoolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172684265537
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://miplaya1.axiscam.net/activex/AMC.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LogCrypt - C:\WINDOWS\SYSTEM32\LogCrypt.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: zip - {758acbab-0e72-4897-af24-c4b15e20c626} - C:\WINDOWS\Installer\{758acbab-0e72-4897-af24-c4b15e20c626}\zip.dll
O21 - SSODL: SetupAlrt - {49ed79ae-4a24-4b56-b431-7289a569dc25} - C:\WINDOWS\Installer\{49ed79ae-4a24-4b56-b431-7289a569dc25}\SetupAlrt.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

==================

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

 

ComboFix 08-02-12.1 - jakke 2008-02-14 12:54:35.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.596 [GMT 2:00]
"Combofix" ajettu neuvomallasi tavalla. Uudelleenkäynnistyksen jälkeen tuli sanoma: "Kohdetta C:\WINDOWS\system32\home:=??
combobatch.bat ei löydy. Kirjoititko oikein..?Yritä uudelleen..Etsi Käynnistä-valikosta"
Teen nyt loput jutut...Netti muuten aukeilee taas paremmin
-undo-





Running from: C:\Documents and Settings\jakke\Työpöytä\ComboFix(2).exe
Command switches used :: H:\Muistio CFScript\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\LogCrypt.dl_
C:\WINDOWS\system32\LogCrypt.dll
.

 

jäipä combofix loki lyhyeksi

 

Juuh, mutt' ei se pituus vaan....heh....

Mulla toi "Kaspersky" on pyörimässä. Katsotaan mitä se löytää..
Täytyiskö toi "Combo" vielä ajella?

-undo-

 

ajele combofix vielä ja ota uusi hjt:n loki

 

Jep. Teen niin kunhan toi "Kaspersky" saa hommansa loppuun..
-undo-

 

"Kaspersky" sai hommansa loppuun. Logi alla.
Ajan vielä "Combon" sekä HJTn. Pistän logit niistäkin tulemaan..
-undo-



File C:\WINDOWS\mmhren1.exe infected by "Trojan-Downloader.Win32.Agent.iww" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\jakke\Application Data\nvsvc1024.dll infected by "Trojan.Win32.Qhost.abh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\jakke\Local Settings\Temporary Internet Files\Content.IE5\2FYMC6JY\1202966413[1].exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\jakke\Local Settings\Temporary Internet Files\Content.IE5\GR6DXIOE\1202929425[1].exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\jakke\Local Settings\Temporary Internet Files\Content.IE5\GR6DXIOE\1202929441[1].exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\jakke\Local Settings\Temporary Internet Files\Content.IE5\QY1AELTN\1202966414[1].exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\jakke\Suosikit\JAKKE\PUHELIN\Sanyci's Nokia s60 freeware collection - Sanyci Nokia s60 freeware gyujteménye.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\jakke\Työpöytä\JAKKE\OJELMIA_asentamattomia\MailPassView\MAILP138.ZIP tagged as not-a-virusSWTool.Win32.MailPassView.130. No Action Taken.
File C:\Documents and Settings\jakke\Työpöytä\JAKKE\OJELMIA_asentamattomia\WIN XP Pro Finnish Corporate_Sp2_incl key_CD-levyn kuva(nrg). sekä Genuine Tool\WGA Crack ja ohje\WGA Crack.rar tagged as not-a-virusSWTool.Win32.RAS.a. No Action Taken.
File C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Perfect Keylogger\Uus versio\i_bpk165(2).exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
File C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\spy\13092007\Family_Key_Logger_v3.02-DIGERATI\Family_Key_Logger_v3.02-DIGERATI\d32fkl01.zip tagged as not-a-virus:Monitor.Win32.FamilyKeyLogger.280. No Action Taken.
File C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\spy\13092007\Family_Key_Logger_v3.02-DIGERATI\Family_Key_Logger_v3.02-DIGERATI\digerati.rar tagged as not-a-virus:Monitor.Win32.FamilyKeyLogger.280. No Action Taken.
File C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\spy\13092007\Family_Key_Logger_v3.02-DIGERATI.rar tagged as not-a-virus:Monitor.Win32.FamilyKeyLogger.302. No Action Taken.
File C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\SPY2\KeyLogger 301\keylogger.exe tagged as not-a-virus:Monitor.Win32.KeyLogger.aw. No Action Taken.
File C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\SPY2\Perfect Keylogger\Basic Edition\i_bpk_basic.exe tagged as not-a-virus:Monitor.Win32.Perflogger.dd. No Action Taken.
File C:\Documents and Settings\jakke\Työpöytä\LATAUKSET\blazingtoolsperfectkeylogger1.47.2keygensnd.zip.exe tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\Program Files\Common Files\NonShare\PKL\crack.exe infected by "Trojan-Downloader.Win32.Small.iel" Virus. Action Taken: File Deleted.
File C:\Program Files\Common Files\NonShare\PKL_Basic\i_bpk_trial(2).exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
File C:\Program Files\tmp7406671.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\Program Files\tmp7410265.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\Program Files\Helper\1202738063.dll.vir tagged as not-a-virus:AdWare.Win32.E404.a. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\awtqqpq.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\LogCrypt.dll.vir infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\winhab32.dll.vir infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\catchme2008-02-12_171546.71.zip infected by "Trojan.Win32.BHO.axg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091651.exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091652.dll tagged as not-a-virus:Monitor.Win32.Perflogger.163. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091653.exe tagged as not-a-virus:Monitor.Win32.Perflogger.bu. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091654.exe tagged as not-a-virus:Monitor.Win32.Perflogger.bx. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091656.exe tagged as not-a-virus:Monitor.Win32.Perflogger.bx. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091663.exe tagged as not-a-virus:Monitor.Win32.Perflogger.b. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091664.dll tagged as not-a-virus:Monitor.Win32.Perflogger.b. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091671.exe tagged as not-a-virus:Monitor.Win32.Perflogger.b. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091672.dll infected by "Trojan.Win32.Agent.bmd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092647.exe infected by "Trojan-Downloader.Win32.Agent.iug" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092650.exe tagged as not-a-virus:Monitor.Win32.Perflogger.b. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092651.dll tagged as not-a-virus:Monitor.Win32.Perflogger.b. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092660.exe infected by "Trojan.Win32.Inject.wc" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092661.exe infected by "Trojan-Downloader.Win32.Agent.iww" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092662.exe infected by "Trojan.Win32.Pakes.ccx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092663.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP260\A0092723.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP260\A0093724.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP260\A0094732.exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP260\A0094733.exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP260\A0094736.exe infected by "Trojan-Downloader.Win32.Agent.ipp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP260\A0094770.sys infected by "Trojan-Downloader.Win32.Diehard.dr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP260\A0094787.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP260\snapshot\MFEX-1.DAT infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0094805.dll tagged as not-a-virus:AdWare.Win32.E404.a. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0094806.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0094807.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0094808.dll infected by "Trojan.Win32.Dialer.yz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0094812.dll infected by "Trojan.Win32.BHO.axg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0094813.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.imh. No Action Taken.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0094832.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0094932.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0094933.exe infected by "Trojan-Downloader.Win32.Adload.ma" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095015.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095016.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095046.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095047.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095071.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095072.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095094.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095095.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095108.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP261\A0095109.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095120.dll infected by "Trojan-Proxy.Win32.Xorpix.cv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095131.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095143.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095144.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095203.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095204.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095283.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095286.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095303.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP263\A0095304.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP264\A0095380.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP264\A0095468.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP264\A0095469.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP264\A0095529.sys infected by "Trojan-Downloader.Win32.Agent.ici" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP264\A0095530.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP265\A0095641.dll infected by "Trojan.Win32.Agent.eub" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP265\A0095669.exe infected by "Trojan-Downloader.Win32.Agent.iww" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP265\A0095670.dll infected by "Trojan.Win32.Qhost.abh" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP265\A0095671.exe infected by "Trojan-Downloader.Win32.Small.iel" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP265\A0095672.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP265\A0095673.exe infected by "Trojan-Downloader.Win32.Alphabet.gen" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Installer\{230eadf3-6fe5-42c4-8ec3-654f8450c25c}\zip.dll infected by "Trojan-Downloader.Win32.BHO.ct" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Installer\{39b86dc7-3ed3-477d-bc4e-7c9e52a8ab5f}\zip.dll infected by "Trojan-Downloader.Win32.BHO.ct" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Installer\{461d114b-c594-4e38-b28a-413b8d27f4ba}\zip.dll infected by "Trojan-Downloader.Win32.BHO.ct" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Installer\{49ed79ae-4a24-4b56-b431-7289a569dc25}\SetupAlrt.dll infected by "Trojan.Win32.Agent.evy" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Installer\{758acbab-0e72-4897-af24-c4b15e20c626}\zip.dll infected by "Trojan-Downloader.Win32.BHO.ct" Virus. Action Taken: File Deleted.
File E:\ajurit\CTF\ctfmon.dll tagged as not-a-virus:Monitor.Win32.HomeKeyLogger.170. No Action Taken.
File E:\ajurit\CTF\ctfmon.exe tagged as not-a-virus:Monitor.Win32.FamilyKeyLogger.271. No Action Taken.
File E:\ajurit\CTF\ctfs.dll tagged as not-a-virus:Monitor.Win32.GoldenKeylogger.130. No Action Taken.

 

Alla "Combon" sekä HJT'n logit.
Konetta en kyllä käynnistänyt "Combon" ajon jälkeen...
Muuten kyllä tuntuu pyörivän jo lähestulkoon normaalisti.

Paljon se "eScan" (/"Kaspersky") löysi kaikkea extraa...
Pitäisköhän ajella vielä "eScanCheck"?
Oliskohan siitä hyötyä?

Mikäs tää ao. "Combon" juttu?:
"WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!"

-undo-


ComboFix 08-02-12.1 - jakke 2008-02-14 16:32:15.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.569 [GMT 2:00]
Running from: C:\Documents and Settings\jakke\Työpöytä\ComboFix(2).exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Helper
C:\Program Files\Helper\1202738063.dll
C:\Program Files\tmp7406671.exe\
C:\Program Files\tmp7410265.exe\
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\awtqqpq.dll
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\iiyndkds.dll
C:\WINDOWS\system32\jkkhffg.dll
C:\WINDOWS\system32\LogCrypt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\winhab32.dll
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\EXPAudioCDGrabber2.dll.bad
C:\VundoFix Backups\EXPAudioFile2.dll.bad
C:\VundoFix Backups\EXPAudioPlayer2.dll.bad
C:\VundoFix Backups\EXPAudioRecord2.dll.bad
C:\VundoFix Backups\EXPWMAFile2.dll.bad

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME
















((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-14 to 2008-02-14 )))))))))))))))))
.

2008-02-14 16:31 . 2008-02-14 16:34 <KANSIO> d-------- C:\ComboFix(2)
2008-02-14 16:16 . 2008-02-14 16:16 0 --a------ C:\23990098.$$$
2008-02-14 13:25 . 2008-02-14 13:44 <KANSIO> d-------- C:\Downloads
2008-02-14 13:23 . 2008-02-14 13:44 <KANSIO> d-------- C:\Kaspersky
2008-02-13 16:04 . 2008-02-13 16:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-13 15:52 . 2008-02-13 15:52 <KANSIO> d-------- C:\RegSeeker
2008-02-13 12:45 . 1,072,746,496 C:\hiberfil.sys
2008-02-13 07:13 . 2008-02-13 07:11 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 07:13 . 2008-02-13 07:13 3,459 --a------ C:\WINDOWS\unins000.dat
2008-02-13 07:07 . 2008-02-13 07:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 05:59 . 2008-02-13 05:59 106 --a------ C:\delete.bat
2008-02-12 20:39 . 2008-02-12 20:39 <KANSIO> d-------- C:\Program Files\SysCleaner
2008-02-12 07:58 . 2008-02-14 08:50 25,984 --a------ C:\WINDOWS\system32\drivers\Xek41.sys
2008-02-12 07:43 . 2008-02-12 07:43 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-02-12 07:39 . 2008-02-12 08:01 <KANSIO> d-------- C:\SDFix
2008-02-12 07:29 . 2008-02-14 12:56 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-12 07:19 . 2008-02-14 12:54 <KANSIO> d-------- C:\QooBox
2008-02-12 07:18 . 2004-09-15 14:00 390,656 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-12 07:18 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-02-12 07:18 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-02-12 07:18 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-02-12 07:18 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-12 07:18 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-12 07:18 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-12 07:18 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-12 07:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-12 07:18 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-02-11 22:05 . 2008-02-14 07:53 <KANSIO> d-------- C:\hijackthis
2008-02-11 15:53 . 2008-02-13 06:33 14 --ah----- C:\WINDOWS\mmax_hren2.ini
2008-02-11 15:51 . 2008-02-11 15:51 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-10 23:27 . 2008-02-10 23:27 <KANSIO> d-------- C:\Program Files\Common Files\Download Manager
2008-02-10 12:11 . 2008-02-10 12:11 <KANSIO> d-------- C:\Documents and Settings\jakke\WINDOWS
2008-02-10 12:11 . 1998-07-30 18:40 306,176 --a------ C:\WINDOWS\IsUn0413.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 14:16 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-14 10:57 805,306,368 --sha-w C:\pagefile.sys
2008-02-13 17:01 --------- d-----w C:\Program Files\Internet Explorer
2008-02-13 09:41 --------- d-----w C:\Program Files\KeyLogger
2008-02-13 05:00 --------- d--h--w C:\Program Files\Common Files\NonShare
2008-02-12 20:55 --------- d-----w C:\Program Files\utorrent
2008-02-11 14:27 --------- d-----w C:\Documents and Settings\jakke\Application Data\uTorrent
2008-02-10 21:27 --------- d-----w C:\Program Files\Common Files
2008-02-10 10:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 10:18 --------- d-----w C:\Program Files\Adobe
2008-02-09 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
2008-01-23 06:36 --------- d-----w C:\Documents and Settings\jakke\Application Data\Joost
2008-01-11 05:37 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
2008-01-03 18:16 --------- d-----w C:\Program Files\Sony
2008-01-02 17:05 --------- d-----w C:\Documents and Settings\jakke\Application Data\TVU Networks
2008-01-01 20:23 --------- d-----w C:\Program Files\Java
2007-12-26 18:26 --------- d-----w C:\Documents and Settings\jakke\Application Data\Ahead
2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-08 05:14 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:14 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
2007-12-07 02:14 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
2007-12-07 02:14 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
2007-12-07 02:14 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
2007-12-07 02:14 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
2007-12-07 02:14 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
2007-12-07 02:14 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
2007-12-07 02:14 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
2007-12-07 02:14 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
2007-12-07 02:14 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
2007-12-07 02:14 105,984 ----a-w C:\WINDOWS\system32\url.dll
2007-12-07 02:14 102,912 ----a-w C:\WINDOWS\system32\occache.dll
2007-12-07 02:14 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
2007-12-07 02:13 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
2007-12-07 02:13 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
2007-12-07 02:13 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
2007-12-07 02:13 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
2007-12-07 02:13 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
2007-12-07 02:13 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
2007-12-07 02:13 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
2007-12-07 02:13 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"SpybotSD TeaTimer"="e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-23 22:26 5537792]
"AGRSMMSG"="AGRSMMSG.exe" [2004-03-19 13:40 88363 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-10-17 14:51 196670]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03 149024]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"PWRISOVM.EXE"="e:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2004-06-02 17:48:22 565309]
TMMonitor.lnk - E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2007-09-10 19:53:27 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
LogCrypt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-23 22:26 1495040 C:\WINDOWS\system32\nwiz.exe

R0 Xek41;Xek41;C:\WINDOWS\system32\Drivers\Xek41.sys [2008-02-14 08:50]
S3 bdacap;%BdaSWCapture.DeviceDesc%;C:\WINDOWS\system32\drivers\bdacap.sys [2006-05-18 09:01]
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 08:55]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a212171-d7b9-11dc-85b9-00904b916ce3}]
\Shell\AutoRun\command - H:\setup\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 16:34:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?1?9?9??????? ?(?B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.


**********************




Logfile of HijackThis v1.99.1
Scan saved at 16:36, on 2008-02-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] e:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TMMonitor.lnk = E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\googletoolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\googletoolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\googletoolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172684265537
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://miplaya1.axiscam.net/activex/AMC.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

1. Käynnistä Spybot-S&D Edistyneessä tilassa
2. Jos se ei ole Edistyneessä tilassa, mene Tila-valikkoon ja valitse Edistynyt tila
3. Klikkaa vasemmalla Työkalut
4. Klikkaa listassa Pysyvä suojaus
5. Ota rasti pois kohdasta "Pysyvä TeaTimer" ja paina OK.
6. Käynnistä kone uudelleen.

===========

no johan lista tuli

=========

ajas vielä

Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

Toisissa koneissa paukutetaan F8:sin sijasta F5:tä

HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

=========

OHJE
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.


=========

scannaa hjt:llä merkkaa paina Fix checked

O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing)

=========

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

=============

johan rupee näyttämään paremalta että en nää painajaisia lokista ;D

 

Ohessa "AVG"-logi. Ainoa, että viruslöydösluetteloikkunan alapuolella "Set all elements to" näytti "Custom". Se ei ollut aktiivinen, en päässyt muuttamaan sitä muotoon "Quarantine". Enkä meinannut millään saada raporttia näkyviin kuin monen klikkailujen ja seikkailujen jälkeen.

Kun sitten käynnistin koneen uudelleen ilmoitti Avast löytäneensä:
c:\windows\system32\drivers\nkv2.sys pöpön. Perässä luki Win32Agent_QOV [Rtk]. Rootkit.

Mutta jatkamme



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:09 2008-02-14

+ Scan result:



HKLM\SOFTWARE\KMiNT21 -> Adware.DesktopSpyAgent : Cleaned with backup (quarantined).
HKLM\SOFTWARE\KMiNT21\FamilyKeyLogger -> Adware.DesktopSpyAgent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091665.exe -> Logger.Perfloger.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091673.exe -> Logger.Perfloger.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092652.exe -> Logger.Perfloger.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP260\A0094745.bat -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
E:\ajurit\CTF\ctfmon.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.271 : Cleaned with backup (quarantined).
C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\spy\13092007\Family_Key_Logger_v3.02-DIGERATI.rar/Family_Key_Logger_v3.02-DIGERATI\digerati.rar/setup\familykeylogger-2.83.zip/FamilyKeyLogger-setup.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.280 : Cleaned with backup (quarantined).
C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\spy\13092007\Family_Key_Logger_v3.02-DIGERATI.rar/Family_Key_Logger_v3.02-DIGERATI\setup\familykeylogger-2.83.zip/FamilyKeyLogger-setup.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.280 : Cleaned with backup (quarantined).
C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\spy\13092007\Family_Key_Logger_v3.02-DIGERATI\Family_Key_Logger_v3.02-DIGERATI\d32fkl01.zip/digerati.rar/setup\familykeylogger-2.83.zip/FamilyKeyLogger-setup.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.280 : Cleaned with backup (quarantined).
C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\spy\13092007\Family_Key_Logger_v3.02-DIGERATI\Family_Key_Logger_v3.02-DIGERATI\digerati.rar/setup\familykeylogger-2.83.zip/FamilyKeyLogger-setup.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.280 : Cleaned with backup (quarantined).
C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\spy\13092007\Family_Key_Logger_v3.02-DIGERATI.rar/Family_Key_Logger_v3.02-DIGERATI\d32fkl01.zip/digerati.rar/crack\svcl32.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.302 : Cleaned with backup (quarantined).
C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\spy\13092007\Family_Key_Logger_v3.02-DIGERATI.rar/Family_Key_Logger_v3.02-DIGERATI\digerati.rar/crack\svcl32.exe -> Not-A-Virus.Monitor.Win32.FamilyKeyLogger.302 : Cleaned with backup (quarantined).
E:\ajurit\CTF\ctfs.dll -> Not-A-Virus.Monitor.Win32.GoldenKeylogger.130 : Cleaned with backup (quarantined).
E:\ajurit\CTF\ctfmon.dll -> Not-A-Virus.Monitor.Win32.HomeKeyLogger.170 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091652.dll -> Not-A-Virus.Monitor.Win32.Perflogger.163 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091651.exe -> Not-A-Virus.Monitor.Win32.Perflogger.ad : Cleaned with backup (quarantined).
C:\Documents and Settings\jakke\Työpöytä\JAKKE\SPY\Windows etc. key commands\SPY2\Perfect Keylogger\Basic Edition\i_bpk_basic.exe -> Not-A-Virus.Monitor.Win32.Perflogger.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091663.exe -> Not-A-Virus.Monitor.Win32.Perflogger.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091664.dll -> Not-A-Virus.Monitor.Win32.Perflogger.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091671.exe -> Not-A-Virus.Monitor.Win32.Perflogger.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092650.exe -> Not-A-Virus.Monitor.Win32.Perflogger.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092651.dll -> Not-A-Virus.Monitor.Win32.Perflogger.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091653.exe -> Not-A-Virus.Monitor.Win32.Perflogger.bu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091654.exe -> Not-A-Virus.Monitor.Win32.Perflogger.bx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091656.exe -> Not-A-Virus.Monitor.Win32.Perflogger.bx : Cleaned with backup (quarantined).
C:\Documents and Settings\jakke\Työpöytä\JAKKE\OJELMIA_asentamattomia\MailPassView\MAILP138.ZIP/mailpv.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\jakke\Application Data\Mozilla\Firefox\Profiles\fqgqztbk.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.12:C:\Documents and Settings\jakke\Application Data\Mozilla\Firefox\Profiles\fqgqztbk.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091666.exe -> Trojan.Perflog.DU : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP258\A0091674.exe -> Trojan.Perflog.DU : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5EA01E6B-6488-428E-BFAB-7F78AE8C5B4D}\RP259\A0092653.exe -> Trojan.Perflog.DU : Cleaned with backup (quarantined).


::Report end

 

sitten tehään näin

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen

==============

Otas toi järjestelmän palautus pois päältä

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok

 

"F-Secure"-raportti alla. Meni vaan viittä vaille kauheasti aikaa kun se skannaili. Ensin ohjelma ei meinannut millään lataantua...

Tämän jälkeen tallensin raportin, boottasin koneen. Otin sitten asemien valvonnan pois. Netti kyllä on kuin liisterissä. Tahmeaa.

Kävin jo hakemassa 500Gb:n ulkosen Maxtorin varmuuskopiointiin, jos kuitenkin kohta koittaa "format c:", mutta katsotaan.

-undo-





Scanning Report
Friday, February 15, 2008 07:43:53 - 13:35:26
Computer name: xxxxxxxxxx-xxxxxxx
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ E:\
________________________________________
Result: 6 malware found
Email-Worm.Win32.Zhelatin.vi (virus)
• C:\Documents and Settings\jakke\Ty&#65533;p&#65533;yt&#65533;\JAKKE\OJELMIA_asentamattomia\Vanhat pelit toimimaan_MAME\MAME0117.ZIP\mame0117b.exe
Trojan-Downloader.Win32.Small.ihc (virus)
• C:\Documents and Settings\jakke\Ty&#65533;p&#65533;yt&#65533;\LATAUKSET\blazingtoolsperfectkeylogger1.47.2keygensnd.zip.exe (Renamed & Submitted)
Trojan.Win32.Agent.eub (virus)
• C:\WINDOWS\system32\LogCrypt.dll (Renamed & Submitted)
W32/Keylogger.KI (virus)
• C:\Program Files\Common Files\NonShare\PKL_Basic\i_bpk_trial(2).exe\bpki.dll
W32/Smalltroj.CNYX (virus)
• C:\!KillBox\WINDOWS\Installer\MSN Messenger 7.5.0299\MsnMsgs.Msi\stream 19\msnmsgrexe
W32/Smalltroj.CTNG (virus)
• C:\QooBox\Quarantine\C\Program Files\ucleaner_setup.exe.vir (Submitted)
________________________________________
Statistics
Scanned:
• Files: 846210
• System: 3950
• Not scanned: 113
Actions:
• Disinfected: 0
• Renamed: 2
• Deleted: 0
• None: 4
• Submitted: 3
Files not scanned:
H
________________________________________
Options
Scanning engines:
• F-Secure Libra: 2.4.2, 2008-02-13
• F-Secure AVP: 7.0.171, 2008-02-15
• F-Secure Orion: 1.2.37, 2008-02-14
• F-Secure Blacklight: 1.0.64
• F-Secure Draco: 1.0.35, 0602-150-72
• F-Secure Pegasus: 1.20.0, 2008-01-13
Scanning options:
• Scan all files
• Scan inside archives
• Use Advanced heuristics
________________________________________
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

otas uusi hjt:n loki ja combofix

 

Ääääähhhh!!!!! Kohta loppuuu pinna...
Kuitenkin; ajoin ensin "Combon" sitten HJT'n. Logit alla.
Netti v....uilee ja se "....nkv.sys" Win32AgentQOV [Rtk] Rootkit ilmestyy avastilla vähän väliä, kun käynnistää konetta.
-undo-


ComboFix 08-02-12.1 - jakke 2008-02-15 22:46:50.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.557 [GMT 2:00]
Running from: C:\Documents and Settings\jakke\Työpöytä\ComboFix(2).exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\23990098.$$$
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Helper
C:\Program Files\Helper\1202738063.dll
C:\Program Files\tmp7406671.exe\
C:\Program Files\tmp7410265.exe\
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\awtqqpq.dll
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\iiyndkds.dll
C:\WINDOWS\system32\jkkhffg.dll
C:\WINDOWS\system32\LogCrypt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\winhab32.dll
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\EXPAudioCDGrabber2.dll.bad
C:\VundoFix Backups\EXPAudioFile2.dll.bad
C:\VundoFix Backups\EXPAudioPlayer2.dll.bad
C:\VundoFix Backups\EXPAudioRecord2.dll.bad
C:\VundoFix Backups\EXPWMAFile2.dll.bad

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME




















((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-15 to 2008-02-15 )))))))))))))))))
.

2008-02-15 22:46 . 2008-02-15 22:49 <KANSIO> d-------- C:\ComboFix(2)
2008-02-15 20:26 . 2008-02-15 22:08 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-15 15:42 . 2008-02-15 15:42 <KANSIO> d-------- C:\Program Files\Adobe
2008-02-15 15:41 . 2008-02-15 20:24 <KANSIO> d--hs---- C:\Config.Msi
2008-02-14 21:15 . 2008-02-15 07:28 8,704 --a------ C:\WINDOWS\system32\LogCrypt.0ll
2008-02-14 21:13 . 1,072,746,496 C:\hiberfil.sys
2008-02-14 19:08 . 2008-02-14 19:08 <KANSIO> d-------- C:\Documents and Settings\jakke\Application Data\Grisoft
2008-02-14 19:08 . 2008-02-14 19:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 19:08 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-14 13:25 . 2008-02-14 13:44 <KANSIO> d-------- C:\Downloads
2008-02-14 13:23 . 2008-02-14 13:44 <KANSIO> d-------- C:\Kaspersky
2008-02-13 16:04 . 2008-02-13 16:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-13 15:52 . 2008-02-13 15:52 <KANSIO> d-------- C:\RegSeeker
2008-02-13 07:13 . 2008-02-13 07:11 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 07:13 . 2008-02-13 07:13 3,459 --a------ C:\WINDOWS\unins000.dat
2008-02-13 07:07 . 2008-02-13 07:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 05:59 . 2008-02-13 05:59 106 --a------ C:\delete.bat
2008-02-12 20:39 . 2008-02-12 20:39 <KANSIO> d-------- C:\Program Files\SysCleaner
2008-02-12 07:58 . 2008-02-15 22:10 25,984 --a------ C:\WINDOWS\system32\drivers\Xek41.sys
2008-02-12 07:43 . 2008-02-12 07:43 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-02-12 07:39 . 2008-02-12 08:01 <KANSIO> d-------- C:\SDFix
2008-02-12 07:29 . 2008-02-14 12:56 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-12 07:19 . 2008-02-14 22:16 <KANSIO> d-------- C:\QooBox
2008-02-12 07:18 . 2004-09-15 14:00 390,656 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-12 07:18 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-02-12 07:18 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-02-12 07:18 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-02-12 07:18 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-12 07:18 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-12 07:18 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-12 07:18 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-12 07:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-12 07:18 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-02-11 22:05 . 2008-02-14 16:36 <KANSIO> d-------- C:\hijackthis
2008-02-11 15:53 . 2008-02-13 06:33 14 --ah----- C:\WINDOWS\mmax_hren2.ini
2008-02-11 15:51 . 2008-02-11 15:51 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-10 23:27 . 2008-02-10 23:27 <KANSIO> d-------- C:\Program Files\Common Files\Download Manager
2008-02-10 12:11 . 2008-02-10 12:11 <KANSIO> d-------- C:\Documents and Settings\jakke\WINDOWS
2008-02-10 12:11 . 1998-07-30 18:40 306,176 --a------ C:\WINDOWS\IsUn0413.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 20:28 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-15 20:08 805,306,368 --sha-w C:\pagefile.sys
2008-02-15 15:50 --------- d--h--w C:\Program Files\Common Files\NonShare
2008-02-15 13:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 17:01 --------- d-----w C:\Program Files\Internet Explorer
2008-02-13 09:41 --------- d-----w C:\Program Files\KeyLogger
2008-02-12 20:55 --------- d-----w C:\Program Files\utorrent
2008-02-11 14:27 --------- d-----w C:\Documents and Settings\jakke\Application Data\uTorrent
2008-02-10 21:27 --------- d-----w C:\Program Files\Common Files
2008-02-09 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
2008-01-23 06:36 --------- d-----w C:\Documents and Settings\jakke\Application Data\Joost
2008-01-11 05:37 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
2008-01-03 18:16 --------- d-----w C:\Program Files\Sony
2008-01-02 17:05 --------- d-----w C:\Documents and Settings\jakke\Application Data\TVU Networks
2008-01-01 20:23 --------- d-----w C:\Program Files\Java
2007-12-26 18:26 --------- d-----w C:\Documents and Settings\jakke\Application Data\Ahead
2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-08 05:14 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:14 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
2007-12-07 02:14 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
2007-12-07 02:14 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
2007-12-07 02:14 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
2007-12-07 02:14 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
2007-12-07 02:14 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
2007-12-07 02:14 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
2007-12-07 02:14 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
2007-12-07 02:14 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
2007-12-07 02:14 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
2007-12-07 02:14 105,984 ----a-w C:\WINDOWS\system32\url.dll
2007-12-07 02:14 102,912 ----a-w C:\WINDOWS\system32\occache.dll
2007-12-07 02:14 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
2007-12-07 02:13 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
2007-12-07 02:13 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
2007-12-07 02:13 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
2007-12-07 02:13 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
2007-12-07 02:13 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
2007-12-07 02:13 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
2007-12-07 02:13 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
2007-12-07 02:13 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-23 22:26 5537792]
"AGRSMMSG"="AGRSMMSG.exe" [2004-03-19 13:40 88363 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-10-17 14:51 196670]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 07:03 149024]
"PWRISOVM.EXE"="e:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]
"!AVG Anti-Spyware"="E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2004-06-02 17:48:22 565309]
TMMonitor.lnk - E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2007-09-10 19:53:27 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
LogCrypt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-15 22:08 6656 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-23 22:26 1495040 C:\WINDOWS\system32\nwiz.exe

R0 Xek41;Xek41;C:\WINDOWS\system32\Drivers\Xek41.sys [2008-02-15 22:10]
S3 bdacap;%BdaSWCapture.DeviceDesc%;C:\WINDOWS\system32\drivers\bdacap.sys [2006-05-18 09:01]
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 08:55]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a212171-d7b9-11dc-85b9-00904b916ce3}]
\Shell\AutoRun\command - H:\setup\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 22:49:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?1?9?9??????? ?(?B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.



***************************



Logfile of HijackThis v1.99.1
Scan saved at 22:50, on 2008-02-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] e:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TMMonitor.lnk = E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172684265537
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://miplaya1.axiscam.net/activex/AMC.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

scannaa hjt:llä merkkaa paina Fix checked

O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing)


=============

Avaa KillBox ja laita "täppi" kohtaan Delete on Reboot sekä paina kohdasta All Files niin ,että se alkaa "vilkkumaan" vihreänä.

Kopioi tuosta alta kaikki yhtäaikkaa

C:\WINDOWS\SYSTEM32\WLCtrl32.dll

Valitse ylhäältä valikosta File ja sitten Paste from Clipboard.

Riville Full Path of File to Delete ilmestyy jokin annetuista poluista ja tiedosto näkyy rivin alapuolella sinisellä merkittynä jos se löytyy koneelta.Paina tämän jälkeen oikealla olevaa punaista ympyrää jossa on valkoinen rasti.

Haluatko buutata nyt ? Vastaa tähän Kyllä

Tämän jälkeen kone buuttaa itsensä. Jos ei buuttaa niin suorita toimenpide itse "käsin".

=========

scannaa uusi hjt:n loki

 

Skannasin HJT'llä ennen ja ja jälkeen Killboxin- Molemmat logit alla.

Mitäs tuumaat ao. ilmoituksesta, kun yritin päästä Afterdawniin.
Laitoin kyllä Firefoxin Windows'n palomuurin sallittuihin ja se mielestäni
auttoi jonkin verran. Ilmoitus kyllä tuli uudelleenkin..

Yhteys keskeytyi
Yhteys palvelimeen alustettiin kesken latauksen.

* Sivusto voi olla väliaikaisesti saavuttamattomissa tai kovan rasituksen
alaisena. Yritä hetken kuluttua uudestaan.

* Jos mitkään sivustot eivät toimi, tarkista tietokoneen
verkkoasetukset.

* Jos tietokone tai verkko on suojattu palomuurilla tai välityspalvelin on
käytössä, tarkista että Firefoxin verkkoyhteyttä ei estetä.

Asensin tähän yhteen koneeseen äsken aamusta Firefoxin ja toin tikulla tähän noi HJT logit.
Voisko pöpö siirtyä langattomassa verkossa tai sitten tikulla? Skannasin kyllä tikun AVG:llä
ja Antivir'llä. Mitään ei löytynyt...

Yhteys muuten keskeytyi jälleen kun yritin laittaa tän vietin ekan kerran..

Vedin modeemin ja langattoman piuhat seinästä..Se auttoi..Saa nähdä palaako vaiva...
Nyt tätä viestiä laittaan uusiks )
Jos vikaa on myös Elisassa...
-undo-


Logfile of HijackThis v1.99.1
Scan saved at 07:21, on 2008-02-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] e:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TMMonitor.lnk = E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172684265537
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://miplaya1.axiscam.net/activex/AMC.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe





*******************






Logfile of HijackThis v1.99.1
Scan saved at 07:32, on 2008-02-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] e:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TMMonitor.lnk = E:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172684265537
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://miplaya1.axiscam.net/activex/AMC.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Juuh..No nii...Sammutin nettiyhteyden kannettavasta, mitä ollaan korjaamassa ja netti nopeutu muissa koneissa. Taitaa haukata mömmömasiina kaistasta aika siivun..
-undo-

 

Niin tuota et oo saanut killboxsilla tapettua C:\WINDOWS\SYSTEM32\WLCtrl32.dll