trjoan.zlob.g piinaa

elikkäs tuo surullisen kuuluisa troijalainen kiusaa että jos tästä löytyisi jotain mitä fiksailla

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:01, on 10.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Programfiles\Canon\MultiPASS4\MPSERVIC.EXE
E:\Ohjelmat\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
c:\Programfiles\Canon\MultiPASS4\MPDBMgr.exe
C:\programfiles\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.fi/
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "E:\Ohjelmat\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MPTBox] c:\Programfiles\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Ohjelmat\adobe\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "E:\Pelit\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [WhatPulse] E:\Ohjelmat\WhatPulse\WhatPulse.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1202057562750
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: MpService - Canon Inc. - c:\Programfiles\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5758 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

=============

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=================

Javan päivitys ja välimuistin tyhjennys:

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

Lataa täältä uusi java

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 11
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

====================

Lataa Tästä Ccleaner
CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

 

ComboFix 08-12-09.03 - Administrator 2008-12-11 18:26:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1421 [GMT 2:00]
Sijainti: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\install.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-11 to 2008-12-11 )))))))))))))))))
.

2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\programfiles\Malwarebytes' Anti-Malware
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-11 16:08 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 16:08 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 23:50 . 2008-12-10 23:50 <DIR> d-------- c:\programfiles\Trend Micro
2008-12-10 13:12 . 2008-12-10 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-18 18:56 . 2008-12-10 15:50 8 --a------ c:\windows\system32\nvModes.dat
2008-11-15 11:51 . 2008-11-15 15:10 <DIR> d-------- c:\documents and settings\Guest\Application Data\Azureus
2008-11-15 11:31 . 2008-11-15 11:31 <DIR> d-------- c:\documents and settings\Guest\Application Data\ATI
2008-11-14 03:01 . 2008-11-14 03:01 <DIR> d-------- c:\programfiles\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 13:58 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2008-12-10 09:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2008-12-10 09:20 --------- d-----w c:\documents and settings\Guest\Application Data\AVG7
2008-12-05 16:47 2,328 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2008-11-23 10:01 --------- d--h--w c:\programfiles\InstallShield Installation Information
2008-11-10 11:35 --------- d-----w c:\program files\Common Files\Adobe
2008-10-31 11:03 2,829 ----a-w c:\windows\War3Unin.pif
2008-10-31 11:03 139,264 ----a-w c:\windows\War3Unin.exe
2008-10-25 13:50 582 ----a-w c:\documents and settings\Administrator\Application Data\wklnhst.dat
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 15:18 --------- d-----w c:\documents and settings\Administrator\Application Data\teamspeak2
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-02-14 17:08 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="e:\pelit\Steam\Steam.exe" [2008-10-08 1410296]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"WhatPulse"="e:\ohjelmat\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"WinDNN"="c:\documents and settings\Administrator\Application Data\Google\klnxv19819115.exe" [2008-12-10 123392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8527872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]
"DAEMON Tools"="e:\ohjelmat\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="e:\ohjelmat\quicktime\QTTask.exe" [2008-01-10 385024]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MPTBox"="c:\programfiles\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 167936]
"Adobe Reader Speed Launcher"="e:\ohjelmat\adobe\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-10-09 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-03 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\irc\\mirc_upp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Pelit\\Steam\\steamapps\\laviska\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Ohjelmat\\DC++\\DCPlusPlus.exe"=
"e:\\Pelit\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Pelit\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Ohjelmat\\Azureus\\Azureus.exe"=
"e:\\Ohjelmat\\Xfire\\xfire.exe"=
"e:\\Ohjelmat\\vectorworks\\VectorWorks.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"e:\\Ohjelmat\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"e:\\Ohjelmat\\Teamspeak2server\\server_windows.exe"=
"e:\\Pelit\\Warcraft III\\Frozen Throne.exe"=
"e:\\Pelit\\Steam\\steamapps\\laviska\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22957:TCP"= 22957:TCP:BitComet 22957 TCP
"22957:UDP"= 22957:UDP:BitComet 22957 UDP

R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-02-04 882688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44642f0c-d580-11dc-b164-0018f3cce9b3}]
\Shell\AutoRun\command - O:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1a06330-e4ae-11dc-b178-0018f3cce9b3}]
\Shell\AutoRun\command - L:\SetupSeriesA.exe

*Newly Created Service* - PROCEXP90
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-10 c:\windows\Tasks\At1.job
- c:\windows\system32\rrlH3755.exe []

2008-11-29 c:\windows\Tasks\At10.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At11.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At12.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At13.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At14.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At15.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At16.job
- c:\windows\system32\rrlH3755.exe []

2008-12-11 c:\windows\Tasks\At17.job
- c:\windows\system32\rrlH3755.exe []

2008-12-11 c:\windows\Tasks\At18.job
- c:\windows\system32\rrlH3755.exe []

2008-12-11 c:\windows\Tasks\At19.job
- c:\windows\system32\rrlH3755.exe []

2008-12-09 c:\windows\Tasks\At2.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At20.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At21.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At22.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At23.job
- c:\windows\system32\rrlH3755.exe []

2008-12-09 c:\windows\Tasks\At24.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At3.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At4.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At5.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At6.job
- c:\windows\system32\rrlH3755.exe []

2008-12-10 c:\windows\Tasks\At7.job
- c:\windows\system32\rrlH3755.exe []

2008-12-05 c:\windows\Tasks\At8.job
- c:\windows\system32\rrlH3755.exe []

2008-12-05 c:\windows\Tasks\At9.job
- c:\windows\system32\rrlH3755.exe []
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKLM-Run-CmUsbSound - cmcnfgu.cpl


.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.travian.fi/
uInternet Connection Wizard,ShellNext = iexplore
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r64xgoth.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 18:28:00
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Valmistumisajankohta: 2008-12-11 18:28:31
ComboFix-quarantined-files.txt 2008-12-11 16:28:27

Ennen ajoa: 418 312 192 bytes free
Ajon jälkeen: 694,116,352 tavua vapaana

208 --- E O F --- 2008-12-05 11:33:32



Malwarebytes' Anti-Malware 1.31
Tietokantaversio: 1456
Windows 5.1.2600 Service Pack 2

11.12.2008 18:24:52
mbam-log-2008-12-11 (18-24-52).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 351700
Kulunut aika: 2 hour(s), 13 minute(s), 17 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
D:\System Volume Information\_restore{090C0385-06A7-4A2D-BF98-40B395B0DAB5}\RP301\A0095852.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrlH3755.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.





JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Dec 11 18:43:44 2008

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.



siinä nyt on mun mielestä kaikki. eipä ole vika vielä lähtenyt vai onko edes tarkoituskaan?

 

scannaa uusi hjt:n loki

 

siinä


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:16, on 12.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programfiles\Java\jre6\bin\jqs.exe
c:\Programfiles\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programfiles\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Ohjelmat\adobe\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Ohjelmat\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\programfiles\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiles\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiles\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiles\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiles\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "E:\Ohjelmat\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MPTBox] c:\Programfiles\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Ohjelmat\adobe\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "E:\Pelit\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [WhatPulse] E:\Ohjelmat\WhatPulse\WhatPulse.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1202057562750
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiles\Java\jre6\bin\jqs.exe
O23 - Service: MpService - Canon Inc. - c:\Programfiles\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5958 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiles\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "E:\Ohjelmat\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Ohjelmat\adobe\Reader\Reader_sl.exe"

================

Lataa Lop S&D täältä

Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

 

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:9 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:232 Go (Free:39 Go)
E:\ (Local Disk) - NTFS - Total:455 Go (Free:260 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT - Total:953 Mo (Free:0 Go)
L:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( pe 12.12.2008|13:17 )

--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1

[07.02.2008|21:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[14.03.2008|18:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[04.02.2008|03:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[12.12.2008|12:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\AVG7
[10.12.2008|11:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
[03.02.2008|17:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\F-Secure
[10.12.2008|18:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[15.05.2008|22:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[04.02.2008|02:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[04.02.2008|03:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ispnews
[02.10.2008|22:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
[03.02.2008|19:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[11.12.2008|16:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[05.02.2008|13:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[10.12.2008|18:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[03.02.2008|19:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[14.02.2008|21:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
[07.02.2008|20:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[03.02.2008|18:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[21.10.2008|17:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
[11.04.2008|14:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Template
[04.02.2008|16:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\URUSoft
[10.03.2008|18:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ventrilo
[07.02.2008|22:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp
[03.02.2008|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
[29.04.2008|22:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Xfire
[0|tiedosto(a)] C:\DOCUME~1\ADMINI~1\APPLIC~1\tavua
[28|kansio(ta)] C:\DOCUME~1\ADMINI~1\APPLIC~1\tavua vapaana

[10.11.2008|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07.02.2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[03.03.2008|21:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[03.03.2008|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04.02.2008|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[03.04.2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[11.04.2008|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
[03.02.2008|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[11.12.2008|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[10.04.2008|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10.12.2008|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[09.03.2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[04.02.2008|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[03.02.2008|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[03.02.2008|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03.02.2008|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[18|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana

[04.02.2008|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana

[05.03.2008|19:08] C:\DOCUME~1\Guest\APPLIC~1\Adobe
[15.11.2008|11:31] C:\DOCUME~1\Guest\APPLIC~1\ATI
[10.12.2008|11:20] C:\DOCUME~1\Guest\APPLIC~1\AVG7
[15.11.2008|15:10] C:\DOCUME~1\Guest\APPLIC~1\Azureus
[04.02.2008|19:12] C:\DOCUME~1\Guest\APPLIC~1\Identities
[04.02.2008|19:15] C:\DOCUME~1\Guest\APPLIC~1\Macromedia
[19.11.2008|22:02] C:\DOCUME~1\Guest\APPLIC~1\Microsoft
[04.02.2008|19:14] C:\DOCUME~1\Guest\APPLIC~1\Mozilla
[16.05.2008|18:59] C:\DOCUME~1\Guest\APPLIC~1\Sun
[10.04.2008|19:21] C:\DOCUME~1\Guest\APPLIC~1\Template
[23.03.2008|11:50] C:\DOCUME~1\Guest\APPLIC~1\Winamp
[0|tiedosto(a)] C:\DOCUME~1\Guest\APPLIC~1\tavua
[13|kansio(ta)] C:\DOCUME~1\Guest\APPLIC~1\tavua vapaana

[03.02.2008|18:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[05.02.2008|07:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
[04.02.2008|02:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[5|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana

[04.02.2008|01:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks

[09.12.2008 23:00][--a------] C:\WINDOWS\tasks\At24.job
[10.12.2008 22:00][--a------] C:\WINDOWS\tasks\At23.job
[10.12.2008 21:00][--a------] C:\WINDOWS\tasks\At22.job
[11.12.2008 19:00][--a------] C:\WINDOWS\tasks\At20.job
[10.12.2008 20:00][--a------] C:\WINDOWS\tasks\At21.job
[11.12.2008 18:00][--a------] C:\WINDOWS\tasks\At19.job
[11.12.2008 16:00][--a------] C:\WINDOWS\tasks\At17.job
[10.12.2008 14:00][--a------] C:\WINDOWS\tasks\At15.job
[10.12.2008 15:00][--a------] C:\WINDOWS\tasks\At16.job
[11.12.2008 17:00][--a------] C:\WINDOWS\tasks\At18.job
[12.12.2008 13:00][--a------] C:\WINDOWS\tasks\At14.job
[10.12.2008 11:00][--a------] C:\WINDOWS\tasks\At12.job
[10.12.2008 12:00][--a------] C:\WINDOWS\tasks\At13.job
[29.11.2008 09:00][--a------] C:\WINDOWS\tasks\At10.job
[10.12.2008 10:00][--a------] C:\WINDOWS\tasks\At11.job
[05.12.2008 08:00][--a------] C:\WINDOWS\tasks\At9.job
[10.12.2008 06:00][--a------] C:\WINDOWS\tasks\At7.job
[05.12.2008 07:00][--a------] C:\WINDOWS\tasks\At8.job
[10.12.2008 04:00][--a------] C:\WINDOWS\tasks\At5.job
[10.12.2008 05:00][--a------] C:\WINDOWS\tasks\At6.job
[10.12.2008 03:00][--a------] C:\WINDOWS\tasks\At4.job
[10.12.2008 02:00][--a------] C:\WINDOWS\tasks\At3.job
[10.12.2008 01:00][--a------] C:\WINDOWS\tasks\At2.job
[11.12.2008 00:14][--a------] C:\WINDOWS\tasks\At1.job
[12.12.2008 12:14][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10.08.2004 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listaa hakemistoja sijainnissa c:\Programfiles

[10.11.2008|13:34] c:\Programfiles\Adobe
[10.04.2008|17:31] c:\Programfiles\Ahead
[03.03.2008|21:18] c:\Programfiles\Apple Software Update
[11.04.2008|14:43] c:\Programfiles\Canon
[11.12.2008|18:52] c:\Programfiles\CCleaner
[15.06.2008|21:41] c:\Programfiles\Conduit
[16.06.2008|14:00] c:\Programfiles\Hotspot_Shield
[23.11.2008|12:01] c:\Programfiles\InstallShield Installation Information
[11.04.2008|18:49] c:\Programfiles\internet explorer
[11.12.2008|18:44] c:\Programfiles\Java
[11.12.2008|16:08] c:\Programfiles\Malwarebytes' Anti-Malware
[18.02.2008|18:41] c:\Programfiles\microsoft frontpage
[10.04.2008|19:17] c:\Programfiles\Microsoft Office
[18.02.2008|18:41] c:\Programfiles\movie maker
[18.02.2008|18:41] c:\Programfiles\msn gaming zone
[14.11.2008|03:01] c:\Programfiles\MSXML 6.0
[18.02.2008|18:41] c:\Programfiles\netmeeting
[18.02.2008|18:41] c:\Programfiles\outlook express
[10.12.2008|23:50] c:\Programfiles\Trend Micro
[09.03.2008|19:23] c:\Programfiles\TRUST 640U SILVERLINE HEADSET USB
[18.02.2008|18:41] c:\Programfiles\windows media player
[18.02.2008|18:41] c:\Programfiles\windows nt
[18.02.2008|18:41] c:\Programfiles\xerox
[0|tiedosto(a)] c:\Programfiles\tavua
[25|kansio(ta)] c:\Programfiles\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[10.11.2008|13:35] C:\Program Files\Common Files\Adobe
[10.04.2008|17:31] C:\Program Files\Common Files\Ahead
[11.04.2008|14:40] C:\Program Files\Common Files\InstallShield
[04.02.2008|01:55] C:\Program Files\Common Files\Java
[10.04.2008|19:17] C:\Program Files\Common Files\Microsoft Shared
[04.02.2008|01:51] C:\Program Files\Common Files\MSSoap
[07.02.2008|20:23] C:\Program Files\Common Files\Nero
[29.08.2008|12:31] C:\Program Files\Common Files\NSV
[03.02.2008|17:42] C:\Program Files\Common Files\ODBC
[04.02.2008|01:51] C:\Program Files\Common Files\Services
[03.02.2008|17:42] C:\Program Files\Common Files\SpeechEngines
[03.02.2008|18:59] C:\Program Files\Common Files\Symantec Shared
[03.02.2008|19:32] C:\Program Files\Common Files\System
[03.02.2008|19:18] C:\Program Files\Common Files\WindowsLiveInstaller
[24.08.2008|18:19] C:\Program Files\Common Files\Wise Installation Wizard
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[17|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 34 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

Lopin kansioita ei löytynyt !

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

..... OK !

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS


--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 13:18:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Tarkistaa muita infektioita

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job



[F:32][D:2]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:6][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - pe 12.12.2008|13:18 - Option : [1]

--------------------\\ Tarkistus valmistui 13:18:41



ja uusi hjt logi vaik ei tarvittaiskaa mut varmuuden vuoksi heitän

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:49, on 12.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programfiles\Java\jre6\bin\jqs.exe
c:\Programfiles\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Ohjelmat\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\programfiles\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiles\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiles\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiles\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MPTBox] c:\Programfiles\Canon\MultiPASS4\MPTBox.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "E:\Pelit\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [WhatPulse] E:\Ohjelmat\WhatPulse\WhatPulse.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1202057562750
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiles\Java\jre6\bin\jqs.exe
O23 - Service: MpService - Canon Inc. - c:\Programfiles\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5272 bytes

 

Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 3 (Etsi) painamalla 3 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt

 

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.552 7.5.552 (Activated)
C:\ (Local Disk) - NTFS - Total:9 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:232 Go (Free:39 Go)
E:\ (Local Disk) - NTFS - Total:455 Go (Free:260 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT - Total:953 Mo (Free:0 Go)
L:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( pe 12.12.2008|14:55 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1

[07.02.2008|21:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[14.03.2008|18:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[04.02.2008|03:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[12.12.2008|12:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\AVG7
[10.12.2008|11:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
[03.02.2008|17:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\F-Secure
[10.12.2008|18:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[15.05.2008|22:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[04.02.2008|02:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[04.02.2008|03:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ispnews
[02.10.2008|22:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
[03.02.2008|19:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[11.12.2008|16:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[05.02.2008|13:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[10.12.2008|18:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[03.02.2008|19:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[14.02.2008|21:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
[07.02.2008|20:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[03.02.2008|18:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[21.10.2008|17:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
[11.04.2008|14:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Template
[04.02.2008|16:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\URUSoft
[10.03.2008|18:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ventrilo
[07.02.2008|22:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Winamp
[03.02.2008|18:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
[29.04.2008|22:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Xfire
[0|tiedosto(a)] C:\DOCUME~1\ADMINI~1\APPLIC~1\tavua
[28|kansio(ta)] C:\DOCUME~1\ADMINI~1\APPLIC~1\tavua vapaana

[10.11.2008|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07.02.2008|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[03.03.2008|21:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[03.03.2008|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04.02.2008|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[03.04.2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[11.04.2008|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
[03.02.2008|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[11.12.2008|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[10.04.2008|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10.12.2008|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[09.03.2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[04.02.2008|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[03.02.2008|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[03.02.2008|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03.02.2008|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[18|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana

[04.02.2008|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana

[05.03.2008|19:08] C:\DOCUME~1\Guest\APPLIC~1\Adobe
[15.11.2008|11:31] C:\DOCUME~1\Guest\APPLIC~1\ATI
[10.12.2008|11:20] C:\DOCUME~1\Guest\APPLIC~1\AVG7
[15.11.2008|15:10] C:\DOCUME~1\Guest\APPLIC~1\Azureus
[04.02.2008|19:12] C:\DOCUME~1\Guest\APPLIC~1\Identities
[04.02.2008|19:15] C:\DOCUME~1\Guest\APPLIC~1\Macromedia
[19.11.2008|22:02] C:\DOCUME~1\Guest\APPLIC~1\Microsoft
[04.02.2008|19:14] C:\DOCUME~1\Guest\APPLIC~1\Mozilla
[16.05.2008|18:59] C:\DOCUME~1\Guest\APPLIC~1\Sun
[10.04.2008|19:21] C:\DOCUME~1\Guest\APPLIC~1\Template
[23.03.2008|11:50] C:\DOCUME~1\Guest\APPLIC~1\Winamp
[0|tiedosto(a)] C:\DOCUME~1\Guest\APPLIC~1\tavua
[13|kansio(ta)] C:\DOCUME~1\Guest\APPLIC~1\tavua vapaana

[03.02.2008|18:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[05.02.2008|07:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
[04.02.2008|02:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[5|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana

[04.02.2008|01:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana

--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks

[09.12.2008 23:00][--a------] C:\WINDOWS\tasks\At24.job
[10.12.2008 22:00][--a------] C:\WINDOWS\tasks\At23.job
[10.12.2008 21:00][--a------] C:\WINDOWS\tasks\At22.job
[11.12.2008 19:00][--a------] C:\WINDOWS\tasks\At20.job
[10.12.2008 20:00][--a------] C:\WINDOWS\tasks\At21.job
[11.12.2008 18:00][--a------] C:\WINDOWS\tasks\At19.job
[11.12.2008 16:00][--a------] C:\WINDOWS\tasks\At17.job
[12.12.2008 14:00][--a------] C:\WINDOWS\tasks\At15.job
[10.12.2008 15:00][--a------] C:\WINDOWS\tasks\At16.job
[11.12.2008 17:00][--a------] C:\WINDOWS\tasks\At18.job
[12.12.2008 13:00][--a------] C:\WINDOWS\tasks\At14.job
[10.12.2008 11:00][--a------] C:\WINDOWS\tasks\At12.job
[10.12.2008 12:00][--a------] C:\WINDOWS\tasks\At13.job
[29.11.2008 09:00][--a------] C:\WINDOWS\tasks\At10.job
[10.12.2008 10:00][--a------] C:\WINDOWS\tasks\At11.job
[05.12.2008 08:00][--a------] C:\WINDOWS\tasks\At9.job
[10.12.2008 06:00][--a------] C:\WINDOWS\tasks\At7.job
[05.12.2008 07:00][--a------] C:\WINDOWS\tasks\At8.job
[10.12.2008 04:00][--a------] C:\WINDOWS\tasks\At5.job
[10.12.2008 05:00][--a------] C:\WINDOWS\tasks\At6.job
[10.12.2008 03:00][--a------] C:\WINDOWS\tasks\At4.job
[10.12.2008 02:00][--a------] C:\WINDOWS\tasks\At3.job
[10.12.2008 01:00][--a------] C:\WINDOWS\tasks\At2.job
[11.12.2008 00:14][--a------] C:\WINDOWS\tasks\At1.job
[12.12.2008 12:14][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10.08.2004 21:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listaa hakemistoja sijainnissa c:\Programfiles

[10.11.2008|13:34] c:\Programfiles\Adobe
[10.04.2008|17:31] c:\Programfiles\Ahead
[03.03.2008|21:18] c:\Programfiles\Apple Software Update
[11.04.2008|14:43] c:\Programfiles\Canon
[11.12.2008|18:52] c:\Programfiles\CCleaner
[15.06.2008|21:41] c:\Programfiles\Conduit
[16.06.2008|14:00] c:\Programfiles\Hotspot_Shield
[23.11.2008|12:01] c:\Programfiles\InstallShield Installation Information
[11.04.2008|18:49] c:\Programfiles\internet explorer
[11.12.2008|18:44] c:\Programfiles\Java
[11.12.2008|16:08] c:\Programfiles\Malwarebytes' Anti-Malware
[18.02.2008|18:41] c:\Programfiles\microsoft frontpage
[10.04.2008|19:17] c:\Programfiles\Microsoft Office
[18.02.2008|18:41] c:\Programfiles\movie maker
[18.02.2008|18:41] c:\Programfiles\msn gaming zone
[14.11.2008|03:01] c:\Programfiles\MSXML 6.0
[18.02.2008|18:41] c:\Programfiles\netmeeting
[18.02.2008|18:41] c:\Programfiles\outlook express
[10.12.2008|23:50] c:\Programfiles\Trend Micro
[09.03.2008|19:23] c:\Programfiles\TRUST 640U SILVERLINE HEADSET USB
[18.02.2008|18:41] c:\Programfiles\windows media player
[18.02.2008|18:41] c:\Programfiles\windows nt
[18.02.2008|18:41] c:\Programfiles\xerox
[0|tiedosto(a)] c:\Programfiles\tavua
[25|kansio(ta)] c:\Programfiles\tavua vapaana

--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files

[10.11.2008|13:35] C:\Program Files\Common Files\Adobe
[10.04.2008|17:31] C:\Program Files\Common Files\Ahead
[11.04.2008|14:40] C:\Program Files\Common Files\InstallShield
[04.02.2008|01:55] C:\Program Files\Common Files\Java
[10.04.2008|19:17] C:\Program Files\Common Files\Microsoft Shared
[04.02.2008|01:51] C:\Program Files\Common Files\MSSoap
[07.02.2008|20:23] C:\Program Files\Common Files\Nero
[29.08.2008|12:31] C:\Program Files\Common Files\NSV
[03.02.2008|17:42] C:\Program Files\Common Files\ODBC
[04.02.2008|01:51] C:\Program Files\Common Files\Services
[03.02.2008|17:42] C:\Program Files\Common Files\SpeechEngines
[03.02.2008|18:59] C:\Program Files\Common Files\Symantec Shared
[03.02.2008|19:32] C:\Program Files\Common Files\System
[03.02.2008|19:18] C:\Program Files\Common Files\WindowsLiveInstaller
[24.08.2008|18:19] C:\Program Files\Common Files\Wise Installation Wizard
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[17|kansio(ta)] C:\Program Files\Common Files\tavua vapaana

--------------------\\ Process

( 34 Processes )

... OK !

--------------------\\ Etsii S_Lopilla

Lopin kansioita ei löytynyt !

--------------------\\ Etsii Lopin tiedostoja ja kansioita

Lopin kansioita ei löytynyt !

--------------------\\ Etsii rekisterikohteita

..... OK !

--------------------\\ Tarkistaa Hosts-tiedostoa

Hosts-tiedosto PUHDAS


--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 14:57:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Tarkistaa muita infektioita

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job



[F:32][D:2]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:6][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - pe 12.12.2008|13:18 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - pe 12.12.2008|14:57 - Option : [3]

--------------------\\ Tarkistus valmistui 14:57:37

 

Onko toi C:\ asema täynnä 0 vapaata tilaa

==========================

Avaa Muistio ja kopioi/liitä lainauksen sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

siin c: on pelkkä windowsi ja siel on 675mt tilaa.



ComboFix 08-12-09.03 - Administrator 2008-12-12 16:09:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1544 [GMT 2:00]
Sijainti: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: g:\ilkka\CFScript.txt
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!

FILE ::
c:\docume~1\ADMINI~1\APPLIC~1\F-Secure
c:\docume~1\ADMINI~1\APPLIC~1\Symantec
c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
c:\windows\system32\rrlH3755.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-12 to 2008-12-12 )))))))))))))))))
.

2008-12-12 13:16 . 2008-12-12 14:57 <DIR> d-------- C:\Lop SD
2008-12-11 18:52 . 2008-12-11 18:52 <DIR> d-------- c:\programfiles\CCleaner
2008-12-11 18:45 . 2008-12-11 18:44 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 18:45 . 2008-12-11 18:44 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-11 18:44 . 2008-12-11 18:44 <DIR> d-------- c:\programfiles\Java
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\programfiles\Malwarebytes' Anti-Malware
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-11 16:08 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 16:08 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 23:50 . 2008-12-10 23:50 <DIR> d-------- c:\programfiles\Trend Micro
2008-12-10 13:12 . 2008-12-10 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-18 18:56 . 2008-12-10 15:50 8 --a------ c:\windows\system32\nvModes.dat
2008-11-15 11:51 . 2008-11-15 15:10 <DIR> d-------- c:\documents and settings\Guest\Application Data\Azureus
2008-11-15 11:31 . 2008-11-15 11:31 <DIR> d-------- c:\documents and settings\Guest\Application Data\ATI
2008-11-14 03:01 . 2008-11-14 03:01 <DIR> d-------- c:\programfiles\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 10:18 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2008-12-10 09:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2008-12-10 09:20 --------- d-----w c:\documents and settings\Guest\Application Data\AVG7
2008-12-05 16:47 2,328 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2008-11-23 10:01 --------- d--h--w c:\programfiles\InstallShield Installation Information
2008-11-10 11:35 --------- d-----w c:\program files\Common Files\Adobe
2008-10-31 11:03 2,829 ----a-w c:\windows\War3Unin.pif
2008-10-31 11:03 139,264 ----a-w c:\windows\War3Unin.exe
2008-10-25 13:50 582 ----a-w c:\documents and settings\Administrator\Application Data\wklnhst.dat
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 15:18 --------- d-----w c:\documents and settings\Administrator\Application Data\teamspeak2
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-02-14 17:08 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-11_18.28.11,71 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-11-10 19:27:06 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-12-11 16:44:53 144,792 ----a-w c:\windows\system32\java.exe
- 2005-11-10 19:27:16 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-11 16:44:53 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-11-10 21:03:54 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-11 16:44:53 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-12 10:14:58 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6b0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="e:\pelit\Steam\Steam.exe" [2008-10-08 1410296]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"WhatPulse"="e:\ohjelmat\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"WinDNN"="c:\documents and settings\Administrator\Application Data\Google\klnxv19819115.exe" [2008-12-10 123392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8527872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]
"DAEMON Tools"="e:\ohjelmat\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"MPTBox"="c:\programfiles\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 167936]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-03 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\irc\\mirc_upp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Pelit\\Steam\\steamapps\\laviska\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Ohjelmat\\DC++\\DCPlusPlus.exe"=
"e:\\Pelit\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Pelit\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Ohjelmat\\Azureus\\Azureus.exe"=
"e:\\Ohjelmat\\Xfire\\xfire.exe"=
"e:\\Ohjelmat\\vectorworks\\VectorWorks.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"e:\\Ohjelmat\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"e:\\Ohjelmat\\Teamspeak2server\\server_windows.exe"=
"e:\\Pelit\\Warcraft III\\Frozen Throne.exe"=
"e:\\Pelit\\Steam\\steamapps\\laviska\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22957:TCP"= 22957:TCP:BitComet 22957 TCP
"22957:UDP"= 22957:UDP:BitComet 22957 UDP

R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-02-04 882688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44642f0c-d580-11dc-b164-0018f3cce9b3}]
\Shell\AutoRun\command - O:\AutoRun.exe
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.travian.fi/
uInternet Connection Wizard,ShellNext = iexplore
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r64xgoth.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 16:10:04
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Valmistumisajankohta: 2008-12-12 16:10:32
ComboFix-quarantined-files.txt 2008-12-12 14:10:30
ComboFix2.txt 2008-12-11 16:28:32

Ennen ajoa: 673 464 320 bytes free
Ajon jälkeen: 658,665,472 tavua vapaana

219 --- E O F --- 2008-12-05 11:33:32

 

sitähän ei sitten paljoon eheytellä

==================

Avaa Muistio ja kopioi/liitä lainauksen sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

ComboFix 08-12-09.03 - Administrator 2008-12-12 16:39:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1519 [GMT 2:00]
Sijainti: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: g:\ilkka\CFScript.txt
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-12 to 2008-12-12 )))))))))))))))))
.

2008-12-12 13:16 . 2008-12-12 14:57 <DIR> d-------- C:\Lop SD
2008-12-11 18:52 . 2008-12-11 18:52 <DIR> d-------- c:\programfiles\CCleaner
2008-12-11 18:45 . 2008-12-11 18:44 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 18:45 . 2008-12-11 18:44 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-11 18:44 . 2008-12-11 18:44 <DIR> d-------- c:\programfiles\Java
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\programfiles\Malwarebytes' Anti-Malware
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 16:08 . 2008-12-11 16:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-11 16:08 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 16:08 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 23:50 . 2008-12-10 23:50 <DIR> d-------- c:\programfiles\Trend Micro
2008-12-10 13:12 . 2008-12-10 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-18 18:56 . 2008-12-10 15:50 8 --a------ c:\windows\system32\nvModes.dat
2008-11-15 11:51 . 2008-11-15 15:10 <DIR> d-------- c:\documents and settings\Guest\Application Data\Azureus
2008-11-15 11:31 . 2008-11-15 11:31 <DIR> d-------- c:\documents and settings\Guest\Application Data\ATI
2008-11-14 03:01 . 2008-11-14 03:01 <DIR> d-------- c:\programfiles\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 10:18 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2008-12-10 09:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2008-12-10 09:20 --------- d-----w c:\documents and settings\Guest\Application Data\AVG7
2008-12-05 16:47 2,328 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2008-11-23 10:01 --------- d--h--w c:\programfiles\InstallShield Installation Information
2008-11-10 11:35 --------- d-----w c:\program files\Common Files\Adobe
2008-10-31 11:03 2,829 ----a-w c:\windows\War3Unin.pif
2008-10-31 11:03 139,264 ----a-w c:\windows\War3Unin.exe
2008-10-25 13:50 582 ----a-w c:\documents and settings\Administrator\Application Data\wklnhst.dat
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 15:18 --------- d-----w c:\documents and settings\Administrator\Application Data\teamspeak2
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-02-14 17:08 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-11_18.28.11,71 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-11-10 19:27:06 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-12-11 16:44:53 144,792 ----a-w c:\windows\system32\java.exe
- 2005-11-10 19:27:16 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-11 16:44:53 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-11-10 21:03:54 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-11 16:44:53 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-12 10:14:58 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6b0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="e:\pelit\Steam\Steam.exe" [2008-10-08 1410296]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"WhatPulse"="e:\ohjelmat\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"WinDNN"="c:\documents and settings\Administrator\Application Data\Google\klnxv19819115.exe" [2008-12-10 123392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8527872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]
"DAEMON Tools"="e:\ohjelmat\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"MPTBox"="c:\programfiles\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 167936]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-03 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\irc\\mirc_upp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Pelit\\Steam\\steamapps\\laviska\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Ohjelmat\\DC++\\DCPlusPlus.exe"=
"e:\\Pelit\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Pelit\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Ohjelmat\\Azureus\\Azureus.exe"=
"e:\\Ohjelmat\\Xfire\\xfire.exe"=
"e:\\Ohjelmat\\vectorworks\\VectorWorks.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"e:\\Ohjelmat\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"e:\\Ohjelmat\\Teamspeak2server\\server_windows.exe"=
"e:\\Pelit\\Warcraft III\\Frozen Throne.exe"=
"e:\\Pelit\\Steam\\steamapps\\laviska\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22957:TCP"= 22957:TCP:BitComet 22957 TCP
"22957:UDP"= 22957:UDP:BitComet 22957 UDP

R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-02-04 882688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44642f0c-d580-11dc-b164-0018f3cce9b3}]
\Shell\AutoRun\command - O:\AutoRun.exe
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.travian.fi/
uInternet Connection Wizard,ShellNext = iexplore
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r64xgoth.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 16:39:45
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Valmistumisajankohta: 2008-12-12 16:40:14
ComboFix-quarantined-files.txt 2008-12-12 14:40:10
ComboFix2.txt 2008-12-12 14:10:33
ComboFix3.txt 2008-12-11 16:28:32

Ennen ajoa: 644 575 232 bytes free
Ajon jälkeen: 629,469,184 tavua vapaana

158 --- E O F --- 2008-12-05 11:33:32

 

Kirjoita suorita luukkuu

Combofix /u

paina Enter

=============

Poista

C:\Lop SD

 

ja mitäs sitte pitäs tehdä? ei oo toi troijalaine vieläkää lähteny

 

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Älä tee muuta sillä voi aiheuttaa koneen jumiutumisen

 

muuten hyvä mutta en pääse tuon troijalaisen takia nettiin.. tai selaimeen kun se aukaisee aina sen saman sivun siihen ja jos yrittää vaihtaa osoitetta niin selain kaatuu.

 

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.

 

niin en pääse vieläkään selailemaan nettiin

 

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi