Turhia pop-uppeja

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:14, on 4.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5024 bytes

 

Apua! Kiitos.

 

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

===============

Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

 

Vundo ei löytäny mitää. Kumma juttu?

Täs smitfraudin logi
SmitFraudFix v2.279

Scan done at 20:07:01,31, to 07.02.2008
Run from C:\Documents and Settings\Master\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Master


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Master\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Master\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Onko tuossa jotain? VITUTTAA NIIN PERKELEESTI NUO POP-UPIT.

 

aja tuo vundofix

ja uudelleen nimeä

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <== scanneriksi

=====================

Mene käynnistä -> suorita -> services.msc -> ok

Katso että ei ole viestinvälitys päällä tuplaKlikkaa viestinvälitys kohtaa

jos on päällä laita seis ja alasvetovalikosta ei käytössä

Käytä ja ok

=========

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

=========

 

Selitätkö uudelleen ton alun?

 

Tuoko

Uudelleen nimeäminen

1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.


2. Valitse Uudelleennineä/ Rename.

3. Kirjoita scanner.exe



laitoin tuonne ylös vielä lisää

 

luulen et toimi toi hjt fix checked juttu. loppu yhtäkkiä pop-uppien tulo.

Kiitoksia =)

 

hei tää on vanha versio SmitFraudFix v2.279 poista ja lataa tuosta linkistä uusi ja ajo ohjeen mukaan

Linkki

 

Eipäs auttanutkaan, tuli taas pop-uppi Hätäilin jo vähän. Noh, jokin ratkasu on pakko löytää.

 

jatka noiten ohjeiten mukaan smitfraudfix oli vanha

Tolla versiolla se uusi SmitFraudFix v2.283...

 

Kopsaanko smitfraudin login taas vai mitä meinasit?
SmitFraudFix v2.283

Scan done at 19:09:38,92, pe 08.02.2008
Run from C:\Documents and Settings\Master\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Master\Työpöytä\VundoFix.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Master


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Master\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Master\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

sitten eteenpäin vain

tarkista tuo viestinvälitys ja se uudelleen nimeäminen ja laita hjt:n loki scannaten uusi

 

Viestinvälitys oli pois käytöstä, laitoin nimen scanneriks ja täs logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:21, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5329 bytes

 

noooh....

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

==========

1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=========

Mitäs ne pop upit on?

 

SDFix: Version 1.138

Run by XXX on pe 08.02.2008 at 20:09

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\DOCUME~1\Master\TYPYT~1\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:



Could Not Remove C:\WINDOWS\system32\drivers\core.cache.dsk



Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 20:14:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a1,29,4c,17,75,4d,84,0e,f5,af,0e,c3,41,19,38,6e,06,d2,78,48,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a1,29,4c,17,75,4d,84,0e,f5,af,0e,c3,41,19,38,6e,06,d2,78,48,f6,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Master\\Ty”p”yt„\\nuuskut.txt"="C:\\Documents and Settings\\Master\\Ty”p”yt„\\nuuskut.txt:*:Enabled:nuuskut"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------
C:\WINDOWS\system32\drivers\core.cache.dsk Found

File Backups: - C:\DOCUME~1\Master\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 14 Sep 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Tue 14 Sep 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 14 Sep 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Tue 14 Sep 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT7.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\666b695e836da06343cda856c4858ddf\BIT3D.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1095dcf1989563f29249489b5df12215\download\BIT158.tmp"
Tue 2 Oct 2007 115,981 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1311dcccf2dbdfa1f9b146f0c11d0fc5\download\BIT13E.tmp"
Thu 7 Sep 2006 44,287 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18f7de7388f2ecc3ee2c049ee2fc9d0e\download\BIT143.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1b545c6af3a362a0e6fc8cdd2c1cc98c\download\BIT14B.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2a9af77915d50aa8c49a031a1f10b6ff\download\BIT151.tmp"
Sat 31 Mar 2007 670,729 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3082d0faf4ab17888ff73a544582dfd5\download\BIT147.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\35e2767a301c333b8486b013036ee4f6\download\BIT153.tmp"
Fri 1 Jun 2007 19,614 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3b5bc2876ee7228987c0a0d662ec1c40\download\BIT13A.tmp"
Wed 19 Apr 2006 1,053,649 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52d535445a7e6158af3f02ffad4711ed\download\BIT138.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\56f70cca1e2a40d22c814f1bfefc9bb1\download\BIT150.tmp"
Fri 2 Jun 2006 65,496 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d84bce1e6dc6864a3cf8fb4b6fd376a\download\BIT141.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\64280fa1997e4f7f6a00252b4a55a0f8\download\BIT154.tmp"
Sat 2 Dec 2006 171,900 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6a5e0ac81b305e5bbc0293b72ef8338c\download\BIT13D.tmp"
Tue 1 May 2007 159,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6c3b88f4b16cf163a4cea1e14aee9425\download\BIT139.tmp"
Tue 7 Aug 2007 371,630 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7643647af098b499f9f8f36bf81f536d\download\BIT13B.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\79c3ec9e566ab9aff1b04775d258df76\download\BIT149.tmp"
Sat 3 Jun 2006 89,046 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7cde4e92d87f06cc4457a83c3710b62a\download\BIT145.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\83b6df52cdb930a6f939b1d4798b27c5\download\BIT14D.tmp"
Fri 28 Jul 2006 55,420 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\86831e5e925ba02101beff57397757f9\download\BIT146.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a63c9398158ec80701db982bcbd7cca\download\BIT14C.tmp"
Mon 7 Feb 2005 19,452 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9136a9b97bccf847c5b41e7a92b17920\download\BIT13C.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\96156a2ef7a2c5dee8d691fa03c9edb1\download\BIT157.tmp"
Tue 3 Oct 2006 64,340 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a489706e9d5ea7dc3d43b43642a7d51d\download\BIT13F.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a70a26467dba6eddb633f66a1b811ee8\download\BIT156.tmp"
Fri 30 Mar 2007 69,466 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5be6d028e4dbb6dd6a89ccb6fd68f72\download\BIT142.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6eb675d5f85f7cde20befdb34dbe983\download\BIT148.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cef940f3b263e71524ca627eee33edea\download\BIT14E.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da1ac56032a36483312d057364518075\download\BIT14A.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3733102018a3400101ffede29e556f9\download\BIT14F.tmp"
Sat 31 Mar 2007 125,293 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e41a589dc265b6b9321428a83ae844bb\download\BIT140.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e9f0c995ce3c4067e6bbdab6d52cf97e\download\BIT155.tmp"
Wed 8 Jun 2005 19,867 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ea0f75676c11484a862a8b83cc7166ab\download\BIT144.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee5488f0a0d7c2d3346104b76390be31\download\BIT152.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:17, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5343 bytes

Teen combon täs seuraavana.

 

Pop-upit o yleensä mainoksia tai url.adtrgt.com/jotainsössöä joka sisältää ip.osoitteeni ja Firefoxin sivun osoitteen (pop-up siis aukeaa IE:ssä.)

ComboFix 08-02.05.3 - Master 2008-02-08 20:22:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1628 [GMT 2:00]
Running from: C:\Documents and Settings\Master\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . poisto epäonnistui

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-08 to 2008-02-08 )))))))))))))))))
.

2008-02-07 19:20 . 2008-02-07 19:20 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Media Player Classic
2008-02-06 21:04 . 2008-02-06 21:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-06 21:02 . 2008-02-06 21:02 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-02-05 22:44 . 2008-02-05 22:44 <KANSIO> d-------- C:\Program Files\Notebook Hardware Control
2008-02-05 19:05 . 2008-02-08 20:02 <KANSIO> d-------- C:\Program Files\mIRC
2008-02-04 19:19 . 2008-02-04 19:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-03 17:12 . 2008-02-03 17:12 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Grisoft
2008-02-03 17:09 . 2008-02-03 17:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-03 15:01 . 2008-02-03 16:04 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\BSplayer PRO
2008-02-03 15:00 . 2008-02-03 15:00 <KANSIO> d-------- C:\Program Files\Webteh
2008-02-03 14:10 . 2008-02-03 14:10 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-02-03 14:10 . 2008-02-03 14:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 14:09 . 2008-02-03 14:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 17:23 . 2008-02-02 17:23 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\DAEMON Tools
2008-02-02 16:09 . 2008-02-02 16:09 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-02 15:50 . 2008-02-02 15:50 <KANSIO> d-------- C:\Documents and Settings\Master\Contacts
2008-02-02 15:32 . 2008-02-02 15:35 <KANSIO> d-------- C:\Program Files\uTorrent
2008-02-02 15:32 . 2008-02-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\uTorrent
2008-02-02 15:28 . 2008-02-06 19:32 <KANSIO> d-------- C:\Program Files\Windows Live
2008-02-02 15:28 . 2008-02-02 15:36 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-02 15:28 . 2008-02-02 15:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-02 15:24 . 2008-02-02 15:28 <KANSIO> d-------- C:\Program Files\Winamp
2008-02-02 15:24 . 2008-02-02 16:11 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Winamp
2008-02-02 15:02 . 2008-02-02 15:13 <KANSIO> d-------- C:\Program Files\CONEXANT
2008-02-02 14:57 . 2008-02-05 19:04 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\mIRC
2008-02-02 14:26 . 2008-02-02 14:26 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-02 13:17 . 2008-02-02 13:17 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-02-01 21:48 . 2008-02-02 15:02 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-01 21:48 . 2008-02-01 21:48 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\InstallShield
2008-02-01 21:47 . 2008-02-01 21:47 <KANSIO> d-------- C:\Program Files\Synaptics
2008-02-01 21:47 . 2008-02-01 21:47 <KANSIO> d-------- C:\Program Files\Hp
2008-02-01 21:47 . 2008-02-02 14:56 <KANSIO> d-------- C:\Program Files\Hewlett-Packard
2008-02-01 21:47 . 2008-02-01 23:19 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 18:27 256,032 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-08 18:16 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-08 18:12 932 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-02-08 17:09 3,686 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-07 05:05 4,784 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-06 19:03 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-02-06 19:03 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-02-03 13:01 86,144 ----a-w C:\WINDOWS\system32\drivers\beepp.sys
2008-02-02 14:59 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-02 11:31 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-01 22:55 83,456 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-01 19:49 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-01 19:49 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-02-01 18:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-27 12:37 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
2007-12-24 11:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-05 00:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-04 00:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 21:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 21:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-11 17:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-11 17:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-11 17:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-11 17:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-11 17:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-11 17:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-11 17:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-11 17:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-11 17:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-11 17:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-11 17:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-11 17:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-11 17:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-11 17:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-11 17:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-11-11 17:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-11 17:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-11 17:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-11 17:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-11 17:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-11 17:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-11 17:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-11 17:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-11 17:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-11 17:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-11 17:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-11 17:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-11 17:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-11 17:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-11 17:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-11 17:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-11 17:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-11 17:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-11 17:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-11 17:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-11 17:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-11 17:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-11 17:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-11 17:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-11 17:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-11 17:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-11 17:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-11 17:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-11 17:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-11 17:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-11 17:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-11 17:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-11 17:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-11 17:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-11 17:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-11 17:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-11 17:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-11 17:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-11 17:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-11 17:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-11 17:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-11 17:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-11-11 17:51 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-11-11 17:51 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-11-11 17:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 13:21 472632]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 14:13 202032]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 19:51 8523776]
"nwiz"="nwiz.exe" [2007-11-11 19:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 19:51 81920]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-03-23 15:45 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R1 beepp;beepp;C:\WINDOWS\system32\drivers\beepp.sys [2008-02-03 15:01]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-11-14 11:04]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 20:25:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sol.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2008-02-08 20:29:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 18:29:23
.
2008-02-05 14:39:25 --- E O F ---

 

Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

Tallenna se nimellä CFScript

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

===================

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

 

ComboFix 08-02.05.3 - Master 2008-02-08 23:31:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1577 [GMT 2:00]
Running from: C:\Documents and Settings\Master\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Master\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\drivers\core.cache.dsk
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . poisto epäonnistui

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-08 to 2008-02-08 )))))))))))))))))
.

2008-02-08 20:19 . 2004-09-14 15:12 390,656 --a------ C:\kmd.exe
2008-02-08 20:12 . 2008-02-08 20:12 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-02-08 20:08 . 2008-02-08 20:08 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-02-07 20:06 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-07 20:06 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-07 20:06 . 2008-02-02 00:55 83,456 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-07 20:06 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-07 20:06 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-07 20:06 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-07 20:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-07 19:20 . 2008-02-07 19:20 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Media Player Classic
2008-02-07 19:08 . 2008-02-07 19:08 <KANSIO> d-------- C:\VundoFix Backups
2008-02-06 21:04 . 2008-02-06 21:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-06 21:02 . 2008-02-08 23:34 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-02-06 21:02 . 2008-02-06 21:02 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-02-05 22:44 . 2008-02-05 22:44 <KANSIO> d-------- C:\Program Files\Notebook Hardware Control
2008-02-05 22:44 . 2008-02-08 20:27 22,528 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-05 19:05 . 2008-02-08 20:31 <KANSIO> d-------- C:\Program Files\mIRC
2008-02-04 19:19 . 2008-02-04 19:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-03 17:12 . 2008-02-03 17:12 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Grisoft
2008-02-03 17:10 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-03 17:09 . 2008-02-03 17:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-03 17:00 . 2008-02-08 19:09 3,686 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-03 15:01 . 2008-02-03 16:04 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\BSplayer PRO
2008-02-03 15:01 . 2008-02-03 15:01 86,144 --a------ C:\WINDOWS\system32\drivers\beepp.sys
2008-02-03 15:00 . 2008-02-03 15:00 <KANSIO> d-------- C:\Program Files\Webteh
2008-02-03 14:10 . 2008-02-03 14:10 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-02-03 14:10 . 2008-02-03 14:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 14:09 . 2008-02-03 14:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 11:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 11:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 11:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-02 18:20 . 2008-02-02 18:20 27 --a------ C:\WINDOWS\SmartAudio.INI
2008-02-02 17:23 . 2008-02-02 17:23 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\DAEMON Tools
2008-02-02 16:59 . 2008-02-02 16:59 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-02 16:09 . 2008-02-02 16:09 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-02 16:00 . 2008-02-02 16:00 <KANSIO> d-------- C:\f466ba627de55d733607a31c14
2008-02-02 15:50 . 2008-02-02 15:50 <KANSIO> d-------- C:\Documents and Settings\Master\Contacts
2008-02-02 15:47 . 2008-02-02 15:47 268 --ah----- C:\sqmdata00.sqm
2008-02-02 15:47 . 2008-02-02 15:47 244 --ah----- C:\sqmnoopt00.sqm
2008-02-02 15:36 . 2008-02-02 15:36 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-02 15:32 . 2008-02-02 15:35 <KANSIO> d-------- C:\Program Files\uTorrent
2008-02-02 15:32 . 2008-02-08 23:32 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\uTorrent
2008-02-02 15:28 . 2008-02-06 19:32 <KANSIO> d-------- C:\Program Files\Windows Live
2008-02-02 15:28 . 2008-02-02 15:36 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-02 15:28 . 2008-02-02 15:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-02 15:24 . 2008-02-02 15:28 <KANSIO> d-------- C:\Program Files\Winamp
2008-02-02 15:24 . 2008-02-02 16:11 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Winamp
2008-02-02 15:18 . 2008-02-03 22:31 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-02-02 15:02 . 2008-02-02 15:13 <KANSIO> d-------- C:\Program Files\CONEXANT
2008-02-02 15:02 . 2005-06-22 10:56 110,592 --------- C:\WINDOWS\system32\SmartAudio.cpl
2008-02-02 15:02 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-02-02 15:02 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-02-02 14:57 . 2008-02-05 19:04 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\mIRC
2008-02-02 14:53 . 2008-02-02 14:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-02 14:26 . 2008-02-02 14:26 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-02 14:14 . 2007-11-11 19:51 8,523,776 --a------ C:\WINDOWS\system32\nvcpl.dll
2008-02-02 13:31 . 2008-02-02 13:31 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-02 13:29 . 2008-02-02 13:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-02 13:29 . 2008-02-02 13:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-02 13:17 . 2008-02-02 13:17 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-02-02 10:03 . 2006-11-10 10:19 356,352 --a------ C:\WINDOWS\system32\nvusmu.exe
2008-02-02 10:03 . 2006-09-11 17:27 356,352 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-02-02 10:03 . 2007-05-01 08:11 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-02-02 10:03 . 2007-04-02 19:06 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-02-02 10:03 . 2006-09-11 16:14 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-02-02 10:03 . 2007-01-03 12:20 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-02-02 10:03 . 2006-10-19 10:36 528 --a------ C:\WINDOWS\system32\nvsmu.nvu
2008-02-01 23:18 . 2001-10-05 15:48 96,640 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2008-02-01 23:18 . 2001-10-05 15:48 96,640 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys
2008-02-01 21:49 . 2008-02-01 21:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-01 21:49 . 2008-02-01 21:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-02-01 21:48 . 2008-02-02 15:02 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-01 21:48 . 2008-02-01 21:48 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\InstallShield
2008-02-01 21:47 . 2008-02-01 21:47 <KANSIO> d-------- C:\Program Files\Synaptics
2008-02-01 21:47 . 2008-02-01 21:47 <KANSIO> d-------- C:\Program Files\Hp
2008-02-01 21:47 . 2008-02-02 14:56 <KANSIO> d-------- C:\Program Files\Hewlett-Packard
2008-02-01 21:47 . 2008-02-01 23:19 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2008-02-01 21:47 . 2007-09-14 19:09 213,696 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-02-01 21:47 . 2007-09-14 19:13 196,608 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-02-01 21:47 . 2007-09-14 19:13 163,840 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-02-01 21:47 . 2007-09-14 19:21 147,456 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-02-01 21:47 . 2007-09-14 19:50 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll
2008-02-01 21:46 . 2008-02-02 17:17 <KANSIO> d-------- C:\swsetup
2008-02-01 21:24 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 21:32 8,408 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-08 21:32 536,608 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-06 19:03 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-02-06 19:03 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-02-01 18:51 --------- d-----w C:\Program Files\microsoft frontpage
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 13:21 472632]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 14:13 202032]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 19:51 8523776]
"nwiz"="nwiz.exe" [2007-11-11 19:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 19:51 81920]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-03-23 15:45 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R1 beepp;beepp;C:\WINDOWS\system32\drivers\beepp.sys [2008-02-03 15:01]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-11-14 11:04]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 23:35:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\mshearts.exe
.
**************************************************************************
.
Completion time: 2008-02-08 23:37:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 21:37:02
ComboFix2.txt 2008-02-08 18:29:40
.
2008-02-05 14:39:25 --- E O F ---