Mesevirus, turvaPC, HJT logi

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

torstai 13.11.2025 / 21:05

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > mesevirus, turvapc, hjt logi

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Mesevirus, turvaPC, HJT logi

Siirry:

Kirjoittaja

Viesti

Eduzz

Newbie

5. kesäkuuta 2008 @ 16:47

Linkki tähän viestiin

Juu, eli olen nyt monta päivää yrittäny poistaa tuota TurvaPC virusta tuloksetta, joten pyydän nyt teiltä apua. Lisäksi olen vielä onnistunut avaamaan meseviruksen "kaverini lähettämästä" linkistä.
Olisin kiitollinen jos joku viitsisi katsoa onko logissa mitään hämärää ja neuvoa minua askel askeleelta kuinka poistaa mahdolliset virukset (olen huono tietokonejutuissa).

Eli kopioin tähän nyt sen HJT login..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:58, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe
O4 - HKLM\..\Run: [74a78974] rundll32.exe "C:\WINDOWS\system32\uvalgddw.dll",b
O4 - HKLM\..\Run: [BM7794bae8] Rundll32.exe "C:\WINDOWS\system32\tfvbusyw.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WintelUpdate] C:\vieiiy.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/npx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/fl...ent/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/nProt...Crypt/npkcx.cab
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9817 bytes

[ + lainaa]

Hujo

Suspended permanently

5. kesäkuuta 2008 @ 18:49

Linkki tähän viestiin

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Voiko tietsikka koskaan toimia?

Eduzz

Newbie

6. kesäkuuta 2008 @ 09:51

Linkki tähän viestiin

ComboFix 08-06-04.5 - Eetu 2008-06-06 9:42:05.2 - NTFSx86
Running from: C:\Documents and Settings\Eetu.EEEEE.000\Työpöytä\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM7794bae8.xml
C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BM7794bae8.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akhqledb.dll
C:\WINDOWS\system32\bxutrrqs.exe
C:\WINDOWS\system32\cygjcjpn.ini
C:\WINDOWS\system32\fccaWQjG.dll
C:\WINDOWS\system32\fmdwwexh.exe
C:\WINDOWS\system32\FOWHkUtv.ini
C:\WINDOWS\system32\FOWHkUtv.ini2
C:\WINDOWS\system32\gjlyacat.ini
C:\WINDOWS\system32\GjQWaccf.ini
C:\WINDOWS\system32\GjQWaccf.ini2
C:\WINDOWS\system32\gmhasjcc.ini
C:\WINDOWS\system32\hayanqpy.ini
C:\WINDOWS\system32\kgunwfff.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nafwjlve.dll
C:\WINDOWS\system32\obwursoe.exe
C:\WINDOWS\system32\pjlytqry.dll
C:\WINDOWS\system32\ttnwpltj.exe
C:\WINDOWS\system32\wddglavu.ini
C:\WINDOWS\system32\vfbsofrh.ini
C:\WINDOWS\system32\vtUkHWOF.dll
C:\WINDOWS\system32\xsgbkbsr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_msupdate

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 )))))))))))))))))
.

2008-06-05 19:31 . 2008-06-06 09:42 534 ---hs---- C:\WINDOWS\system32\wddglavu.ini
2008-06-05 19:16 . 2005-10-24 14:13 390,656 --a------ C:\WINDOWS\system32\CF2.exe
2008-06-05 16:33 . 2008-06-05 16:33 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-05 13:10 . 2008-06-05 13:10 132,608 --a------ C:\WINDOWS\system32\tbixdryu.dll
2008-06-05 13:07 . 2008-06-05 13:07 116,736 --a------ C:\WINDOWS\system32\uvalgddw.dll
2008-06-05 13:04 . 2008-06-05 13:04 126,976 --a------ C:\WINDOWS\system32\tfvbusyw.dll
2008-06-04 17:01 . 2008-06-04 17:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-03 19:20 . 2008-06-03 19:20 86,548 -r-hs---- C:\WINDOWS\service.0xe
2008-06-03 19:19 . 2008-06-03 19:54 4,217 --a------ C:\WINDOWS\is154890.exe
2008-06-02 22:30 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 19:27 . 2008-06-02 19:27 129,536 --a------ C:\WINDOWS\system32\drivers\Xqr42.0ys
2008-06-02 19:27 . 2008-06-02 19:27 29 --a------ C:\WINDOWS\system32\deoduoeu.tmp
2008-06-02 19:26 . 2008-06-06 09:47 71,602 --a------ C:\WINDOWS\system32\hcnwg4u.sys
2008-06-02 11:27 . 2008-06-02 11:28 <KANSIO> d-------- C:\BackUpMSNCleaner
2008-06-02 10:24 . 2008-06-02 10:24 132,096 --a------ C:\WINDOWS\system32\dxnvrnwp.0ll
2008-05-16 23:20 . 2008-05-16 23:20 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\AdobeUM
2008-05-15 19:08 . 2008-06-02 19:27 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\F-Secure
2008-05-15 19:00 . 2008-05-15 19:00 <KANSIO> d-------- C:\Program Files\uTorrent
2008-05-15 18:59 . 2008-05-30 07:42 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\uTorrent
2008-05-13 14:12 . 2008-05-13 14:12 <KANSIO> d-------- C:\Buziol Games
2008-05-11 10:22 . 2008-05-21 17:26 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Contacts
2008-05-11 09:40 . 2005-10-24 14:00 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Verkkoympäristö
2008-05-11 09:40 . 2008-06-05 19:40 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Työpöytä
2008-05-11 09:40 . 2005-10-24 14:00 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Tulostinympäristö
2008-05-11 09:40 . 2008-06-05 16:48 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Suosikit
2008-05-11 09:40 . 2008-05-30 13:28 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Omat tiedostot
2008-05-11 09:40 . 2005-10-28 11:50 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Mallit
2008-05-11 09:40 . 2008-05-15 19:00 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Käynnistä-valikko
2008-05-11 09:40 . 2008-05-11 09:40 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\ispnews
2008-05-11 09:40 . 2008-06-05 21:13 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000
2008-05-11 09:25 . 2008-05-11 09:25 <KANSIO> d-------- C:\F-Secure

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 08:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-24 10:36 --------- d-----w C:\Program Files\wowow
2008-05-24 10:32 --------- d-----w C:\Program Files\WoW Private server
2008-05-11 13:02 --------- d-----w C:\Program Files\Google
2008-05-10 16:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-10 16:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-09 15:37 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-05-05 18:44 --------- d-----w C:\Program Files\mIRC
2008-04-29 11:16 --------- d-----w C:\Program Files\Starcraft
2008-04-21 12:54 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-20 17:53 15,440 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-20 17:48 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2008-04-20 16:39 --------- d-----w C:\Program Files\starcraft + broodwar
2008-04-20 15:25 --------- d-----w C:\Program Files\PowerISO
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2006-02-26 19:23 178 ----a-w C:\Documents and Settings\Eki\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_19.38.21.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 16:26:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 05:49:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f67558df-8807-4fb1-8c5a-e974c49bdc60}]
2008-06-05 13:10 132608 --a------ C:\WINDOWS\system32\tbixdryu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-10-24 14:13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-20 18:20 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2005-10-24 14:02 1388544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-24 14:13 7110656]
"nwiz"="nwiz.exe" [2005-10-24 14:13 1519616 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-10-24 14:13 155648]
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2007-04-26 20:12 183208]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"News Service"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" [2005-05-31 15:45 356352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10 49263]
"Windows Messanger Control Center"="svchosl.exe" []
"74a78974"="C:\WINDOWS\system32\uvalgddw.dll" [2008-06-05 13:07 116736]
"BM7794bae8"="C:\WINDOWS\system32\tfvbusyw.dll" [2008-06-05 13:04 126976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-10-24 14:13 15360]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-10-28 11:52:18 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\limeshop]
wjview /cp:p C:\Program Files\LimeShop\System\Code Main lp: C:\Program Files\LimeShop

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwrisovm.exe]
--a------ 2008-03-15 02:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
--a------ 2006-04-01 22:21 77824 C:\Program Files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17533:TCP"= 17533:TCP:*:Disabled:BitComet 17533 TCP
"17533:UDP"= 17533:UDP:*:Disabled:BitComet 17533 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-08-14 09:27]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-02-21 11:18]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys []
S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1dfa432-43c6-11da-9c84-0013d438d2be}]
\Shell\AutoRun\command - D:\setupSNK.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 05:52:42 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~1\ANTI-V~1\report.txt
"2008-06-06 06:41:01 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 09:46:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-06 9:48:47
ComboFix-quarantined-files.txt 2008-06-06 06:48:43

Pre-Run: 116,579,545,088 tavua vapaana
Post-Run: 116,578,316,288 tavua vapaana

181 --- E O F --- 2008-06-05 18:12:53

[ + lainaa]

Hujo

Suspended permanently

6. kesäkuuta 2008 @ 17:23

Linkki tähän viestiin

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\WINDOWS\service.0xe
C:\WINDOWS\system32\uvalgddw.dll
C:\WINDOWS\system32\tfvbusyw.dll
C:\vieiiy.exe
C:\WINDOWS\svchosl.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

================

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe
O4 - HKLM\..\Run: [74a78974] rundll32.exe "C:\WINDOWS\system32\uvalgddw.dll",b
O4 - HKLM\..\Run: [BM7794bae8] Rundll32.exe "C:\WINDOWS\system32\tfvbusyw.dll",s
O4 - HKCU\..\Run: [WintelUpdate] C:\vieiiy.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll

=============

pistä raportit ja viimisenä uusi hjt:n loki

[ + lainaa]

Voiko tietsikka koskaan toimia?

Eduzz

Newbie

7. kesäkuuta 2008 @ 00:06

Linkki tähän viestiin

O4 - HKLM\..\Run: [MSN] C:\Windows\mservice.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\vieiiy.exe

Ei enää löytynyt, mutta voi johtua siitä että veli kävi scannaamassa Avira Antiviruksella koneen ja löytyi 1 virus, jonka hän sitten poisti.. Toivottavasti ei haittaa tätä.. Laitan nyt kuitenkin raportit tulemaan.

ComboFix 08-06-04.5 - Eetu 2008-06-06 21:37:31.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.450 [GMT 3:00]
Running from: C:\Documents and Settings\Eetu.EEEEE.000\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eetu.EEEEE.000\Omat tiedostot\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\vieiiy.exe
C:\WINDOWS\service.0xe
C:\WINDOWS\svchosl.exe
C:\WINDOWS\system32\tfvbusyw.dll
C:\WINDOWS\system32\uvalgddw.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\service.0xe
C:\WINDOWS\system32\tfvbusyw.dll
C:\WINDOWS\system32\uvalgddw.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-06 to 2008-06-06 )))))))))))))))))
.

2008-06-06 10:06 . 2008-06-06 10:06 <KANSIO> d-------- C:\Program Files\Avira
2008-06-06 10:06 . 2008-06-06 10:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-05 19:31 . 2008-06-06 09:42 534 ---hs---- C:\WINDOWS\system32\wddglavu.ini
2008-06-05 19:16 . 2005-10-24 14:13 390,656 --a------ C:\WINDOWS\system32\CF2.exe
2008-06-05 16:33 . 2008-06-05 16:33 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-05 13:10 . 2008-06-05 13:10 132,608 --a------ C:\WINDOWS\system32\tbixdryu.dll
2008-06-04 17:01 . 2008-06-04 17:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-03 19:19 . 2008-06-03 19:54 4,217 --a------ C:\WINDOWS\is154890.exe
2008-06-02 22:30 . 2008-06-02 22:30 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 19:27 . 2008-06-02 19:27 129,536 --a------ C:\WINDOWS\system32\drivers\Xqr42.0ys
2008-06-02 19:27 . 2008-06-02 19:27 29 --a------ C:\WINDOWS\system32\deoduoeu.tmp
2008-06-02 19:26 . 2008-06-06 21:42 71,602 --a------ C:\WINDOWS\system32\hcnwg4u.sys
2008-06-02 11:27 . 2008-06-02 11:28 <KANSIO> d-------- C:\BackUpMSNCleaner
2008-06-02 10:24 . 2008-06-02 10:24 132,096 --a------ C:\WINDOWS\system32\dxnvrnwp.0ll
2008-05-16 23:20 . 2008-05-16 23:20 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\AdobeUM
2008-05-15 19:08 . 2008-06-02 19:27 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\F-Secure
2008-05-15 19:00 . 2008-05-15 19:00 <KANSIO> d-------- C:\Program Files\uTorrent
2008-05-15 18:59 . 2008-05-30 07:42 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\uTorrent
2008-05-13 14:12 . 2008-05-13 14:12 <KANSIO> d-------- C:\Buziol Games
2008-05-11 10:22 . 2008-06-06 19:50 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Contacts
2008-05-11 09:40 . 2005-10-24 14:00 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Verkkoympäristö
2008-05-11 09:40 . 2008-06-06 21:37 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Työpöytä
2008-05-11 09:40 . 2005-10-24 14:00 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Tulostinympäristö
2008-05-11 09:40 . 2008-06-05 16:48 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Suosikit
2008-05-11 09:40 . 2008-06-06 21:37 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Omat tiedostot
2008-05-11 09:40 . 2005-10-28 11:50 <KANSIO> d--h----- C:\Documents and Settings\Eetu.EEEEE.000\Mallit
2008-05-11 09:40 . 2008-05-15 19:00 <KANSIO> dr------- C:\Documents and Settings\Eetu.EEEEE.000\Käynnistä-valikko
2008-05-11 09:40 . 2008-05-11 09:40 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000\Application Data\ispnews
2008-05-11 09:40 . 2008-06-05 21:13 <KANSIO> d-------- C:\Documents and Settings\Eetu.EEEEE.000
2008-05-11 09:25 . 2008-05-11 09:25 <KANSIO> d-------- C:\F-Secure

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 08:42 --------- d-----w C:\Program Files\Knight Online
2008-06-02 08:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-24 10:36 --------- d-----w C:\Program Files\wowow
2008-05-24 10:32 --------- d-----w C:\Program Files\WoW Private server
2008-05-11 13:02 --------- d-----w C:\Program Files\Google
2008-05-10 16:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-10 16:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-09 15:37 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-05-05 18:44 --------- d-----w C:\Program Files\mIRC
2008-04-29 11:16 --------- d-----w C:\Program Files\Starcraft
2008-04-21 12:54 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-20 17:53 15,440 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-20 17:48 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2008-04-20 16:39 --------- d-----w C:\Program Files\starcraft + broodwar
2008-04-20 15:25 --------- d-----w C:\Program Files\PowerISO
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2006-02-26 19:23 178 ----a-w C:\Documents and Settings\Eki\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_19.38.21.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 16:26:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 05:49:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-04-22 09:19:42 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-06 07:38:38 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-04-22 09:19:42 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
+ 2008-06-06 07:38:38 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\index.dat
- 2007-04-22 09:19:42 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-06 07:38:38 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-09 10:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 11:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 09:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 07:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f67558df-8807-4fb1-8c5a-e974c49bdc60}]
2008-06-05 13:10 132608 --a------ C:\WINDOWS\system32\tbixdryu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-10-24 14:13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-20 18:20 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2005-10-24 14:02 1388544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-24 14:13 7110656]
"nwiz"="nwiz.exe" [2005-10-24 14:13 1519616 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-10-24 14:13 155648]
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2007-04-26 20:12 183208]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"News Service"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" [2005-05-31 15:45 356352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10 49263]
"Windows Messanger Control Center"="svchosl.exe" []
"74a78974"="C:\WINDOWS\system32\uvalgddw.dll" [ ]
"BM7794bae8"="C:\WINDOWS\system32\tfvbusyw.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-10-24 14:13 15360]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-10-28 11:52:18 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\limeshop]
wjview /cp:p C:\Program Files\LimeShop\System\Code Main lp: C:\Program Files\LimeShop

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwrisovm.exe]
--a------ 2008-03-15 02:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
--a------ 2006-04-01 22:21 77824 C:\Program Files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17533:TCP"= 17533:TCP:*:Disabled:BitComet 17533 TCP
"17533:UDP"= 17533:UDP:*:Disabled:BitComet 17533 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-08-14 09:27]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-02-21 11:18]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2007-04-26 20:07]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys []
S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 20:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2007-04-26 20:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1dfa432-43c6-11da-9c84-0013d438d2be}]
\Shell\AutoRun\command - D:\setupSNK.exe

*Newly Created Service* - antivirscheduler
*Newly Created Service* - antivirservice
*Newly Created Service* - avgio
*Newly Created Service* - avgntflt
*Newly Created Service* - avipbb
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 05:52:42 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ELISAT~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ELISAT~1\ANTI-V~1\report.txt
"2008-06-06 18:41:03 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 21:41:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-06 21:44:18
ComboFix-quarantined-files.txt 2008-06-06 18:44:12
ComboFix2.txt 2008-06-06 06:48:49

Pre-Run: 116,387,651,584 tavua vapaana
Post-Run: 116,444,114,944 tavua vapaana

177 --- E O F --- 2008-06-05 18:12:53

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:42, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {06cdb94c-479e-a5c8-1bf4-7088fd85576f} - {f67558df-8807-4fb1-8c5a-e974c49bdc60} - C:\WINDOWS\system32\tbixdryu.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe
O4 - HKLM\..\Run: [74a78974] rundll32.exe "C:\WINDOWS\system32\uvalgddw.dll",b
O4 - HKLM\..\Run: [BM7794bae8] Rundll32.exe "C:\WINDOWS\system32\tfvbusyw.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/npx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/fl...ent/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/nProt...Crypt/npkcx.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11499 bytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:02:21, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {06cdb94c-479e-a5c8-1bf4-7088fd85576f} - {f67558df-8807-4fb1-8c5a-e974c49bdc60} - C:\WINDOWS\system32\tbixdryu.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Messanger Control Center] svchosl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/nProtect/Netizen/npx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/fl...ent/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/nProt...Crypt/npkcx.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11167 bytes

[ + lainaa]

Mainos

Hujo

Suspended permanently

7. kesäkuuta 2008 @ 00:24

Linkki tähän viestiin

Poista lisää poista sovelutuksesta

Mario Forever Toolbar Helper
Mario Forever Toolbar

Poista kansio vikasiedossa

C:\Program Files\Mario Forever Toolbar

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\WINDOWS\is154890.exe
C:\WINDOWS\system32\tbixdryu.dll
C:\WINDOWS\system32\uvalgddw.dll
C:\WINDOWS\system32\tfvbusyw.dll

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

===========

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

[ + lainaa]

Voiko tietsikka koskaan toimia?

Vastaa

Aloita uusi viestiketju

Aiheeseen liittyviä linkkejä

Lataa uusin versio HijackThis-ohjelmasta täältä!

Aiheeseen liittyviä viestiketjuja	Viestejä	Viimeisin viesti	Keskustelualue
HJT Logi	2	3. kesäkuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-logi ja vale-firefox ongelmia....virus koneella ?	4	6. toukokuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT logi, kone jumittaa	1	3. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Näppäimistö sekoilee hjt log	1	2. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-log ja Malwarebytes- log, Troijalainen? Apu tarpeen!	2	10. maaliskuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-loki, kone valtavan hidas ja perusskannereiden läpi ajamisella ei vaikutusta	1	19. helmikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
probook 445 hjt-logit	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT loki tarkastukseen	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Win7 + HJT ongelma ja kummitteleva Mass effect 2	1	11. tammikuuta 2014	Windows -ongelmat
HJT-logia..	1	9. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > mesevirus, turvapc, hjt logi


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.