Tein kaikkeni poistaakseni 29 viirusta vieläkö löytyy? HTJ LOGI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:33, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fin.afterdawn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1197810497241
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Program Files\Agnitum\Outpost Firewall 1.0\wl_hook.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ventrilo - Unknown owner - E:\ventrilo_svc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6755 bytes

Perkeleen msn viirus siitä kaikki alkoi... Mutta tossa on logi ilmoittakaa jos vielä löytyy ja apua saa antaa. T:Exaiter

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-06-06.6 - Olli 2008-06-07 20:32:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1594 [GMT 3:00]
Running from: C:\Documents and Settings\Olli\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-06 18:07 . 2008-06-06 18:07 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-06-06 18:07 . 2008-06-06 18:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-06 16:19 . 2008-06-06 16:19 <KANSIO> d-------- C:\fsaua.data
2008-06-06 13:58 . 2008-06-06 13:58 <KANSIO> d-------- C:\Program Files\Avira
2008-06-06 13:58 . 2008-06-06 13:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-03 18:19 . 2008-06-04 11:12 <KANSIO> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-05-31 10:46 . 2008-05-31 10:46 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 10:46 . 2008-05-31 10:46 <KANSIO> d-------- C:\Documents and Settings\Olli\Application Data\Malwarebytes
2008-05-31 10:46 . 2008-05-31 10:46 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 10:46 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-31 10:46 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 23:30 . 2008-05-31 10:41 <KANSIO> d-------- C:\Program Files\QooBox
2008-05-22 20:21 . 2008-05-22 20:21 <KANSIO> d-------- C:\Documents and Settings\Olli\Application Data\vlc
2008-05-22 18:10 . 2008-06-06 18:51 <KANSIO> d-------- C:\Documents and Settings\Olli\Application Data\dvdcss
2008-05-22 18:09 . 2008-05-22 18:09 <KANSIO> d-------- C:\Program Files\VideoLAN
2008-05-22 17:40 . 2008-05-22 17:52 <KANSIO> d-------- C:\Program Files\Webteh
2008-05-22 17:40 . 2008-05-22 21:11 <KANSIO> d-------- C:\Documents and Settings\Olli\Application Data\BSplayer Pro
2008-05-22 17:40 . 2008-05-26 14:33 <KANSIO> d-------- C:\Documents and Settings\Olli\Application Data\BSplayer
2008-05-10 01:33 . 2008-06-06 15:00 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 15:49 . 2008-05-09 15:49 <KANSIO> d-------- C:\Program Files\Microsoft Games
2008-05-09 14:30 . 2008-05-09 14:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 17:35 7,022,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-06 23:55 83,984 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-06 12:01 --------- d-----w C:\Program Files\Windows Live
2008-06-03 13:32 --------- d-----w C:\Program Files\Steam
2008-06-03 12:39 23,352 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-03 12:39 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-03 10:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-31 21:17 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-31 14:02 1,384,472 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-29 08:31 --------- d-----w C:\Documents and Settings\Olli\Application Data\mIRC
2008-05-27 18:10 --------- d-----w C:\Documents and Settings\Olli\Application Data\uTorrent
2008-05-23 20:00 --------- d-----w C:\Documents and Settings\Olli\Application Data\teamspeak2
2008-05-22 17:21 --------- d-----w C:\Documents and Settings\Olli\Application Data\vlc
2008-05-22 15:09 --------- d-----w C:\Program Files\VideoLAN
2008-05-21 15:20 --------- d-----w C:\Program Files\World of Warcraft
2008-05-14 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 23:06 --------- d-----w C:\Documents and Settings\Olli\Application Data\Ventrilo
2008-05-09 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-29 13:05 --------- d-----w C:\Program Files\QuickTime
2008-04-24 15:59 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-09 18:34 --------- d-----w C:\Program Files\uTorrent
2008-04-07 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-07 13:26 --------- d-----w C:\Program Files\Zone Labs
2008-04-07 13:24 --------- d-----w C:\Program Files\Common Files\Agnitum Shared
2008-04-07 12:32 --------- d-----w C:\Program Files\Alwil Software
2008-04-07 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 11:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
2007-10-11 20:09 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 21:00 8523776]
"nwiz"="nwiz.exe" [2007-11-06 21:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 21:00 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-29 16:05 413696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Program Files\Agnitum\Outpost Firewall 1.0\wl_hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-03 23:10]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-06-23 10:35]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-24 00:25]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-06 15:07:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 17:26:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 20:34:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
Completion time: 2008-06-07 20:35:41
ComboFix-quarantined-files.txt 2008-06-07 17:35:36

Pre-Run: 127,572,336,640 tavua vapaana
Post-Run: 127,950,901,248 tavua vapaana

130 --- E O F --- 2008-06-04 08:04:52

Siinä on combofixin logi. T:Exaiter

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

Hujo sori nyt mutta minulla hajosi kone ihan kokonaan nytten. Sanoo ettei levyä pysty lukemaan, en pääse edes vikasieto tilaan. Enkä mihinkään muuallekkaan. T:Exaiter