Apua troijalainen varastaa nettikaistan (upload)

Aloin ihmettelemään kun yhtäkkiä pelissä ping nousi yli 3000 ja rupesin tutkimaan asiaa kun kaverilla ei ollut noussut... Huomasin, että koko nettikaistan lähetys on käytössä ilman syytä. Hetken googletuksen jälkeen löysin vastaavia tilanteita joissa oli ollut troijalainen ja se oli vienyt koneen ftp käyttöön. Näissä aiheissa käskettiin lähettämään HJT loki, joten tulin tänne niin ymmärrän paremmin mitä pitää tehdä kun ohjeet saa suomeksi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:15:59, on 21.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svdhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HjT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {003E9682-EADA-4D21-808F-CA16E6EB854F} - C:\WINDOWS\system32\shscrapd.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {166BCB27-FCFD-4588-9BDB-44FC6A02EF35} - C:\WINDOWS\system32\fccARKCt.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [ClockGen] C:\Documents and Settings\Omistaja\Työpöytä\ClockGen.exe -i p=0
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Core Temp] C:\Documents and Settings\Omistaja\Työpöytä\Core Temp\Core Temp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fccARKCt - fccARKCt.dll (file missing)
O20 - Winlogon Notify: Fly - C:\WINDOWS\SYSTEM32\smart.dll
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

--
End of file - 9029 bytes

Toivottavasti saan apua nopeasti!

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-06-20.1 - Omistaja 2008-06-21 1:08:13.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1338 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\admintxt.txt
C:\WINDOWS\system32\ssqnNGVl.dll
C:\WINDOWS\system32\svdhost.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-20 to 2008-06-20 )))))))))))))))))
.

2008-06-20 18:34 . 2008-06-20 18:34 <KANSIO> d-------- C:\Program Files\Ventrilo
2008-06-20 18:34 . 2008-06-20 18:34 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Ventrilo
2008-06-20 12:58 . 2008-06-20 12:58 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-06-20 01:34 . 2008-06-20 02:11 1,286,317,927 --a------ C:\ascent.rar
2008-06-19 01:48 . 2008-06-19 01:50 <KANSIO> d-------- C:\lol
2008-06-18 15:45 . 2006-06-14 13:44 12,288 --a------ C:\WINDOWS\system32\drivers\EIO.sys
2008-06-17 14:38 . 2008-06-17 14:38 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\dyyno-vlc
2008-06-17 14:37 . 2008-06-17 14:37 <KANSIO> d-------- C:\Program Files\Dyyno
2008-06-16 02:28 . 2008-06-20 01:37 38 --a------ C:\WINDOWS\avisplitter.INI
2008-06-12 19:21 . 2008-06-12 19:21 <KANSIO> d-------- C:\BackUp
2008-06-11 17:47 . 2008-06-11 17:47 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Ubisoft
2008-06-11 14:01 . 2008-06-11 17:46 <KANSIO> d-------- C:\Program Files\Assassin's Creed
2008-06-11 12:28 . 2008-06-11 12:29 <KANSIO> d-------- C:\Program Files\WinHTTrack
2008-06-10 19:08 . 2008-06-10 19:08 <KANSIO> d-------- C:\Program Files\URL.BIZ ip blocker 1.0
2008-06-03 22:29 . 2008-06-03 22:29 <KANSIO> d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-06-03 03:56 . 2008-06-03 03:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-01 23:52 . 2008-06-01 23:52 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-06-01 23:52 . 2008-06-01 23:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 12:01 . 2008-06-01 12:01 <KANSIO> d-------- C:\WINDOWS\Virtual Villagers 3 - The Secret City Fixed
2008-06-01 12:01 . 2008-06-01 12:01 <KANSIO> d-------- C:\Program Files\Virtual Villagers 3 - The Secret City
2008-05-30 21:44 . 2008-05-30 22:49 <KANSIO> d-------- C:\Rohan
2008-05-29 14:30 . 2008-05-29 14:30 1,681,135 --a------ C:\SDFix.exe
2008-05-28 17:30 . 2008-05-28 17:30 37,376 --a------ C:\WINDOWS\system32\LoveFly.dll
2008-05-28 17:30 . 2008-05-28 17:30 35,840 --a------ C:\WINDOWS\system32\smart.dll
2008-05-28 17:27 . 2008-03-01 16:01 1,159,680 --a------ C:\WINDOWS\system32\disk.dll
2008-05-26 22:45 . 2008-05-26 22:45 <KANSIO> d-------- C:\Program Files\VS Revo Group
2008-05-26 22:41 . 2008-06-17 22:29 <KANSIO> d-------- C:\Program Files\AutoLoader
2008-05-26 17:35 . 2008-05-26 17:42 <KANSIO> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-24 00:02 . 2008-05-24 00:02 <KANSIO> d-------- C:\WINDOWS\system32\QuickTime
2008-05-24 00:02 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-24 00:01 . 2008-05-24 00:01 <KANSIO> d-------- C:\Program Files\TechSmith
2008-05-24 00:01 . 2008-05-24 00:01 <KANSIO> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-23 23:37 . 2008-05-24 00:58 <KANSIO> d-------- C:\Program Files\Game Cam
2008-05-23 23:37 . 2002-01-05 07:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-23 23:37 . 2002-01-05 06:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-23 23:37 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-22 23:03 . 2008-05-22 23:03 <KANSIO> d-------- C:\Program Files\Oxin's Style!
2008-05-22 21:34 . 2008-05-22 21:34 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Media Player Classic
2008-05-22 17:03 . 2008-05-22 17:03 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-22 16:52 . 2008-05-22 16:52 <KANSIO> d-------- C:\Program Files\FLV Extract
2008-05-22 16:52 . 2008-05-22 16:52 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\FLV Extract
2008-05-22 00:27 . 2008-05-25 22:22 <KANSIO> d-------- C:\Documents and Settings\Omistaja\.gimp-2.2
2008-05-22 00:24 . 2008-05-22 00:24 <KANSIO> d-------- C:\Program Files\Common Files\GTK
2008-05-20 23:12 . 2008-05-20 23:12 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 21:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 21:35 447,620 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-20 21:35 38,508,576 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-20 15:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 23:51 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Xfire
2008-06-19 23:07 --------- d-----w C:\Program Files\DC++
2008-06-19 09:41 --------- d-s---w C:\Program Files\Xfire
2008-06-18 23:49 --------- d-----w C:\Program Files\Steam
2008-06-18 12:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 18:34 --------- d-----w C:\Program Files\World of Warcraft
2008-06-12 16:34 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\SQLyog
2008-06-12 16:28 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-06-11 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-11 14:25 --------- d-----w C:\Program Files\UBISOFT
2008-06-02 00:38 3,557,585 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-02 00:37 2,825,728 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-05-31 11:13 --------- d-----w C:\Program Files\Last.fm
2008-05-27 18:28 144,384 ----a-w C:\WINDOWS\system32\miccyhook.dll
2008-05-26 18:24 39,936 --sh--r C:\WINDOWS\livemessenger.com
2008-05-25 19:21 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\gtk-2.0
2008-05-21 21:27 --------- d-----w C:\Program Files\WE Unlimited
2008-05-21 21:26 --------- d-----w C:\Program Files\WC3Banlist
2008-05-21 21:26 --------- d-----w C:\Program Files\GIMP-2.0
2008-05-20 20:15 --------- d-----w C:\Program Files\Jets N Guns
2008-05-20 20:14 --------- d-----w C:\Program Files\Sword of The New World
2008-05-20 20:14 --------- d-----w C:\Program Files\CoolBasic
2008-05-20 18:59 --------- d-----w C:\Program Files\THQ
2008-05-18 17:59 --------- d-----w C:\Program Files\FLV Player
2008-05-18 16:54 --------- d-----w C:\Program Files\MySQL
2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 18:29 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\X-Chat 2
2008-05-13 12:45 2,587,648 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-05-13 12:41 2,588,672 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-13 04:30 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-09 19:13 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-05-09 18:51 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-08 16:54 49,152 ----a-w C:\WINDOWS\system32\apache.dll
2008-05-05 18:51 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 09:04 811,008 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-28 09:04 2,529,280 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-27 10:26 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Uniblue
2008-04-27 09:10 --------- d-----w C:\Program Files\Cheat Engine
2008-04-26 22:19 --------- d-----w C:\Program Files\Uniblue
2008-04-26 22:17 --------- d-----w C:\Program Files\Kiihdytys peli
2008-04-25 22:01 --------- d-----w C:\Program Files\Common Files\NSV
2008-04-25 10:13 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Screaming Bee
2008-04-25 10:11 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2008-04-24 14:38 --------- d-----w C:\Program Files\Winamp
2008-04-23 05:41 --------- d-----w C:\Program Files\WIDCOMM
2008-04-23 04:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-23 04:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-23 04:25 --------- d-----w C:\Program Files\Common Files\Real
2008-04-22 19:49 --------- d-----w C:\Program Files\Illusion
2008-04-20 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-04-18 10:00 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-06 13:22 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-04-05 08:52 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-04-05 08:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-05 08:52 22,328 ----a-w C:\Documents and Settings\Omistaja\Application Data\PnkBstrK.sys
2008-04-01 16:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 18:01 0 ----a-w C:\Program Files\temp01
2008-01-29 17:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{003E9682-EADA-4D21-808F-CA16E6EB854F}]
2008-03-19 13:11 14848 --a------ C:\WINDOWS\system32\shscrapd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 19:51 486856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 10:23 221568]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-04-06 16:22 20480]
"Core Temp"="C:\Documents and Settings\Omistaja\Työpöytä\Core Temp\Core Temp.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 17:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 07:25 185896]
"ClockGen"="C:\Documents and Settings\Omistaja\Työpöytä\ClockGen.exe" [2007-02-23 15:55 816841]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-03 03:56:46 3017040]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-11-20 13:11:56 503869]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-06 16:22:22 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-04-06 16:21:34 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccARKCt]
fccARKCt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly]
smart.dll 2008-05-28 17:30 35840 C:\WINDOWS\system32\smart.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
LoveFly.dll 2008-05-28 17:30 37376 C:\WINDOWS\system32\LoveFly.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"56121:TCP"= 56121:TCPando P2P TCP Listening Port
"56121:UDP"= 56121:UDPando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 00:10]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-27 12:44:42 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 01:11:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
Completion time: 2008-06-21 1:16:52
ComboFix-quarantined-files.txt 2008-06-20 22:16:48
ComboFix2.txt 2008-02-13 15:38:28

Pre-Run: 74,863,505,408 tavua vapaana
Post-Run: 75,722,854,400 tavua vapaana

222 --- E O F --- 2008-05-31 08:24:41

Edit:
Nyt kun testailin ja pelailin tuon jälkeen niin huomasin kaiken toimivan taas normaalisti ja hyvin, joten kiitos tästä avusta

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

===========

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {003E9682-EADA-4D21-808F-CA16E6EB854F} - C:\WINDOWS\system32\shscrapd.dll
O2 - BHO: (no name) - {166BCB27-FCFD-4588-9BDB-44FC6A02EF35} - C:\WINDOWS\system32\fccARKCt.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [ClockGen] C:\Documents and Settings\Omistaja\Työpöytä\ClockGen.exe -i p=0
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [Core Temp] C:\Documents and Settings\Omistaja\Työpöytä\Core Temp\Core Temp.exe
O20 - Winlogon Notify: fccARKCt - fccARKCt.dll (file missing)
O20 - Winlogon Notify: Fly - C:\WINDOWS\SYSTEM32\smart.dll
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll

================

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

Tuossa olisi nyt tuo loki ja tiedoksi sinullekkin, että ohjelman sai näköjään asennettua suomeksikin

Malwarebytes' Anti-Malware 1.18
Tietokantaversio: 873

13:27:58 21.6.2008
mbam-log-6-21-2008 (13-27-58).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 202665
Kulunut aika: 1 hour(s), 29 minute(s), 3 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 4

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Program Files\Alwil Software\Avast4\DATA\moved\nnnlkjJa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\shscrapd.dll.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54B2EB62-BB85-4F0C-965E-B63F2E46896C}\RP255\A0058757.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54B2EB62-BB85-4F0C-965E-B63F2E46896C}\RP280\A0074348.dll (Trojan.BHO) -> Quarantined and deleted successfully.

 

otas tuo combofix homma ensin ja sitten hjt:n fixsaukset ja sen jälkeen uudestaan Malwarebytes' Anti-Malware ajo.

Lista noin niikuin ylhäältä alas päin

 

Öö... Kumpi ComboFixeistä? Tuo missä on txt tiedostokin vai tuo missä ei ole?

Edit:
Vähän tutkiskelin ja huomasin, että käskit lisäämään combofixin txt juttuun tuon: C:\WINDOWS\system32\shscrapd.dll , mutta tuolla kansiossa on shscrap.dll eli C:\WINDOWS\system32\shscrap.dll

Oliko tuossa virhe vai kuuluuko olla noin

 

tehääs näin otat uuden combofix ajon ja uuden hjt:n lokin

 

ComboFix 08-06-20.1 - Omistaja 2008-06-22 18:19:32.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1492 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-22 to 2008-06-22 )))))))))))))))))
.

2008-06-21 21:13 . 2008-06-22 12:41 <KANSIO> d-------- C:\WoWHeaven
2008-06-21 19:36 . 2008-06-21 19:36 <KANSIO> d-------- C:\Program Files\Opera
2008-06-21 03:40 . 2008-06-21 03:40 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 03:40 . 2008-06-21 03:40 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-06-21 03:40 . 2008-06-21 03:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 03:40 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-21 03:40 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 18:34 . 2008-06-20 18:34 <KANSIO> d-------- C:\Program Files\Ventrilo
2008-06-20 18:34 . 2008-06-20 18:34 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Ventrilo
2008-06-20 12:58 . 2008-06-20 12:58 0 --a------ C:\WINDOWS\WoWEmuHackSettings.ini
2008-06-19 01:48 . 2008-06-19 01:50 <KANSIO> d-------- C:\lol
2008-06-18 15:45 . 2006-06-14 13:44 12,288 --a------ C:\WINDOWS\system32\drivers\EIO.sys
2008-06-17 14:38 . 2008-06-17 14:38 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\dyyno-vlc
2008-06-17 14:37 . 2008-06-17 14:37 <KANSIO> d-------- C:\Program Files\Dyyno
2008-06-16 02:28 . 2008-06-20 01:37 38 --a------ C:\WINDOWS\avisplitter.INI
2008-06-12 19:21 . 2008-06-12 19:21 <KANSIO> d-------- C:\BackUp
2008-06-11 17:47 . 2008-06-11 17:47 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Ubisoft
2008-06-11 14:01 . 2008-06-11 17:46 <KANSIO> d-------- C:\Program Files\Assassin's Creed
2008-06-11 12:28 . 2008-06-11 12:29 <KANSIO> d-------- C:\Program Files\WinHTTrack
2008-06-10 19:08 . 2008-06-10 19:08 <KANSIO> d-------- C:\Program Files\URL.BIZ ip blocker 1.0
2008-06-03 22:29 . 2008-06-03 22:29 <KANSIO> d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-06-03 03:56 . 2008-06-03 03:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-01 23:52 . 2008-06-01 23:52 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-06-01 23:52 . 2008-06-01 23:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 12:01 . 2008-06-01 12:01 <KANSIO> d-------- C:\WINDOWS\Virtual Villagers 3 - The Secret City Fixed
2008-06-01 12:01 . 2008-06-01 12:01 <KANSIO> d-------- C:\Program Files\Virtual Villagers 3 - The Secret City
2008-05-30 21:44 . 2008-05-30 22:49 <KANSIO> d-------- C:\Rohan
2008-05-29 14:30 . 2008-05-29 14:30 1,681,135 --a------ C:\SDFix.exe
2008-05-28 17:27 . 2008-03-01 16:01 1,159,680 --a------ C:\WINDOWS\system32\disk.dll
2008-05-26 22:45 . 2008-05-26 22:45 <KANSIO> d-------- C:\Program Files\VS Revo Group
2008-05-26 22:41 . 2008-06-17 22:29 <KANSIO> d-------- C:\Program Files\AutoLoader
2008-05-26 17:35 . 2008-05-26 17:42 <KANSIO> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-24 00:02 . 2008-05-24 00:02 <KANSIO> d-------- C:\WINDOWS\system32\QuickTime
2008-05-24 00:02 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-24 00:01 . 2008-05-24 00:01 <KANSIO> d-------- C:\Program Files\TechSmith
2008-05-24 00:01 . 2008-05-24 00:01 <KANSIO> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-23 23:37 . 2008-05-24 00:58 <KANSIO> d-------- C:\Program Files\Game Cam
2008-05-23 23:37 . 2002-01-05 07:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-05-23 23:37 . 2002-01-05 06:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-23 23:37 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-05-22 23:03 . 2008-05-22 23:03 <KANSIO> d-------- C:\Program Files\Oxin's Style!
2008-05-22 21:34 . 2008-05-22 21:34 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Media Player Classic
2008-05-22 17:03 . 2008-05-22 17:03 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-22 16:52 . 2008-05-22 16:52 <KANSIO> d-------- C:\Program Files\FLV Extract
2008-05-22 16:52 . 2008-05-22 16:52 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\FLV Extract
2008-05-22 00:27 . 2008-05-25 22:22 <KANSIO> d-------- C:\Documents and Settings\Omistaja\.gimp-2.2
2008-05-22 00:24 . 2008-05-22 00:24 <KANSIO> d-------- C:\Program Files\Common Files\GTK

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 15:26 41,185,312 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-22 14:33 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\SQLyog
2008-06-22 11:56 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Xfire
2008-06-22 09:22 483,020 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-21 10:54 --------- d-----w C:\Program Files\World of Warcraft
2008-06-21 00:14 4,670,006 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-20 21:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 15:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 23:07 --------- d-----w C:\Program Files\DC++
2008-06-19 09:41 --------- d-s---w C:\Program Files\Xfire
2008-06-18 23:49 --------- d-----w C:\Program Files\Steam
2008-06-18 12:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 16:28 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-06-11 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-11 14:25 --------- d-----w C:\Program Files\UBISOFT
2008-06-02 00:37 2,825,728 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-05-31 11:13 --------- d-----w C:\Program Files\Last.fm
2008-05-27 18:28 144,384 ----a-w C:\WINDOWS\system32\miccyhook.dll
2008-05-25 19:21 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\gtk-2.0
2008-05-21 21:27 --------- d-----w C:\Program Files\WE Unlimited
2008-05-21 21:26 --------- d-----w C:\Program Files\WC3Banlist
2008-05-21 21:26 --------- d-----w C:\Program Files\GIMP-2.0
2008-05-20 20:15 --------- d-----w C:\Program Files\Jets N Guns
2008-05-20 20:14 --------- d-----w C:\Program Files\Sword of The New World
2008-05-20 20:14 --------- d-----w C:\Program Files\CoolBasic
2008-05-20 20:12 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\InstallShield
2008-05-20 18:59 --------- d-----w C:\Program Files\THQ
2008-05-18 17:59 --------- d-----w C:\Program Files\FLV Player
2008-05-18 16:54 --------- d-----w C:\Program Files\MySQL
2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 18:29 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\X-Chat 2
2008-05-13 12:45 2,587,648 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-05-13 12:41 2,588,672 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-13 04:30 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-09 19:13 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Winamp
2008-05-09 18:51 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-08 16:54 49,152 ----a-w C:\WINDOWS\system32\apache.dll
2008-05-05 18:51 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 09:04 811,008 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-28 09:04 2,529,280 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-27 10:26 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Uniblue
2008-04-27 09:10 --------- d-----w C:\Program Files\Cheat Engine
2008-04-26 22:19 --------- d-----w C:\Program Files\Uniblue
2008-04-26 22:17 --------- d-----w C:\Program Files\Kiihdytys peli
2008-04-25 22:01 --------- d-----w C:\Program Files\Common Files\NSV
2008-04-25 10:13 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Screaming Bee
2008-04-25 10:11 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2008-04-24 14:38 --------- d-----w C:\Program Files\Winamp
2008-04-23 05:41 --------- d-----w C:\Program Files\WIDCOMM
2008-04-23 04:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-23 04:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-23 04:25 --------- d-----w C:\Program Files\Common Files\Real
2008-04-22 19:49 --------- d-----w C:\Program Files\Illusion
2008-04-18 10:00 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-06 13:22 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-04-05 08:52 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-04-05 08:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-05 08:52 22,328 ----a-w C:\Documents and Settings\Omistaja\Application Data\PnkBstrK.sys
2008-04-01 16:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-04 18:01 0 ----a-w C:\Program Files\temp01
2008-01-29 17:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-21_ 1.16.36,23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 21:43:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 09:26:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 09:26:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_788.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 19:51 486856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 10:23 221568]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-04-06 16:22 20480]
"FreeRAM XP"="\FreeRAM XP Pro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 17:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"ClockGen"="C:\Documents and Settings\Omistaja\Työpöytä\ClockGen.exe" [2007-02-23 15:55 816841]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-03 03:56:46 3017040]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-11-20 13:11:56 503869]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-06 16:22:22 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-04-06 16:21:34 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"56121:TCP"= 56121:TCPando P2P TCP Listening Port
"56121:UDP"= 56121:UDPando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 00:10]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - EVERESTDRIVER
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-04-27 12:44:42 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 18:25:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2008-06-22 18:31:56
ComboFix-quarantined-files.txt 2008-06-22 15:31:51
ComboFix2.txt 2008-06-21 00:25:01
ComboFix3.txt 2008-06-20 22:16:53
ComboFix4.txt 2008-02-13 15:38:28

Pre-Run: 73,073,934,336 tavua vapaana
Post-Run: 73,054,519,296 tavua vapaana

213 --- E O F --- 2008-05-31 08:24:41

ja HjT-loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:18, on 22.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\BitLord\BitLord.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HjT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 82.116.242.179 wowheaven.game-host.org
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ClockGen] C:\Documents and Settings\Omistaja\Työpöytä\ClockGen.exe -i p=0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [FreeRAM XP] "\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

--
End of file - 7869 bytes

Voin sanoa, että noista nuo ovat tarkoituksella enkä halua niitä pois

 

niin mites tuo avast toimii taitais olla paras asentaa se uudelleen

 

Mitäs vikaa Avast!:ssa? Hyvin se on mun puolesta viruksia valitellu...

 

No ei oo näköjään


Sori, oli pakko kommentoida...

 

sitä avastia ei ole käynnistyvissä.
muista sitten aina käynnistää se erikseen

 

Jos ADSL-modeemin välissä on jokin ylijännitesuoja, myös verkon puolella se kannattaa ottaa pois.
Mulla tuo ylijännitesuojan verkon väliin kytkeminen hidasti puolella Upload nopeutta.

 

Hyvä se on pitää toiminnassa jos maa seudulla asustaa.
Suojaa ehkä pikkusen konetta ukkoskeliltä..
parassuoja olis ottaa johdot irti seinästä
kun rupee räiskymään.