Ilmeisesti mesevirus + jotain muuta?

bilis · May 31, 2008

Koitin noiden aiempien poisto-ohjeiden mukaan poistella mesevirusta, mutta vielä on jäljellä jotain.. liekö samaa. Olisiko jollain aikaa pistää vinkki mitä kannattaa tehdä tämmöisen HJT-login kanssa:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:37, on 31.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\WINDOWS\system32\telecms.exe
C:\WINDOWS\winudpmgr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\stickies\stickies.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\msservice.exe
C:\Program Files\Altap Salamander 2.5\SALAMAND.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\msservice.exe
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192614523038
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 9887 bytes

bilis · Jun 1, 2008

Saisko tähän munkin hätään vähän apua joltain kuka noita osaa poistella?

kalminen · Jun 1, 2008

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

SweetIM For Internet Explorer

--------------------------------------------------------------------

En tunnistanut palomuuria koneeltasi.
Asennukset on syytä tehdä Järjestelmänvalvojan tunnuksilla
Asenna koneellesi YKSI palomuuriohjelma NYT:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei estä koneelta ulosmeneviä yhteyksiä.
Muista käyttää vain yhtä palomuuria kerrallaan.

------------------------------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\winudspm.exe
C:\WINDOWS\system32\telecms.exe
C:\WINDOWS\winudpmgr.exe
C:\Windows\msservice.exe
Folder::
C:\Program Files\Macrogaming\

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\msservice.exe
O4 - HKLM\..\RunServices: [psyspy-2.1.4 Client Server] C:\WINDOWS\system32\telecms.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

bilis · Jun 2, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:11, on 2.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\stickies\stickies.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192614523038
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 8666 bytes

--------------------------------------------------------------------

ComboFix 08-05-29.1 - Jessica 2008-06-02 16:45:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.569 [GMT 3:00]
Running from: C:\Documents and Settings\Jessica\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessica\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Windows\msservice.exe
C:\WINDOWS\system32\telecms.exe
C:\WINDOWS\winudpmgr.exe
C:\WINDOWS\winudspm.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Macrogaming\
C:\Program Files\Macrogaming\\SweetIM\conf\adapter.xml
C:\Program Files\Macrogaming\\SweetIM\conf\autoupdate.xml
C:\Program Files\Macrogaming\\SweetIM\conf\logger.xml
C:\Program Files\Macrogaming\\SweetIM\conf\messages.xml
C:\Program Files\Macrogaming\\SweetIM\conf\sweetim.xml
C:\Program Files\Macrogaming\\SweetIM\conf\sweetimapp.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\anlil@luukku.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\anlil@luukku.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\esku95@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\esku95@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\janetta_banaani@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\janetta_banaani@hotmail.com\lastuse_Emoticons.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\janetta_banaani@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\jenzku282@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\jenzku282@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\jeskkku@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\jeskkku@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\jezzu95@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\jezzu95@hotmail.com\lastuse_SoundFX.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\jezzu95@hotmail.com\lastuse_Winks.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\jezzu95@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\m11a_maria@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\m11a_maria@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\pihka94@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\pihka94@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\teiniprinsess@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\teiniprinsess@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\tyylimimmi@hotmail.com\emoticons_shortcut.xml
C:\Program Files\Macrogaming\\SweetIM\conf\users\tyylimimmi@hotmail.com\user_config.xml
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000100B6.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000100BB.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000100BE.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000100D1.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000100D3.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000100FD.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00010104.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001010F.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001081A.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001081B.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00010842.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001084D.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00010857.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00010859.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001085D.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00010867.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001086E.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001088F.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00010892.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00010893.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00010896.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001089B.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001089C.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0001089D.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000108A7.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000108A8.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000108AA.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000108AF.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000108BB.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000108BF.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002006A.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002006E.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020071.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020075.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020077.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002007C.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002008A.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000200BF.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000200C0.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000200C1.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000200DB.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000200FB.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002010D.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020113.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020114.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020116.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002011D.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020124.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002013F.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020144.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020148.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020158.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020172.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020185.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002018E.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020197.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002019A.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002019B.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002019C.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002019F.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000201A8.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000201AE.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000201AF.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000201B2.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000201B3.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000201BE.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000201C9.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0002021F.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00020229.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0003002C.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00030058.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0003005E.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0003005F.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00030063.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00030064.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0004001F.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040020.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040022.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0004002B.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0004002F.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0004003B.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0004003E.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040049.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0004004B.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0004004F.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040051.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040059.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0004005A.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040062.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040063.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040065.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040067.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0004006D.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00040073.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000400C4.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00050005.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\00050007.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\0006001A.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\000600D1.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\010108A7.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\01050001.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\01050002.dat
C:\Program Files\Macrogaming\\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Macrogaming\\SweetIM\default.xml
C:\Program Files\Macrogaming\\SweetIM\mgAdaptersProxy.dll
C:\Program Files\Macrogaming\\SweetIM\mgAIMAuto.dll
C:\Program Files\Macrogaming\\SweetIM\mgAIMMessengerAdapter.dll
C:\Program Files\Macrogaming\\SweetIM\mgArchive.dll
C:\Program Files\Macrogaming\\SweetIM\mgcommon.dll
C:\Program Files\Macrogaming\\SweetIM\mgcommunication.dll
C:\Program Files\Macrogaming\\SweetIM\mgconfig.dll
C:\Program Files\Macrogaming\\SweetIM\mgFlashPlayer.dll
C:\Program Files\Macrogaming\\SweetIM\mghooking.dll
C:\Program Files\Macrogaming\\SweetIM\mgIEPlayer.dll
C:\Program Files\Macrogaming\\SweetIM\mglogger.dll
C:\Program Files\Macrogaming\\SweetIM\mgMediaPlayer.dll
C:\Program Files\Macrogaming\\SweetIM\mgMsnAuto.dll
C:\Program Files\Macrogaming\\SweetIM\mgMsnMessengerAdapter.dll
C:\Program Files\Macrogaming\\SweetIM\mgSweetIM.dll
C:\Program Files\Macrogaming\\SweetIM\mgUpdateSupport.dll
C:\Program Files\Macrogaming\\SweetIM\mgxml_wrapper.dll
C:\Program Files\Macrogaming\\SweetIM\mgYahooAuto.dll
C:\Program Files\Macrogaming\\SweetIM\mgYahooMessengerAdapter.dll
C:\Program Files\Macrogaming\\SweetIM\msvcp71.dll
C:\Program Files\Macrogaming\\SweetIM\msvcr71.dll
C:\Program Files\Macrogaming\\SweetIM\resources\images\AudibleButton.png
C:\Program Files\Macrogaming\\SweetIM\resources\images\DisplayPicturesButton.png
C:\Program Files\Macrogaming\\SweetIM\resources\images\EmoticonButton.png
C:\Program Files\Macrogaming\\SweetIM\resources\images\NudgeButton.png
C:\Program Files\Macrogaming\\SweetIM\resources\images\SoundFxButton.png
C:\Program Files\Macrogaming\\SweetIM\resources\images\WinksButton.png
C:\Program Files\Macrogaming\\SweetIM\SweetIM.exe
C:\Windows\msservice.exe
C:\WINDOWS\system32\telecms.exe
C:\WINDOWS\winudpmgr.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-02 to 2008-06-02 )))))))))))))))))
.

2008-06-02 16:39 . 2008-06-02 16:50 159,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-02 16:39 . 2008-06-02 16:39 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-02 16:34 . 2008-06-02 16:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-02 16:34 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-06-02 16:34 . 2008-06-02 16:36 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-02 16:33 . 2008-06-02 16:33 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-06-02 16:32 . 2008-06-02 16:48 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-06-01 16:10 . 2008-06-01 19:09 97,210 --a------ C:\emove.exe
2008-06-01 15:52 . 2008-06-02 16:31 97,210 --a------ C:\emoge.exe
2008-05-31 20:24 . 2008-06-01 01:23 97,210 --a------ C:\akjmko.exe
2008-05-31 19:24 . 2008-05-31 19:24 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-31 19:04 . 2008-05-31 19:04 97,210 --a------ C:\akjko.exe
2008-05-31 18:24 . 2008-05-31 18:24 53,252 --a------ C:\misak.exe
2008-05-30 19:49 . 2008-05-30 20:04 83,400 --a------ C:\ahakk.exe
2008-05-29 20:31 . 2008-05-29 20:31 249,496 --a------ C:\Documents and Settings\Jessica\sexy.exe
2008-05-29 20:30 . 2008-05-29 20:42 249,496 --a------ C:\sexy.exe
2008-05-29 20:25 . 2008-05-29 20:25 249,496 --a------ C:\Documents and Settings\Jessica\exy.exe
2008-05-29 20:05 . 2008-05-29 20:06 249,496 --a------ C:\jestesr.exe
2008-05-29 20:01 . 2008-05-29 20:22 249,496 --a------ C:\jester.exe
2008-05-29 19:38 . 2008-05-29 19:38 40,960 --a------ C:\dsdc.exe
2008-05-29 17:03 . 2008-05-29 18:12 56,832 --a------ C:\fa.com
2008-05-29 15:35 . 2008-05-30 19:35 96,768 --------- C:\is154890.exe
2008-05-29 15:35 . 2008-05-29 23:03 60,132 --a------ C:\ddc.exe
2008-05-29 15:31 . 2008-05-29 16:29 3,422 --a------ C:\dci.exe
2008-05-28 19:00 . 2008-05-28 19:00 <KANSIO> d-------- C:\Documents and Settings\Jessica\Application Data\InstallShield
2008-05-28 14:21 . 2008-05-28 14:21 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2008-05-28 14:18 . 2008-05-28 14:18 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-05-28 14:18 . 2008-05-30 17:43 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-09 21:14 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-05-09 21:14 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-09 21:14 . 2008-05-09 21:14 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-09 21:14 . 2008-05-09 21:14 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 13:41 --------- d-----w C:\Documents and Settings\Jessica\Application Data\stickies
2008-05-31 16:25 --------- d-----w C:\Documents and Settings\Jessica\Application Data\uTorrent
2008-05-30 16:41 --------- d-----w C:\Program Files\LimeWire
2008-05-30 15:39 --------- d-----w C:\Program Files\ESET
2008-05-30 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-28 16:00 --------- d-----w C:\Program Files\Corel
2008-05-28 11:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-27 04:21 --------- d-----w C:\Documents and Settings\Jessica\Application Data\LimeWire
2008-05-25 09:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-25 08:50 --------- d-----w C:\Program Files\Windows Live
2008-05-12 03:33 --------- d-----w C:\Program Files\Google
2008-05-11 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 08:21 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Apple Computer
2008-05-09 18:15 --------- d-----w C:\Documents and Settings\Jessica\Application Data\PC Suite
2008-05-07 14:43 --------- d-----w C:\Documents and Settings\Jessica\Application Data\gtk-2.0
2008-05-01 08:42 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Nokia
2008-05-01 08:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-29 18:59 --------- d-----w C:\Program Files\Code-it Software
2008-04-29 18:34 --------- d-----w C:\Program Files\uTorrent
2008-04-28 12:07 --------- d-----w C:\Program Files\Safari
2008-04-28 12:06 --------- d-----w C:\Program Files\Apple Software Update
2008-04-27 07:13 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-27 07:13 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-27 07:12 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-27 07:11 --------- d-----w C:\Program Files\Nokia
2008-04-26 18:57 --------- d-----w C:\Program Files\Maxis
2008-04-15 19:15 --------- d-----w C:\Program Files\Handmark
2008-04-15 16:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-07 12:20 --------- d-----w C:\Program Files\iTunes
2008-04-07 12:19 --------- d-----w C:\Program Files\iPod
2008-04-07 12:18 --------- d-----w C:\Program Files\QuickTime
2008-04-02 18:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 08:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-30_20.15.36.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 17:03:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-02 13:39:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-11-15 07:39:04 316,928 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 12:40:08 318,464 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-10-18 18:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 13:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2006-11-15 07:39:04 316,928 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 12:40:08 318,464 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2006-10-18 18:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-11 20:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-07-19 13:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-02 18:07:36 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2006-10-18 18:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 13:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2006-10-18 18:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-11 20:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2008-04-02 18:07:40 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2008-04-02 18:08:00 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-04-02 18:07:40 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2008-04-02 18:07:40 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2008-04-02 18:07:40 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2008-04-02 18:07:42 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2008-04-02 18:07:42 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2008-04-02 18:07:42 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-04-02 18:07:42 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2008-04-02 18:07:44 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2008-04-02 18:07:44 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-04-02 18:07:32 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-30 22:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 12:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 22:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-30 22:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 22:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 22:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 22:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-19 21:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 12:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 16:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 22:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 22:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 22:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 22:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 12:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 16:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-04-02 18:07:32 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 10:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2008-04-02 18:07:34 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2008-04-02 18:07:34 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2008-04-02 18:07:34 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2008-04-02 18:08:02 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-04-02 18:08:02 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-04-02 18:08:02 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-04-02 18:08:02 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-04-02 18:08:02 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-04-02 18:09:10 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-04-02 18:09:12 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-02-27 01:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 01:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2008-04-02 18:07:38 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-02-27 01:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2008-02-27 01:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2008-04-02 18:07:38 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2008-04-02 18:09:12 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-04-02 18:09:14 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-04 18:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 14:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2008-04-02 18:07:54 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 15:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2008-04-02 18:07:40 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2008-04-02 18:07:40 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2008-04-02 18:07:54 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-04-02 18:07:40 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2008-04-02 18:07:42 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2008-04-02 18:07:42 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2008-04-02 18:07:44 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2008-04-02 18:07:44 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2008-04-02 18:07:46 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2008-04-02 18:07:46 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-17 12:12 208946]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 13:48 157592]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-05-30 20:26 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 00:18 443968]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-10-12 01:59 200704]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-17 12:15 949376]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2002-11-29 15:39 464384]
"SoundMan"="SOUNDMAN.EXE" [2002-08-05 15:18 46592 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Windows UDP Control"="winudspm.exe" []
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]
"Windows UDP Control Center"="winudpmgr.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"psyspy-2.1.4 Client Server"="C:\WINDOWS\system32\telecms.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\Jessica\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-09 01:28:19 700416]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-14 16:12]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - KLIF
*Newly Created Service* - SRESCAN
*Newly Created Service* - VSMON
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-30 14:41:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-31 10:41:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 16:50:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-06-02 16:54:36
ComboFix-quarantined-files.txt 2008-06-02 13:53:31
ComboFix2.txt 2008-05-30 17:17:03

Pre-Run: 1,253,888,000 tavua vapaana
Post-Run: 1,312,374,784 tavua vapaana

443 --- E O F --- 2008-05-31 00:03:31

-------------------------------------------------------------------

Siinähän nuo logit olis. Joko näyttää siltä, ettei tartte enää murehtia?

kalminen · Jun 2, 2008

Pikkuisen jäi !!!

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
.

bilis · Jun 3, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:26, on 3.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\stickies\stickies.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Altap Salamander 2.5\SALAMAND.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1192614523038
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 8858 bytes

--------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 814

14:55:29 3.6.2008
mbam-log-6-3-2008 (14-55-26).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 129019
Kulunut aika: 1 hour(s), 40 minute(s), 21 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 13

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050593.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050594.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050595.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050596.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050597.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050598.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050599.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050600.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050601.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050602.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050603.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050604.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4DCCC97-C052-4C86-82B3-35DB53D71117}\RP278\A0050605.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

---------------------------------------------------------------

Tommosia sanoo nyt. Joko voi olla huoleti?

kalminen · Jun 3, 2008

Nyt on hyvä !!!

Roskat pois:

******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
***************************************************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
***************************************************************************
Sitten ei muutakuin hyvät kesät
.

bilis · Jun 3, 2008

Kiitos vaan tosi paljon. Oli suuri apu !

Log in or Sign up

Ilmeisesti mesevirus + jotain muuta?

bilis Member

bilis Member

kalminen Regular member

bilis Member

kalminen Regular member

bilis Member

kalminen Regular member

bilis Member

Share This Page

Log in or Sign up

Ilmeisesti mesevirus + jotain muuta?

bilis Member

bilis Member

kalminen Regular member

bilis Member

kalminen Regular member

bilis Member

kalminen Regular member

bilis Member

Share This Page

Useful Searches