Jos joku kattos tän

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by J-lalli, Nov 15, 2007.

Page 1 of 2
  1. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    Koneella on jotain ylimääräistä:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:35:31, on 15.11.2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\Windows\system32\uzxmuzlq.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\qqwpvndu.dll",b
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O13 - Gopher Prefix:
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: DomainService - - C:\Windows\system32\hmngkdjf.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 4842 bytes
     
    J-lalli, Nov 15, 2007
    #1
  2. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    moi
    tästä lähtee...

    Lataa VundoFix.exe työpöydällesi.
    *Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    *Klikkaa Scan for Vundo valintaa.
    *Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    *Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    *Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    *Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    *Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

    ja sitten

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix.exe
    combofix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


    Lähetä vundo-loki ja combo-loki ja uusi hjt-loki
     
    tomato71, Nov 15, 2007
    #2
  3. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    Tässäpä nämä ovat:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:34:54, on 16.11.2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.telkku.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\Windows\system32\dbfcnirp.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

    --
    End of file - 7138 bytes


    ComboFix 07-11-08.1 - SpaDe 2007-11-16 19:42:44.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1943 [GMT 2:00]
    Running from: C:\Users\SpaDe\Desktop\ComboFix.exe
    * Created a new restore point
    .

    Systeemioikeuksien saaminen epäonnistui

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\Microsoft\Windows\Start Menu\Live Safety Center.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.lnk
    C:\Users\SpaDe\AppData\Roaming\inst.exe
    C:\Users\SpaDe\Desktop\Live Safety Center.lnk
    C:\Users\SpaDe\Desktop\Online Security Guide.lnk
    C:\Users\SpaDe\FAVORI~1\Online Security Guide.lnk
    C:\Users\SpaDe\Favorites\Online Security Guide.lnk
    C:\Windows\system32\dbfcnirp.dllbox
    C:\Windows\System32\hjmoq.ini
    C:\Windows\System32\hjmoq.ini2
    C:\Windows\system32\qomjh.dll . . . . poisto epäonnistui

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-10-16 to 2007-11-16 )))))))))))))))))
    .

    2007-11-16 19:36 51,200 --a------ C:\Windows\NirCmd.exe
    2007-11-16 19:34 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-11-16 19:28 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
    2007-11-16 19:22 <KANSIO> d-------- C:\VundoFix Backups
    2007-11-16 18:26 <KANSIO> d-------- C:\Windows\pss
    2007-11-16 17:45 145,984 --a------ C:\Windows\System32\vosgthii.dll
    2007-11-16 17:45 145,984 --a------ C:\Windows\System32\dbfcnirp.dll
    2007-11-16 17:45 85,056 --a------ C:\Windows\System32\yptpdrlq.dll
    2007-11-16 17:45 81,984 --a------ C:\Windows\System32\ixmchpry.dll
    2007-11-16 17:45 71,232 --a------ C:\Windows\System32\hyidimeo.exe
    2007-11-16 14:46 <KANSIO> d-------- C:\Program Files\Gabest
    2007-11-16 14:41 <KANSIO> d-------- C:\Program Files\MSXML 4.0
    2007-11-16 13:14 <KANSIO> d-------- C:\Users\All Users\PC Suite
    2007-11-16 13:14 <KANSIO> d-------- C:\ProgramData\PC Suite
    2007-11-16 11:57 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nokia
    2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\DIFX
    2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
    2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
    2007-11-16 11:54 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Suite
    2007-11-16 11:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
    2007-11-16 11:51 <KANSIO> d-------- C:\Program Files\Nokia
    2007-11-16 11:51 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
    2007-11-16 11:50 <KANSIO> d-------- C:\Users\All Users\Installations
    2007-11-16 11:50 <KANSIO> d-------- C:\ProgramData\Installations
    2007-11-16 10:39 <KANSIO> d-------- C:\Program Files\URUSoft
    2007-11-16 10:24 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Vso
    2007-11-16 10:24 <KANSIO> d-------- C:\Program Files\VSO
    2007-11-16 10:24 217,127 --a------ C:\Windows\System32\drv43260.dll
    2007-11-16 10:24 208,935 --a------ C:\Windows\System32\drv33260.dll
    2007-11-16 10:24 176,165 --a------ C:\Windows\System32\drv23260.dll
    2007-11-16 10:24 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
    2007-11-16 10:24 47,360 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.sys
    2007-11-15 22:56 <KANSIO> d-------- C:\Windows\System32\OEM
    2007-11-15 22:56 <KANSIO> d-------- C:\Windows\PANTHER
    2007-11-15 22:56 459,304 --a------ C:\Windows\System32\perfh00B.dat
    2007-11-15 22:56 274,158 --a------ C:\Windows\System32\perfi00B.dat
    2007-11-15 22:56 83,690 --a------ C:\Windows\System32\perfc00B.dat
    2007-11-15 22:56 36,790 --a------ C:\Windows\System32\perfd00B.dat
    2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\fi
    2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\drivers\fi-FI
    2007-11-15 22:55 <KANSIO> d-------- C:\Windows\fi-FI
    2007-11-15 20:47 <KANSIO> d-------- C:\Program Files\Music NFO Builder
    2007-11-15 19:33 51,072 --a------ C:\Windows\System32\drivers\ikhlayer.sys
    2007-11-15 19:33 30,592 --a------ C:\Windows\System32\drivers\ikhfile.sys
    2007-11-15 19:32 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Tools
    2007-11-15 19:32 <KANSIO> d-------- C:\Program Files\Spyware Doctor
    2007-11-15 19:28 <KANSIO> d-------- C:\Program Files\Elaborate Bytes
    2007-11-15 19:27 <KANSIO> d-------- C:\Program Files\SlySoft
    2007-11-15 19:22 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2007-11-15 18:53 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Uniblue
    2007-11-15 18:52 <KANSIO> d-------- C:\Program Files\Uniblue
    2007-11-15 18:41 5,120 --a------ C:\Windows\System32\ff_vfw.dll
    2007-11-15 18:28 <KANSIO> d-------- C:\Program Files\AC3Filter
    2007-11-15 18:25 <KANSIO> d-------- C:\Program Files\ffdshow
    2007-11-15 18:20 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Media Player Classic
    2007-11-15 18:11 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\Users\All Users\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\ProgramData\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Common Files\Nero
    2007-11-15 17:41 313,952 --------- C:\Windows\System32\qomjh.dll
    2007-11-15 17:36 37,376 --a------ C:\Windows\System32\nnnkjhh.dll
    2007-11-15 16:10 <KANSIO> d-------- C:\Windows\System32\Macromed
    2007-11-15 15:27 <KANSIO> d-------- C:\Program Files\Microsoft.NET
    2007-11-15 15:25 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
    2007-11-15 15:25 <KANSIO> d-------- C:\ProgramData\Microsoft Help
    2007-11-15 15:14 <KANSIO> d-------- C:\Program Files\DAEMON Tools
    2007-11-15 15:04 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
    2007-11-15 15:01 <KANSIO> d-------- C:\Program Files\Musclesoft
    2007-11-15 14:23 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\uTorrent
    2007-11-15 14:23 <KANSIO> d-------- C:\Program Files\uTorrent
    2007-11-15 14:04 <KANSIO> d-------- C:\Users\All Users\NVIDIA
    2007-11-15 14:04 <KANSIO> d-------- C:\ProgramData\NVIDIA
    2007-11-15 13:54 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
    2007-11-15 13:54 753,664 --a------ C:\Windows\System32\nvcplui.exe
    2007-11-15 13:54 376,320 --a------ C:\Windows\System32\winsrv.dll
    2007-11-15 13:54 307,200 --a------ C:\Windows\System32\nvexpbar.dll
    2007-11-15 13:54 49,664 --a------ C:\Windows\System32\csrsrv.dll
    2007-11-15 13:51 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Winamp
    2007-11-15 13:51 <KANSIO> d-------- C:\Program Files\Winamp
    2007-11-15 13:50 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
    2007-11-15 13:50 414,208 --a------ C:\Windows\System32\msscp.dll
    2007-11-15 13:50 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
    2007-11-15 13:50 7,680 --a------ C:\Windows\System32\spwmp.dll
    2007-11-15 13:50 4,096 --a------ C:\Windows\System32\dxmasf.dll
    2007-11-15 13:48 <KANSIO> d-------- C:\Program Files\Alwil Software
    2007-11-15 13:45 1,335,296 --a------ C:\Windows\System32\msxml6.dll
    2007-11-15 13:45 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2007-11-15 13:45 2,048 --a------ C:\Windows\System32\msxml6r.dll
    2007-11-15 13:43 750,080 --a------ C:\Windows\System32\qmgr.dll
    2007-11-15 13:39 <KANSIO> d-------- C:\Windows\PCHEALTH
    2007-11-15 13:33 <KANSIO> d--hs---- C:\Windows\Installer
    2007-11-15 13:33 <KANSIO> d-------- C:\Users\All Users\WLInstaller
    2007-11-15 13:33 <KANSIO> d-------- C:\ProgramData\WLInstaller
    2007-11-15 13:33 <KANSIO> d-------- C:\Program Files\Windows Live
    2007-11-15 13:33 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Videos
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Searches
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Saved Games
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Pictures

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-16 11:04 --------- d-----w C:\Users\SpaDe\AppData\Roaming\Vso
    2007-11-16 08:24 --------- d-----w C:\Program Files\VSO
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Sidebar
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Photo Gallery
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Journal
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Collaboration
    2007-11-15 12:03 174 --sha-w C:\Program Files\desktop.ini
    2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Mail
    2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Calendar
    2007-11-15 11:59 --------- d-----w C:\Program Files\Windows Defender
    2007-11-15 11:56 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
    2007-11-15 11:56 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2007-11-15 11:56 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
    2007-11-15 11:56 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
    2007-11-15 11:56 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
    2007-11-15 11:55 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2007-11-15 11:49 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
    2007-11-15 11:49 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
    2007-11-15 11:49 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
    2007-11-15 11:48 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
    2007-11-15 11:48 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2007-11-15 11:48 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2007-11-15 11:48 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2007-11-15 11:48 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2007-11-15 11:48 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2007-11-15 11:44 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Työpöytä
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Tiedostot
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Suosikit
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Mallit
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
    2007-10-25 17:03 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
    2007-10-25 17:01 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2007-10-25 17:01 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
    .

    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4db552e3-97d0-43e7-8bbc-24af95995c07}]
    2007-11-16 17:45 81984 --a------ C:\Windows\system32\ixmchpry.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{951F00B9-6847-4210-94C7-0DE310966E27}]
    2007-11-15 17:41 313952 --------- C:\Windows\system32\qomjh.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-15 13:52]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 18:20]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
    "dcb2ceb7"="C:\Windows\system32\yptpdrlq.dll" [2007-11-16 17:45]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
    "uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-11-10 16:53]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\Windows\system32\nnnkjhh.dll [2007-11-15 17:36 37376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbfcnirp]
    dbfcnirp.dll 2007-11-16 17:45 145984 C:\Windows\System32\dbfcnirp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjhh]
    nnnkjhh.dll 2007-11-15 17:36 37376 C:\Windows\System32\nnnkjhh.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\Windows\system32\qomjh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
    c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
    C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
    R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-16 19:48:35
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-16 19:50:26 - machine was rebooted
    .
    --- E O F ---
    VundoFix V6.6.1

    Checking Java version...

    Sun Java not detected
    Scan started at 19:22:09 16.11.2007

    Listing files found while scanning....

    C:\windows\System32\dbfcnirp.dll
    C:\windows\System32\vosgthii.dll

    Beginning removal...

    Kerkesin asentamaa windowsinkin uusix, mut paska pysyi...
     
    Last edited: Nov 16, 2007
    J-lalli, Nov 16, 2007
    #3
  4. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    onko nämä kaikki lokit otettu winukan uudeleen asennuksen jälkeen vai ennen????
    vundo lokista puuttuu loppuosa
     
    Last edited: Nov 16, 2007
    tomato71, Nov 16, 2007
    #4
  5. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    On otettu asennuksen jälkeen.
    Vundo ei tehny tuon kummempaa lokia.
    Se suurin sonta lähti pois, ja jos tää on täs niin kiitän ja kumarran.
    Paituvei, mikä roska siel oli?
     
    J-lalli, Nov 17, 2007
    #5
  6. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    moi
    Troijan Virtumonde koneella ja on vieläkin

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa CFScript ComboFix.exeen kuten alla.

    [​IMG]

    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne + uusi hjt-loki.
     
    tomato71, Nov 17, 2007
    #6
  7. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    Tosa combo:

    ComboFix 07-11-08.1 - SpaDe 2007-11-17 17:19:16.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1862 [GMT 2:00]
    Running from: C:\Users\SpaDe\Desktop\ComboFix.exe
    Command switches used :: C:\Users\SpaDe\Documents\CFScript.txt
    * Created a new restore point

    FILE
    C:\Windows\System32\dbfcnirp.dll
    C:\Windows\System32\hyidimeo.exe
    C:\Windows\System32\ixmchpry.dll
    C:\Windows\System32\nnnkjhh.dll
    C:\Windows\System32\qomjh.dll
    C:\Windows\System32\vosgthii.dll
    C:\Windows\System32\yptpdrlq.dll
    .

    Systeemioikeuksien saaminen epäonnistui

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\System32\hjmoq.ini
    C:\Windows\System32\hjmoq.ini2
    C:\Windows\System32\hyidimeo.exe
    C:\Windows\System32\ixmchpry.dll
    C:\Windows\System32\nnnkjhh.dll
    C:\Windows\System32\qomjh.dll
    C:\Windows\System32\yptpdrlq.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-10-17 to 2007-11-17 )))))))))))))))))
    .

    2007-11-17 16:05 <KANSIO> d-------- C:\Program Files\SimpleDivX
    2007-11-16 22:26 <KANSIO> d-------- C:\Program Files\Xvid
    2007-11-16 22:26 765,952 --a------ C:\Windows\System32\xvidcore.dll
    2007-11-16 22:26 180,224 --a------ C:\Windows\System32\xvidvfw.dll
    2007-11-16 19:36 51,200 --a------ C:\Windows\NirCmd.exe
    2007-11-16 19:34 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-11-16 19:28 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
    2007-11-16 19:22 <KANSIO> d-------- C:\VundoFix Backups
    2007-11-16 18:26 <KANSIO> d-------- C:\Windows\pss
    2007-11-16 14:46 <KANSIO> d-------- C:\Program Files\Gabest
    2007-11-16 14:41 <KANSIO> d-------- C:\Program Files\MSXML 4.0
    2007-11-16 13:14 <KANSIO> d-------- C:\Users\All Users\PC Suite
    2007-11-16 13:14 <KANSIO> d-------- C:\ProgramData\PC Suite
    2007-11-16 11:57 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nokia
    2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\DIFX
    2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
    2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
    2007-11-16 11:54 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Suite
    2007-11-16 11:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
    2007-11-16 11:51 <KANSIO> d-------- C:\Program Files\Nokia
    2007-11-16 11:51 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
    2007-11-16 11:50 <KANSIO> d-------- C:\Users\All Users\Installations
    2007-11-16 11:50 <KANSIO> d-------- C:\ProgramData\Installations
    2007-11-16 10:39 <KANSIO> d-------- C:\Program Files\URUSoft
    2007-11-16 10:24 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Vso
    2007-11-16 10:24 <KANSIO> d-------- C:\Program Files\VSO
    2007-11-16 10:24 217,127 --a------ C:\Windows\System32\drv43260.dll
    2007-11-16 10:24 208,935 --a------ C:\Windows\System32\drv33260.dll
    2007-11-16 10:24 176,165 --a------ C:\Windows\System32\drv23260.dll
    2007-11-16 10:24 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
    2007-11-16 10:24 47,360 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.sys
    2007-11-15 22:56 <KANSIO> d-------- C:\Windows\System32\OEM
    2007-11-15 22:56 <KANSIO> d-------- C:\Windows\PANTHER
    2007-11-15 22:56 459,304 --a------ C:\Windows\System32\perfh00B.dat
    2007-11-15 22:56 274,158 --a------ C:\Windows\System32\perfi00B.dat
    2007-11-15 22:56 83,690 --a------ C:\Windows\System32\perfc00B.dat
    2007-11-15 22:56 36,790 --a------ C:\Windows\System32\perfd00B.dat
    2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\fi
    2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\drivers\fi-FI
    2007-11-15 22:55 <KANSIO> d-------- C:\Windows\fi-FI
    2007-11-15 20:47 <KANSIO> d-------- C:\Program Files\Music NFO Builder
    2007-11-15 19:33 51,072 --a------ C:\Windows\System32\drivers\ikhlayer.sys
    2007-11-15 19:33 30,592 --a------ C:\Windows\System32\drivers\ikhfile.sys
    2007-11-15 19:32 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Tools
    2007-11-15 19:32 <KANSIO> d-------- C:\Program Files\Spyware Doctor
    2007-11-15 19:28 <KANSIO> d-------- C:\Program Files\Elaborate Bytes
    2007-11-15 19:27 <KANSIO> d-------- C:\Program Files\SlySoft
    2007-11-15 19:22 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2007-11-15 18:53 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Uniblue
    2007-11-15 18:52 <KANSIO> d-------- C:\Program Files\Uniblue
    2007-11-15 18:41 5,120 --a------ C:\Windows\System32\ff_vfw.dll
    2007-11-15 18:28 <KANSIO> d-------- C:\Program Files\AC3Filter
    2007-11-15 18:25 <KANSIO> d-------- C:\Program Files\ffdshow
    2007-11-15 18:20 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Media Player Classic
    2007-11-15 18:11 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\Users\All Users\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\ProgramData\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Common Files\Nero
    2007-11-15 16:10 <KANSIO> d-------- C:\Windows\System32\Macromed
    2007-11-15 15:27 <KANSIO> d-------- C:\Program Files\Microsoft.NET
    2007-11-15 15:25 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
    2007-11-15 15:25 <KANSIO> d-------- C:\ProgramData\Microsoft Help
    2007-11-15 15:14 <KANSIO> d-------- C:\Program Files\DAEMON Tools
    2007-11-15 15:04 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
    2007-11-15 15:01 <KANSIO> d-------- C:\Program Files\Musclesoft
    2007-11-15 14:23 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\uTorrent
    2007-11-15 14:23 <KANSIO> d-------- C:\Program Files\uTorrent
    2007-11-15 14:04 <KANSIO> d-------- C:\Users\All Users\NVIDIA
    2007-11-15 14:04 <KANSIO> d-------- C:\ProgramData\NVIDIA
    2007-11-15 13:54 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
    2007-11-15 13:54 753,664 --a------ C:\Windows\System32\nvcplui.exe
    2007-11-15 13:54 376,320 --a------ C:\Windows\System32\winsrv.dll
    2007-11-15 13:54 307,200 --a------ C:\Windows\System32\nvexpbar.dll
    2007-11-15 13:54 49,664 --a------ C:\Windows\System32\csrsrv.dll
    2007-11-15 13:51 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Winamp
    2007-11-15 13:51 <KANSIO> d-------- C:\Program Files\Winamp
    2007-11-15 13:50 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
    2007-11-15 13:50 414,208 --a------ C:\Windows\System32\msscp.dll
    2007-11-15 13:50 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
    2007-11-15 13:50 7,680 --a------ C:\Windows\System32\spwmp.dll
    2007-11-15 13:50 4,096 --a------ C:\Windows\System32\dxmasf.dll
    2007-11-15 13:48 <KANSIO> d-------- C:\Program Files\Alwil Software
    2007-11-15 13:45 1,335,296 --a------ C:\Windows\System32\msxml6.dll
    2007-11-15 13:45 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2007-11-15 13:45 2,048 --a------ C:\Windows\System32\msxml6r.dll
    2007-11-15 13:43 750,080 --a------ C:\Windows\System32\qmgr.dll
    2007-11-15 13:39 <KANSIO> d-------- C:\Windows\PCHEALTH
    2007-11-15 13:33 <KANSIO> d--hs---- C:\Windows\Installer
    2007-11-15 13:33 <KANSIO> d-------- C:\Users\All Users\WLInstaller
    2007-11-15 13:33 <KANSIO> d-------- C:\ProgramData\WLInstaller
    2007-11-15 13:33 <KANSIO> d-------- C:\Program Files\Windows Live
    2007-11-15 13:33 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Videos
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Searches
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Saved Games
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Pictures
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Music
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Links
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Downloads

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-16 11:04 --------- d-----w C:\Users\SpaDe\AppData\Roaming\Vso
    2007-11-16 08:24 --------- d-----w C:\Program Files\VSO
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Sidebar
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Photo Gallery
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Journal
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Collaboration
    2007-11-15 12:03 174 --sha-w C:\Program Files\desktop.ini
    2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Mail
    2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Calendar
    2007-11-15 11:59 --------- d-----w C:\Program Files\Windows Defender
    2007-11-15 11:56 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
    2007-11-15 11:56 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2007-11-15 11:56 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
    2007-11-15 11:56 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
    2007-11-15 11:56 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
    2007-11-15 11:55 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2007-11-15 11:49 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
    2007-11-15 11:49 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
    2007-11-15 11:49 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
    2007-11-15 11:48 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
    2007-11-15 11:48 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2007-11-15 11:48 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2007-11-15 11:48 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2007-11-15 11:48 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2007-11-15 11:48 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2007-11-15 11:44 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Työpöytä
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Tiedostot
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Suosikit
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Mallit
    2007-11-15 11:22 --------- d-sh--w C:\ProgramData\Käynnistä-valikko
    2007-10-25 17:03 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
    2007-10-25 17:01 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2007-10-25 17:01 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-16_19.49.32.13 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-11-16 17:48:06 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2007-11-17 15:24:33 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2007-11-16 16:24:59 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2007-11-16 23:58:47 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2007-11-16 17:48:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2007-11-17 15:24:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2007-11-17 15:24:44 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2007-11-16 16:25:06 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2007-11-16 23:58:47 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2007-11-16 17:48:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2007-11-17 15:24:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2007-11-17 15:24:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2007-11-16 17:48:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2007-11-17 15:17:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2007-11-16 17:48:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2007-11-17 15:17:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2007-11-16 17:48:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-11-17 15:17:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2007-11-16 17:42:29 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2007-11-17 15:19:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    - 2007-11-16 16:27:00 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2007-11-17 05:51:48 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2007-11-16 17:32:25 4,086 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2509490407-2211767027-993328738-1000_UserData.bin
    + 2007-11-17 05:54:45 4,462 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2509490407-2211767027-993328738-1000_UserData.bin
    - 2007-11-16 17:32:25 45,486 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2007-11-17 05:54:45 46,158 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2007-11-16 17:03:53 23,622 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2007-11-16 17:49:57 25,368 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-15 13:52]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 18:20]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
    "dcb2ceb7"="C:\Windows\system32\yptpdrlq.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
    "uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-11-10 16:53]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\Windows\system32\qomjh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
    c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
    C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
    R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-17 17:24:57
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-17 17:26:14 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-16 19:50
    .
    --- E O F ---


    ...ja hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:31:39, on 17.11.2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

    --
    End of file - 7127 bytes

     
    J-lalli, Nov 17, 2007
    #7
  8. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    ajotko tuon combofixin järjestelmävlvojana?
     
    tomato71, Nov 17, 2007
    #8
  9. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    liitin sen muistion ja loput hoitu itestää.
    Alalaidassa luki j.valvoja.
     
    J-lalli, Nov 17, 2007
    #9
  10. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    ja sitten,lisää löytyy

    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa CFScript ComboFix.exeen kuten alla.

    [​IMG]

    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.


    poista vundofix koneelta ja lataa uusi samasta linkistä
    ja sitten ajat vundofixin perään


    Lähetä combofix.txt + vundon-loki ja uusi hjt-loki
     
    tomato71, Nov 17, 2007
    #10
  11. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    Tässä:

    ComboFix 07-11-08.1 - SpaDe 2007-11-17 19:39:02.3 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1915 [GMT 2:00]
    Running from: C:\Users\SpaDe\Desktop\ComboFix.exe
    Command switches used :: C:\Users\SpaDe\Documents\CFScript.txt
    * Created a new restore point

    FILE
    C:\Windows\system32\qomjh.dll
    C:\Windows\system32\yptpdrlq.dll
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-10-17 to 2007-11-17 )))))))))))))))))
    .

    2007-11-17 17:38 292,352 --a------ C:\Windows\System32\psisdecd.dll
    2007-11-17 16:05 <KANSIO> d-------- C:\Program Files\SimpleDivX
    2007-11-16 22:26 <KANSIO> d-------- C:\Program Files\Xvid
    2007-11-16 22:26 765,952 --a------ C:\Windows\System32\xvidcore.dll
    2007-11-16 22:26 180,224 --a------ C:\Windows\System32\xvidvfw.dll
    2007-11-16 19:36 51,200 --a------ C:\Windows\NirCmd.exe
    2007-11-16 19:34 <KANSIO> d-------- C:\Program Files\Trend Micro
    2007-11-16 19:28 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
    2007-11-16 19:22 <KANSIO> d-------- C:\VundoFix Backups
    2007-11-16 18:26 <KANSIO> d-------- C:\Windows\pss
    2007-11-16 14:46 <KANSIO> d-------- C:\Program Files\Gabest
    2007-11-16 14:41 <KANSIO> d-------- C:\Program Files\MSXML 4.0
    2007-11-16 13:14 <KANSIO> d-------- C:\Users\All Users\PC Suite
    2007-11-16 13:14 <KANSIO> d-------- C:\ProgramData\PC Suite
    2007-11-16 11:57 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nokia
    2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\DIFX
    2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
    2007-11-16 11:55 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
    2007-11-16 11:54 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Suite
    2007-11-16 11:53 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
    2007-11-16 11:51 <KANSIO> d-------- C:\Program Files\Nokia
    2007-11-16 11:51 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
    2007-11-16 11:50 <KANSIO> d-------- C:\Users\All Users\Installations
    2007-11-16 11:50 <KANSIO> d-------- C:\ProgramData\Installations
    2007-11-16 10:39 <KANSIO> d-------- C:\Program Files\URUSoft
    2007-11-16 10:24 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Vso
    2007-11-16 10:24 <KANSIO> d-------- C:\Program Files\VSO
    2007-11-16 10:24 217,127 --a------ C:\Windows\System32\drv43260.dll
    2007-11-16 10:24 208,935 --a------ C:\Windows\System32\drv33260.dll
    2007-11-16 10:24 176,165 --a------ C:\Windows\System32\drv23260.dll
    2007-11-16 10:24 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
    2007-11-16 10:24 47,360 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.sys
    2007-11-15 22:56 <KANSIO> d-------- C:\Windows\System32\OEM
    2007-11-15 22:56 <KANSIO> d-------- C:\Windows\PANTHER
    2007-11-15 22:56 459,304 --a------ C:\Windows\System32\perfh00B.dat
    2007-11-15 22:56 274,158 --a------ C:\Windows\System32\perfi00B.dat
    2007-11-15 22:56 83,690 --a------ C:\Windows\System32\perfc00B.dat
    2007-11-15 22:56 36,790 --a------ C:\Windows\System32\perfd00B.dat
    2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\fi
    2007-11-15 22:55 <KANSIO> d-------- C:\Windows\System32\drivers\fi-FI
    2007-11-15 22:55 <KANSIO> d-------- C:\Windows\fi-FI
    2007-11-15 20:47 <KANSIO> d-------- C:\Program Files\Music NFO Builder
    2007-11-15 19:33 51,072 --a------ C:\Windows\System32\drivers\ikhlayer.sys
    2007-11-15 19:33 30,592 --a------ C:\Windows\System32\drivers\ikhfile.sys
    2007-11-15 19:32 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\PC Tools
    2007-11-15 19:32 <KANSIO> d-------- C:\Program Files\Spyware Doctor
    2007-11-15 19:28 <KANSIO> d-------- C:\Program Files\Elaborate Bytes
    2007-11-15 19:27 <KANSIO> d-------- C:\Program Files\SlySoft
    2007-11-15 19:22 <KANSIO> d-------- C:\Program Files\Alcohol Soft
    2007-11-15 18:53 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Uniblue
    2007-11-15 18:52 <KANSIO> d-------- C:\Program Files\Uniblue
    2007-11-15 18:41 5,120 --a------ C:\Windows\System32\ff_vfw.dll
    2007-11-15 18:28 <KANSIO> d-------- C:\Program Files\AC3Filter
    2007-11-15 18:25 <KANSIO> d-------- C:\Program Files\ffdshow
    2007-11-15 18:20 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Media Player Classic
    2007-11-15 18:11 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\Users\All Users\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\ProgramData\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Nero
    2007-11-15 18:04 <KANSIO> d-------- C:\Program Files\Common Files\Nero
    2007-11-15 16:10 <KANSIO> d-------- C:\Windows\System32\Macromed
    2007-11-15 15:27 <KANSIO> d-------- C:\Program Files\Microsoft.NET
    2007-11-15 15:25 <KANSIO> d-------- C:\Users\All Users\Microsoft Help
    2007-11-15 15:25 <KANSIO> d-------- C:\ProgramData\Microsoft Help
    2007-11-15 15:14 <KANSIO> d-------- C:\Program Files\DAEMON Tools
    2007-11-15 15:04 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
    2007-11-15 15:01 <KANSIO> d-------- C:\Program Files\Musclesoft
    2007-11-15 14:23 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\uTorrent
    2007-11-15 14:23 <KANSIO> d-------- C:\Program Files\uTorrent
    2007-11-15 14:04 <KANSIO> d-------- C:\Users\All Users\NVIDIA
    2007-11-15 14:04 <KANSIO> d-------- C:\ProgramData\NVIDIA
    2007-11-15 13:54 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
    2007-11-15 13:54 753,664 --a------ C:\Windows\System32\nvcplui.exe
    2007-11-15 13:54 376,320 --a------ C:\Windows\System32\winsrv.dll
    2007-11-15 13:54 307,200 --a------ C:\Windows\System32\nvexpbar.dll
    2007-11-15 13:54 49,664 --a------ C:\Windows\System32\csrsrv.dll
    2007-11-15 13:51 <KANSIO> d-------- C:\Users\SpaDe\AppData\Roaming\Winamp
    2007-11-15 13:51 <KANSIO> d-------- C:\Program Files\Winamp
    2007-11-15 13:50 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
    2007-11-15 13:50 414,208 --a------ C:\Windows\System32\msscp.dll
    2007-11-15 13:50 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
    2007-11-15 13:50 7,680 --a------ C:\Windows\System32\spwmp.dll
    2007-11-15 13:50 4,096 --a------ C:\Windows\System32\dxmasf.dll
    2007-11-15 13:48 <KANSIO> d-------- C:\Program Files\Alwil Software
    2007-11-15 13:45 1,335,296 --a------ C:\Windows\System32\msxml6.dll
    2007-11-15 13:45 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2007-11-15 13:45 2,048 --a------ C:\Windows\System32\msxml6r.dll
    2007-11-15 13:43 750,080 --a------ C:\Windows\System32\qmgr.dll
    2007-11-15 13:39 <KANSIO> d-------- C:\Windows\PCHEALTH
    2007-11-15 13:33 <KANSIO> d--hs---- C:\Windows\Installer
    2007-11-15 13:33 <KANSIO> d-------- C:\Users\All Users\WLInstaller
    2007-11-15 13:33 <KANSIO> d-------- C:\ProgramData\WLInstaller
    2007-11-15 13:33 <KANSIO> d-------- C:\Program Files\Windows Live
    2007-11-15 13:33 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Videos
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Searches
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Saved Games
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Pictures
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Music
    2007-11-15 13:27 <KANSIO> dr------- C:\Users\SpaDe\Links

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-16 17:28 24,576 ----a-w C:\Windows\System32\VundoFixSVC.exe
    2007-11-16 11:04 --------- d-----w C:\Users\SpaDe\AppData\Roaming\Vso
    2007-11-16 08:24 --------- d-----w C:\Program Files\VSO
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Sidebar
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Photo Gallery
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Journal
    2007-11-15 20:55 --------- d-----w C:\Program Files\Windows Collaboration
    2007-11-15 12:03 174 --sha-w C:\Program Files\desktop.ini
    2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Mail
    2007-11-15 12:00 --------- d-----w C:\Program Files\Windows Calendar
    2007-11-15 11:59 --------- d-----w C:\Program Files\Windows Defender
    2007-11-15 11:56 8,192 ----a-w C:\Windows\System32\riched32.dll
    2007-11-15 11:56 77,824 ----a-w C:\Windows\System32\rascfg.dll
    2007-11-15 11:56 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
    2007-11-15 11:56 694,784 ----a-w C:\Windows\System32\localspl.dll
    2007-11-15 11:56 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2007-11-15 11:56 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
    2007-11-15 11:56 52,736 ----a-w C:\Windows\System32\rasdiag.dll
    2007-11-15 11:56 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
    2007-11-15 11:56 384,000 ----a-w C:\Windows\System32\netcfgx.dll
    2007-11-15 11:56 36,864 ----a-w C:\Windows\System32\cdd.dll
    2007-11-15 11:56 33,280 ----a-w C:\Windows\System32\traffic.dll
    2007-11-15 11:56 32,768 ----a-w C:\Windows\System32\rasmxs.dll
    2007-11-15 11:56 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
    2007-11-15 11:56 22,016 ----a-w C:\Windows\System32\rasser.dll
    2007-11-15 11:56 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
    2007-11-15 11:56 15,360 ----a-w C:\Windows\System32\pacerprf.dll
    2007-11-15 11:56 134,656 ----a-w C:\Windows\System32\dps.dll
    2007-11-15 11:56 13,824 ----a-w C:\Windows\System32\wshqos.dll
    2007-11-15 11:56 13,824 ----a-w C:\Windows\System32\icsunattend.exe
    2007-11-15 11:55 87,040 ----a-w C:\Windows\System32\msoert2.dll
    2007-11-15 11:55 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-11-15 11:55 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2007-11-15 11:55 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2007-11-15 11:55 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2007-11-15 11:55 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2007-11-15 11:55 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
    2007-11-15 11:55 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2007-11-15 11:55 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
    2007-11-15 11:55 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2007-11-15 11:55 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2007-11-15 11:55 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2007-11-15 11:55 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2007-11-15 11:55 205,824 ----a-w C:\Windows\System32\msoeacct.dll
    2007-11-15 11:55 2,923,520 ----a-w C:\Windows\explorer.exe
    2007-11-15 11:55 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2007-11-15 11:49 86,016 ----a-w C:\Windows\System32\icfupgd.dll
    2007-11-15 11:49 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
    2007-11-15 11:49 61,952 ----a-w C:\Windows\System32\cmifw.dll
    2007-11-15 11:49 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
    2007-11-15 11:49 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
    2007-11-15 11:49 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
    2007-11-15 11:49 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
    2007-11-15 11:49 16,896 ----a-w C:\Windows\System32\wfapigp.dll
    2007-11-15 11:49 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
    2007-11-15 11:49 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
    2007-11-15 11:48 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2007-11-15 11:48 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2007-11-15 11:48 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
    2007-11-15 11:48 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2007-11-15 11:48 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2007-11-15 11:48 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2007-11-15 11:48 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2007-11-15 11:48 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2007-11-15 11:48 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2007-11-15 11:48 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2007-11-15 11:48 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2007-11-15 11:48 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2007-11-15 11:48 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2007-11-15 11:48 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2007-11-15 11:48 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2007-11-15 11:46 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
    2007-11-15 11:46 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
    2007-11-15 11:46 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2007-11-15 11:46 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2007-11-15 11:46 39,936 ----a-w C:\Windows\System32\slcinst.dll
    2007-11-15 11:46 351,232 ----a-w C:\Windows\System32\SLUI.exe
    2007-11-15 11:46 33,280 ----a-w C:\Windows\System32\slwmi.dll
    2007-11-15 11:46 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
    2007-11-15 11:46 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2007-11-15 11:46 223,232 ----a-w C:\Windows\System32\SLC.dll
    2007-11-15 11:46 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
    2007-11-15 11:46 186,368 ----a-w C:\Windows\System32\SLLUA.exe
    2007-11-15 11:44 88,576 ----a-w C:\Windows\System32\avifil32.dll
    2007-11-15 11:44 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2007-11-15 11:44 82,944 ----a-w C:\Windows\System32\mciavi32.dll
    2007-11-15 11:44 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
    2007-11-15 11:44 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2007-11-15 11:44 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2007-11-15 11:44 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
    2007-11-15 11:44 69,632 ----a-w C:\Windows\System32\sendmail.dll
    2007-11-15 11:44 65,024 ----a-w C:\Windows\System32\avicap32.dll
    2007-11-15 11:44 633,856 ----a-w C:\Windows\System32\user32.dll
    2007-11-15 11:44 61,440 ----a-w C:\Windows\System32\ntprint.exe
    2007-11-15 11:44 5,120 ----a-w C:\Windows\System32\wmi.dll
    2007-11-15 11:44 31,232 ----a-w C:\Windows\System32\msvidc32.dll
    2007-11-15 11:44 269,824 ----a-w C:\Windows\System32\schannel.dll
    2007-11-15 11:44 220,160 ----a-w C:\Windows\System32\ntprint.dll
    2007-11-15 11:44 152,576 ----a-w C:\Windows\System32\imagehlp.dll
    2007-11-15 11:44 123,904 ----a-w C:\Windows\System32\msvfw32.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-16_19.49.32.13 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-11-16 17:48:06 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2007-11-17 15:49:23 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2007-11-17 15:38:03 32,768 ----a-r C:\Windows\Installer\{C523D256-313D-4866-B36A-F3DE528246EF}\icon.exe
    - 2007-11-16 16:24:59 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2007-11-16 23:58:47 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2007-11-16 17:48:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2007-11-17 15:50:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2007-11-17 15:50:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2007-11-16 16:25:06 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2007-11-16 23:58:47 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2007-11-16 17:48:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2007-11-17 15:50:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2007-11-17 15:50:08 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2007-11-16 17:48:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2007-11-17 17:17:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2007-11-16 17:48:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2007-11-17 17:17:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2007-11-16 17:48:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-11-17 17:17:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2007-11-16 17:42:29 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2007-11-17 17:38:54 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2007-11-17 17:38:54 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2007-05-08 13:03:04 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
    + 2007-08-24 16:08:24 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
    - 2007-11-16 16:27:00 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2007-11-17 15:48:31 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2007-11-16 17:32:25 4,086 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2509490407-2211767027-993328738-1000_UserData.bin
    + 2007-11-17 15:51:20 4,784 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2509490407-2211767027-993328738-1000_UserData.bin
    - 2007-11-16 17:32:25 45,486 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2007-11-17 15:51:20 46,562 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2007-11-16 17:03:53 23,622 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2007-11-17 15:51:19 26,522 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2007-11-17 15:38:11 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16398_none_d9bda6d65a2ae248\psisdecd.dll
    + 2007-11-17 15:38:11 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20493_none_da42422f734d035f\psisdecd.dll
    + 2007-11-17 15:38:05 1,275,392 ----a-w C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7\msxml4.dll
    .
    -- Snapshot reset to current date --
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-15 13:52]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 18:20]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
    "dcb2ceb7"="C:\Windows\system32\yptpdrlq.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
    "uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-11-15 17:27]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-11-10 16:53]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
    c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
    C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe

    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
    R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-17 19:40:52
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-17 19:41:43
    C:\ComboFix2.txt ... 2007-11-17 17:26
    .
    --- E O F ---


    C:\windows\System32\dbfcnirp.dll
    C:\windows\System32\vosgthii.dll

    Beginning removal...

    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 19:43:13 17.11.2007

    Listing files found while scanning....

    No infected files were found.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:51:14, on 17.11.2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

    --
    End of file - 6801 bytes


    Herjaa käynnistäessä tämmöstä: Virhe ladattaessa: C:\windows\system32\yptpdrlq.dll
    Määritettyä osaa ei löydy.
     
    Last edited: Nov 17, 2007
    J-lalli, Nov 17, 2007
    #11
  12. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    ei nyt meinaa irtoa :(

    Tee uusi hjt-scannaus Do a System scan only
    Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b






    Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    Klikkaa Scan for Vundo valintaa.
    Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
    Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin

    C:\Windows\system32\yptpdrlq.dll
    C:\WINDOWS\system32\qlrdptpy.*

    Klikkaa Add Files ja sitten klikkaa Close Window.
    Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.





    * Lataa Dr.Web Cureit työpöydällesi: Dr.Web

    *Tupla klikkaa drweb-cureit.exe ja anna ohjelman tehdä *muistin- /koneen pikatarkistus.
    (tämä on vain lyhyt tarkistus)
    *Kun tarkistus on valmis, pistä ruksi kohtaan *Complete scan*.
    *Klikkaa vihreää nuolta Dr.Web:in logon alta ,jotta tarkistus käynnistyy.
    *Kun tarkistus on loppu. Paina *select all*-nappia. Sen jälkeen paina *move*-nappia.
    *Kohteet siirtyvät karanteeniin seuraavaan %userprofile%\DoctorWeb\quarantine-hakemistoon.
    *Avaa Dr.Webin työkalurivistä *file* ja paina *Save report list*
    *Tallenna raportti työpöydälle.Tallenna se nimellä *DrWeb*.
    *Sulje Dr.web.
    *Käynnistä kone uudelleen!!Jotta valitut tiedostot poistetaan/siirretään käynnistyksen yhteydessä, karanteeniin.
    *Kun olet uudelleen käynnistänyt tietokoneesesi, liitä Dr.Web-lokin, sisältö seuraavaan vastaukseesi.


    Lähetä vundon-loki ja DrWeb-loki ja uusi hjt-loki
     
    tomato71, Nov 17, 2007
    #12
  13. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    C:\windows\System32\dbfcnirp.dll
    C:\windows\System32\vosgthii.dll

    Beginning removal...

    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 19:43:13 17.11.2007

    Listing files found while scanning....

    No infected files were found.


    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 21:19:49 17.11.2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 22:58:01 17.11.2007

    Listing files found while scanning....

    hyidimeo.exe.vir;C:\qoobox\Quarantine\C\Windows\System32;Trojan.EzulaAd;Deleted.;
    nnnkjhh.dll.vir;C:\qoobox\Quarantine\C\Windows\System32;Trojan.Virtumod.211;Deleted.;
    07 - Irwin Goodman - Terveisiä Perseestä.mp3;E:\Irwin Goodman\1984 - Härmäläinen Perusjuntti;Modification of Trojan.Nadoel;Moved.;
    patch.exe;G:\Ohjelmat\Mobiilipaketti\Mobile.Music.Polyphonic.v1.3-HERiTAGE;Tool.ASEye.2;Moved.;

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:05:00, on 17.11.2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Users\SpaDe\Desktop\VundoFix.exe
    C:\Program Files\Digital TV\Digital TV Stick\dvbapp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

    --
    End of file - 6306 bytes
     
    J-lalli, Nov 17, 2007
    #13
  14. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    moi
    sitkeetä touhua :D
    aja combofix uudestaan ja lähetä loki
     
    tomato71, Nov 17, 2007
    #14
  15. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    Combofix valittaa että on vanhentunut, latasin uuden mut sama juttu.
     
    J-lalli, Nov 18, 2007
    #15
  16. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    kokeile tämä

    Lataa Deckard's System Scanner Työpöydällesi.

    Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

    Sulje kaikki avoimet ikkunat ja ohjelmat.
    [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
    [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
    [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
    [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi. [/list]
     
    tomato71, Nov 18, 2007
    #16
  17. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Home Premium (build 6000)
    Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

    CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
    Percentage of Memory in Use: 30%
    Physical Memory (total/avail): 3070.88 MiB / 2122.57 MiB
    Pagefile Memory (total/avail): 3207.64 MiB / 2246.68 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1914.8 MiB

    C: is Fixed (NTFS) - 48.83 GiB total, 20.48 GiB free.
    D: is Fixed (NTFS) - 195.31 GiB total, 24.88 GiB free.
    E: is Fixed (NTFS) - 200.2 GiB total, 29.96 GiB free.
    F: is Fixed (NTFS) - 195.31 GiB total, 195.21 GiB free.
    G: is Fixed (NTFS) - 75.13 GiB total, 65.22 GiB free.
    H: is CDROM (No Media)
    I: is Removable (No Media)
    J: is Removable (No Media)
    K: is Removable (No Media)
    L: is Removable (No Media)
    M: is Removable (No Media)
    N: is Fixed (NTFS) - 205.02 GiB total, 121.12 GiB free.
    O: is CDROM (UDF)

    \\.\PHYSICALDRIVE0 - WDC WD5000AAKS-07TMA0 ATA Device - 465.76 GiB - 4 partitions
    \PARTITION0 - Unknown - 11.72 GiB
    \PARTITION1 (bootable) - Installable File System - 48.83 GiB - C:
    \PARTITION2 - Installable File System - 200.2 GiB - E:
    \PARTITION3 - Extended w/Extended Int 13 - 205.02 GiB - N:

    \\.\PHYSICALDRIVE1 - WDC WD5000AAKS-07TMA0 ATA Device - 465.76 GiB - 3 partitions
    \PARTITION0 - Installable File System - 195.31 GiB - D:
    \PARTITION1 - Installable File System - 195.31 GiB - F:
    \PARTITION2 - Installable File System - 75.13 GiB - G:

    \\.\PHYSICALDRIVE2 - Generic 2.0 Reader -0 USB Device

    \\.\PHYSICALDRIVE3 - Generic 2.0 Reader -1 USB Device

    \\.\PHYSICALDRIVE4 - Generic 2.0 Reader -2 USB Device

    \\.\PHYSICALDRIVE5 - Generic 2.0 Reader -3 USB Device

    \\.\PHYSICALDRIVE6 - Generic 2.0 Reader -4 USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    AV: avast! antivirus 4.7.1074 [VPS 071117-0] v4.7.1074 (ALWIL Software)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\SpaDe\AppData\Roaming
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=SPADE-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\SpaDe
    LOCALAPPDATA=C:\Users\SpaDe\AppData\Local
    LOGONSERVER=\\SPADE-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Nero\Lib\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=4303
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\SpaDe\AppData\Local\Temp
    TMP=C:\Users\SpaDe\AppData\Local\Temp
    USERDOMAIN=SpaDe-PC
    USERNAME=SpaDe
    USERPROFILE=C:\Users\SpaDe
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    SpaDe (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    --> C:\Windows\UNNeroVision.exe /UNINSTALL
    AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
    Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
    µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
    avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
    CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
    ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
    Digital TV Stick --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F30A12A-3E37-43F4-82DC-89628D347E2B}\setup.exe" -l0x9 -removeonly
    ffdshow [rev 610] [2006-12-01] --> "C:\Program Files\ffdshow\unins000.exe"
    GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Microsoft Office Access MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0015-040B-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE}
    Microsoft Office Groove MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00BA-040B-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0044-040B-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001A-040B-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (Finnish) 2007 --> MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Swedish) 2007 --> MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
    Microsoft Office Proofing (Finnish) 2007 --> MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0019-040B-0000-0000000FF1CE}
    Microsoft Office Shared MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
    Microsoft Office Word MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    Music NFO Builder 1.17 --> "C:\Program Files\Music NFO Builder\unins000.exe"
    Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1035}
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
    Nokia PC Suite --> C:\ProgramData\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_fin_web[1].exe
    Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
    Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
    Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
    Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
    Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
    Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
    SimpleDivX --> "C:\Program Files\SimpleDivX\unins000.exe"
    Spyware Doctor 4.0 --> "C:\Program Files\Spyware Doctor\unins000.exe"
    Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
    Uniblue PowerSuite --> "C:\Program Files\Uniblue\unins000.exe"
    Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
    Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
    Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
    Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
    Update for Outlook 2007 Junk Email Filter (kb943559) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2BE2B020-CE6A-4AD1-8291-2B881CF923B6}
    Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
    Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Live installer --> MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
    Windows Live Messenger --> MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B}
    Windows Liven kirjautumisavustaja --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windowsin ohjainpaketti - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccswpddriver.inf_a419b392\pccswpddriver.inf
    Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_48f6f624\pccs_bluetooth.inf
    Windowsin ohjainpaketti - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf
    Windowsin ohjainpaketti - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_e5643fdd\nokbtmdm.inf
    Windowsin ohjainpaketti - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
    Windowsin ohjainpaketti - Nokia Modem (08/08/2007 3.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_a81bde77\pccs_bluetooth.inf
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type1151 / Error
    Event Submitted/Written: 11/18/2007 10:12:42 AM
    Event ID/Source: 8194 / VSS
    Event Description:
    Aseman tilannevedospalvelun virhe: Odottamaton virhe kyseltäessä IVssWriterCallback-liittymää. hr = 0x80070005.
    Syynä ovat usein joko kirjoittaja- tai pyytäjäprosessin virheelliset suojausasetukset.


    Toiminto:
    Kerätään kirjoitustoiminnon tietoja

    Sijainti:
    Kirjoitustoiminnon luokkatunnus: {e8132975-6f93-4464-a53e-1050253ae220}
    Kirjoitustoiminnon nimi: System Writer
    Kirjoitustoiminnon esiintymän tunnus: {a0ba38cd-d47b-4e22-9567-d1344cdd3144}

    Event Record #/Type1131 / Success
    Event Submitted/Written: 11/18/2007 08:38:57 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type1127 / Success
    Event Submitted/Written: 11/18/2007 08:38:38 AM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type1126 / Success
    Event Submitted/Written: 11/18/2007 08:38:37 AM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type1124 / Success
    Event Submitted/Written: 11/18/2007 08:38:28 AM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    Ohjelmistojen käyttöoikeuspalvelu käynnistyi.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type9759 / Warning
    Event Submitted/Written: 11/18/2007 11:46:59 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.

    Lisätietoja:
    %SpaDe-PC275

    Tarkistustunnus: {2507AC13-05A2-4175-82ED-E16169ABA339}

    Käyttäjä: SpaDe-PC\SpaDe

    Nimi: %SpaDe-PC271

    Tunnus: %SpaDe-PC272

    Vakavuustunnus: %SpaDe-PC273

    Luokan tunnus: %SpaDe-PC274

    Löytynyt polku: %SpaDe-PC276

    Hälytystyyppi: %SpaDe-PC278

    Havaitsemistyyppi: 1.1.1505.02

    Event Record #/Type9758 / Warning
    Event Submitted/Written: 11/18/2007 11:46:59 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.

    Lisätietoja:
    %SpaDe-PC275

    Tarkistustunnus: {5709715B-EFFC-451F-B886-19BEF0F5FB1E}

    Käyttäjä: SpaDe-PC\SpaDe

    Nimi: %SpaDe-PC271

    Tunnus: %SpaDe-PC272

    Vakavuustunnus: %SpaDe-PC273

    Luokan tunnus: %SpaDe-PC274

    Löytynyt polku: %SpaDe-PC276

    Hälytystyyppi: %SpaDe-PC278

    Havaitsemistyyppi: 1.1.1505.02

    Event Record #/Type9757 / Warning
    Event Submitted/Written: 11/18/2007 11:46:59 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.

    Lisätietoja:
    %SpaDe-PC275

    Tarkistustunnus: {929B71B9-B2A6-4792-9867-ACB83BFBE319}

    Käyttäjä: SpaDe-PC\SpaDe

    Nimi: %SpaDe-PC271

    Tunnus: %SpaDe-PC272

    Vakavuustunnus: %SpaDe-PC273

    Luokan tunnus: %SpaDe-PC274

    Löytynyt polku: %SpaDe-PC276

    Hälytystyyppi: %SpaDe-PC278

    Havaitsemistyyppi: 1.1.1505.02

    Event Record #/Type9756 / Warning
    Event Submitted/Written: 11/18/2007 11:46:56 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.

    Lisätietoja:
    %SpaDe-PC275

    Tarkistustunnus: {FF4C1F2A-ACA4-4CB4-A170-0C83ABDB7C32}

    Käyttäjä: SpaDe-PC\SpaDe

    Nimi: %SpaDe-PC271

    Tunnus: %SpaDe-PC272

    Vakavuustunnus: %SpaDe-PC273

    Luokan tunnus: %SpaDe-PC274

    Löytynyt polku: %SpaDe-PC276

    Hälytystyyppi: %SpaDe-PC278

    Havaitsemistyyppi: 1.1.1505.02

    Event Record #/Type9755 / Warning
    Event Submitted/Written: 11/18/2007 11:46:56 AM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %SpaDe-PC27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %SpaDe-PC27 ei voi kumota sallimiasi muutoksia.

    Lisätietoja:
    %SpaDe-PC275

    Tarkistustunnus: {5A4952EA-53B3-44A2-AA57-C3F883BA6C9F}

    Käyttäjä: SpaDe-PC\SpaDe

    Nimi: %SpaDe-PC271

    Tunnus: %SpaDe-PC272

    Vakavuustunnus: %SpaDe-PC273

    Luokan tunnus: %SpaDe-PC274

    Löytynyt polku: %SpaDe-PC276

    Hälytystyyppi: %SpaDe-PC278

    Havaitsemistyyppi: 1.1.1505.02



    -- End of Deckard's System Scanner: finished at 2007-11-18 11:47:41 ------------


    -- First Restore Point --
    1: 2007-11-17 17:38:18 UTC - RP43 - ComboFix created restore point


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as SpaDe.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:46:41, on 18.11.2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Users\SpaDe\Desktop\dss.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\SpaDe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

    --
    End of file - 6326 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

    backup-20071117-211614-532 O4 - HKLM\..\Run: [dcb2ceb7] rundll32.exe "C:\Windows\system32\yptpdrlq.dll",b
    backup-20071117-211614-693 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R3 StickCap (Digital TV DVB-T USB Stick adapter service) - c:\windows\system32\drivers\stickcap.sys <Not Verified; DiBcom SA; DVB-T USB2.0 adapter>

    S3 stickload (Digital TV stick firmware loader service) - c:\windows\system32\drivers\stickload.sys <Not Verified; DiBcom S.A; DVB-T USB2.0 adapter>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
    R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

    S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
    S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID:
    Description: Camera
    Device ID: USB\VID_046D&PID_08F0&MI_00\6&64E41E5&0&0000
    Manufacturer:
    Name: Camera
    PNP Device ID: USB\VID_046D&PID_08F0&MI_00\6&64E41E5&0&0000
    Service:

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Nokia N73
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia N73
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd


    -- Files created between 2007-10-18 and 2007-11-18 -----------------------------

    2007-11-18 10:12:42 0 d-------- C:\Program Files\Rockstar Games
    2007-11-17 21:35:42 0 d-------- C:\Users\SpaDe\DoctorWeb
    2007-11-17 20:22:11 11880 --a------ C:\Windows\ultima_prog2.bin
    2007-11-17 20:11:44 30208 --a------ C:\Windows\system32\drivers\isdrvinf.exe
    2007-11-17 20:11:40 0 d-------- C:\Program Files\Digital TV
    2007-11-17 20:11:39 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-11-17 20:10:41 15744 --a------ C:\Windows\system32\drivers\stickcap.sys <Not Verified; DiBcom SA; DVB-T USB2.0 adapter>
    2007-11-17 20:10:40 17024 --a------ C:\Windows\system32\drivers\stickload.sys <Not Verified; DiBcom S.A; DVB-T USB2.0 adapter>
    2007-11-17 20:10:27 0 d-------- C:\Program Files\Common Files\InstallShield
    2007-11-17 16:05:27 0 d-------- C:\Program Files\SimpleDivX
    2007-11-16 22:26:51 180224 --a------ C:\Windows\system32\xvidvfw.dll
    2007-11-16 22:26:51 765952 --a------ C:\Windows\system32\xvidcore.dll
    2007-11-16 22:26:51 0 d-------- C:\Program Files\Xvid
    2007-11-16 19:34:41 0 d-------- C:\Program Files\Trend Micro
    2007-11-16 19:28:34 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
    2007-11-16 18:26:17 0 d-------- C:\Windows\pss
    2007-11-16 14:46:53 0 d-------- C:\Program Files\Gabest
    2007-11-16 14:41:31 0 d-------- C:\Program Files\MSXML 4.0
    2007-11-16 13:14:00 0 d-------- C:\Users\All Users\PC Suite
    2007-11-16 11:55:48 0 d-------- C:\Program Files\Common Files\PCSuite
    2007-11-16 11:55:45 0 d-------- C:\Program Files\Common Files\Nokia
    2007-11-16 11:55:18 0 d-------- C:\Program Files\DIFX
    2007-11-16 11:53:37 0 d-------- C:\Program Files\PC Connectivity Solution
    2007-11-16 11:51:36 0 d-------- C:\Program Files\Nokia
    2007-11-16 11:50:55 0 d-------- C:\Users\All Users\Installations
    2007-11-16 10:39:31 0 d-------- C:\Program Files\URUSoft
    2007-11-16 10:24:05 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
    2007-11-16 10:24:05 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
    2007-11-16 10:24:05 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
    2007-11-16 10:24:01 0 d-------- C:\Program Files\VSO
    2007-11-15 22:56:48 0 d-------- C:\Windows\system32\OEM
    2007-11-15 22:56:48 0 d-------- C:\Windows\PANTHER
    2007-11-15 22:56:10 459304 --a------ C:\Windows\system32\perfh00B.dat
    2007-11-15 22:56:10 83690 --a------ C:\Windows\system32\perfc00B.dat
    2007-11-15 22:55:41 0 d-------- C:\Windows\system32\fi
    2007-11-15 22:55:41 0 d-------- C:\Windows\system32\drivers\fi-FI
    2007-11-15 22:55:41 0 d-------- C:\Windows\fi-FI
    2007-11-15 20:47:24 0 d-------- C:\Program Files\Music NFO Builder
    2007-11-15 19:32:08 0 d-------- C:\Program Files\Spyware Doctor
    2007-11-15 19:28:49 0 d-------- C:\Program Files\Elaborate Bytes
    2007-11-15 19:27:05 0 d-------- C:\Program Files\SlySoft
    2007-11-15 19:22:13 0 d-------- C:\Program Files\Alcohol Soft
    2007-11-15 18:52:47 0 d-------- C:\Program Files\Uniblue
    2007-11-15 18:41:29 5120 --a------ C:\Windows\system32\ff_vfw.dll
    2007-11-15 18:28:03 0 d-------- C:\Program Files\AC3Filter
    2007-11-15 18:25:15 0 d-------- C:\Program Files\ffdshow
    2007-11-15 18:04:57 0 d-------- C:\Users\All Users\Nero
    2007-11-15 18:04:57 0 d-------- C:\Program Files\Nero
    2007-11-15 18:04:57 0 d-------- C:\Program Files\Common Files\Nero
    2007-11-15 16:10:17 0 d-------- C:\Windows\system32\Macromed
    2007-11-15 15:27:35 0 d-------- C:\Program Files\Microsoft.NET
    2007-11-15 15:25:37 0 d-------- C:\Users\All Users\Microsoft Help
    2007-11-15 15:14:57 0 d-------- C:\Program Files\DAEMON Tools
    2007-11-15 15:04:26 685816 --a------ C:\Windows\system32\drivers\sptd.sys
    2007-11-15 15:01:37 0 d-------- C:\Program Files\Musclesoft
    2007-11-15 14:23:17 0 d-------- C:\Program Files\uTorrent
    2007-11-15 14:04:59 0 d-------- C:\Users\All Users\NVIDIA
    2007-11-15 13:51:52 0 d-------- C:\Program Files\Winamp
    2007-11-15 13:48:50 0 d-------- C:\Program Files\Alwil Software
    2007-11-15 13:39:53 0 d-------- C:\Windows\PCHEALTH
    2007-11-15 13:33:55 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-11-15 13:33:42 0 d-------- C:\Program Files\Windows Live
    2007-11-15 13:33:19 0 d--hs---- C:\Windows\Installer
    2007-11-15 13:33:16 0 d-------- C:\Users\All Users\WLInstaller
    2007-11-15 13:27:37 0 dr------- C:\Users\SpaDe\Searches
    2007-11-15 13:27:27 0 dr------- C:\Users\SpaDe\Contacts
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Verkkoympäristö
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Tulostinympäristö
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\SendTo
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Recent
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Omat tiedostot
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Mallit
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Local Settings
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Käynnistä-valikko
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Cookies
    2007-11-15 13:27:23 0 d--hs---- C:\Users\SpaDe\Application Data
    2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Videos
    2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Saved Games
    2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Pictures
    2007-11-15 13:27:22 1835008 --ahs---- C:\Users\SpaDe\NTUSER.DAT
    2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Music
    2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Links
    2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Favorites
    2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Downloads
    2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Documents
    2007-11-15 13:27:22 0 dr------- C:\Users\SpaDe\Desktop
    2007-11-15 13:27:22 0 d--h----- C:\Users\SpaDe\AppData
    2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Verkkoympäristö
    2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Tulostinympäristö
    2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Omat tiedostot
    2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Mallit
    2007-11-15 13:22:01 0 d--hs---- C:\Users\Default\Käynnistä-valikko
    2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Työpöytä
    2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Tiedostot
    2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Suosikit
    2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Mallit
    2007-11-15 13:22:01 0 d--hs---- C:\Users\All Users\Käynnistä-valikko
    2007-11-15 13:11:04 0 d--h----- C:\Users\All Users\CanonBJ
    2007-11-15 13:02:31 0 d-------- C:\Windows\SoftwareDistribution
    2007-11-15 13:00:56 0 d-------- C:\Windows\Debug
    2007-11-15 12:58:23 0 d-------- C:\Windows\Prefetch
    2007-11-06 10:24:59 0 d-------- C:\GTR2
    2007-11-04 17:58:58 0 -rahs---- C:\MSDOS.SYS
    2007-11-04 17:58:58 0 -rahs---- C:\IO.SYS
    2007-11-02 07:32:08 0 dr-h----- C:\MSOCache
    2007-11-01 13:08:21 0 d--h----- C:\BJPrinter
    2007-11-01 13:06:25 0 d--h----- C:\CanonMP
    2007-11-01 04:23:30 0 d--hs---- C:\Boot
    2007-10-31 18:24:18 0 d--hs---- C:\System Volume Information


    -- Find3M Report ---------------------------------------------------------------

    2007-11-18 11:47:12 0 d-------- C:\Users\SpaDe\AppData\Roaming\uTorrent
    2007-11-17 20:10:27 0 d-------- C:\Program Files\Common Files
    2007-11-16 13:15:27 0 d-------- C:\Users\SpaDe\AppData\Roaming\Nokia
    2007-11-16 13:14:13 0 d-------- C:\Users\SpaDe\AppData\Roaming\PC Suite
    2007-11-16 13:04:11 0 d-------- C:\Users\SpaDe\AppData\Roaming\Vso
    2007-11-16 10:24:37 34 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.log
    2007-11-16 10:24:09 7887 --a------ C:\Users\SpaDe\AppData\Roaming\pcouffin.cat
    2007-11-15 22:55:42 0 d-------- C:\Program Files\Windows Sidebar
    2007-11-15 22:55:42 0 d-------- C:\Program Files\Windows Photo Gallery
    2007-11-15 22:55:42 0 d-------- C:\Program Files\Windows Journal
    2007-11-15 22:55:42 0 d-------- C:\Program Files\Windows Collaboration
    2007-11-15 22:55:42 0 d-------- C:\Program Files\Movie Maker
    2007-11-15 19:32:08 0 d-------- C:\Users\SpaDe\AppData\Roaming\PC Tools
    2007-11-15 19:01:00 0 d-------- C:\Users\SpaDe\AppData\Roaming\Uniblue
    2007-11-15 18:20:30 0 d-------- C:\Users\SpaDe\AppData\Roaming\Media Player Classic
    2007-11-15 18:11:31 0 d-------- C:\Users\SpaDe\AppData\Roaming\Nero
    2007-11-15 16:10:18 0 d-------- C:\Users\SpaDe\AppData\Roaming\Macromedia
    2007-11-15 15:15:32 0 d-------- C:\Users\SpaDe\AppData\Roaming\WinRAR
    2007-11-15 14:03:16 174 --ahs---- C:\Program Files\desktop.ini
    2007-11-15 14:00:02 0 d-------- C:\Program Files\Windows Calendar
    2007-11-15 14:00:00 0 d-------- C:\Program Files\Windows Mail
    2007-11-15 13:59:59 0 d-------- C:\Program Files\Windows Defender
    2007-11-15 13:54:38 0 d-------- C:\Users\SpaDe\AppData\Roaming\Winamp
    2007-11-15 13:27:28 0 d-------- C:\Users\SpaDe\AppData\Roaming\Identities
    2007-11-15 13:22:01 0 d-------- C:\Program Files\Windows NT
    2007-08-24 18:08:24 1275392 --a------ C:\Windows\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [15.11.2007 13:52]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25.10.2007 18:20]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [12.09.2007 05:28]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12.09.2007 05:28]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02.11.2006 14:35]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]
    "µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [15.11.2007 17:27]
    "uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [15.11.2007 17:27]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 14:35]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital TV Stick.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital TV Stick.lnk
    backup=C:\Windows\pss\Digital TV Stick.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
    "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
    c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
    C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7443ab5b-937b-11dc-a88c-001bb9aba856}]
    AutoRun\command- O:\Install.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2007-11-18 11:47:41 ------------

     
    J-lalli, Nov 18, 2007
    #17
  18. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    alkais olla puhdasta :D
    onko vielä ongelmia?
     
    tomato71, Nov 18, 2007
    #18
  19. J-lalli

    J-lalli Active member

    Joined:
    Apr 8, 2005
    Messages:
    1,292
    Likes Received:
    7
    Trophy Points:
    68
    Ei vähään aikaan, kiitos todella paljon, oikeesti;)
     
    J-lalli, Nov 18, 2007
    #19
  20. tomato71

    tomato71 Regular member

    Joined:
    Apr 30, 2006
    Messages:
    1,151
    Likes Received:
    0
    Trophy Points:
    46
    jos jaksat niin kasperskyn-skanneri olisi hyvä vielä ajattaa

    Skannaa koneesi Kaspersky Online Skannerilla
    Käytä Internet Explorer
    Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
    • Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
    • Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
    • Klikkaa nyt asetuksia, Scan Settings
    • Tarkista asetuksista, että seuraavat ovat valittuina:

      o Scan using the following Anti-Virus database:

      + Extended (Jos valittavissa, muuten valitse Standard)

      o Scan Options:

      + Scan Archives
      + Scan Mail Bases
    • Klikkaa OK
    • Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
    • Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
    • Klikkaa nyt Save as Text-painiketta.
    • Tallenna tiedosto työpöydällesi.
    • Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
     
    tomato71, Nov 18, 2007
    #20
Page 1 of 2

Share This Page