Kone haittaohjelmien kohteena

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by OngelmaPC, Aug 13, 2008.

  1. OngelmaPC

    OngelmaPC Member

    Joined:
    Aug 13, 2008
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    11
    Tietokoneeni on ollut pitkään samanlaisessa tilassa ja viimein päätin ryhdistäytyä ja pyytää teiltä apua sen puhdistamiseen.

    Oireita:
    - Yllättävät IE:n kautta aukeavat POPUP-ikkunat
    - Automaattiset päivitykset estetty, myös päivitysten lataaminen Win Updatesta
    - Koneen yleinen hitaus

    HijackThis Logi

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:43:20, on 13.8.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\VIAudioi\SBADeck\ADeck.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    D:\Program Files\Logitech\Video\CameraAssistant.exe
    D:\WINDOWS\system32\ElkCtrl.exe
    D:\Program Files\Elisa\Avustaja\Elisa.exe
    D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
    D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    D:\WINDOWS\system32\PnkBstrA.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Hide My IP 2008\SecureSrv.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\WINDOWS\system32\taskmgr.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    F:\Ohjelmat\HiJackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
    F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\vbpdtvdp.exe,
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8FDFBE1C-ABD4-477C-92C2-20FB7D22B414} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9B961758-80A2-4843-9152-A1D7DB0540E9} - (no file)
    O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - (no file)
    O2 - BHO: (no name) - {C108AE59-C97F-4517-8B74-5590BE3C2A82} - (no file)
    O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - D:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
    O2 - BHO: (no name) - {fbe367b6-5f90-42eb-8297-3fcb9a0de161} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AudioDeck] D:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [LogitechCameraAssistant] D:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] D:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] D:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Elisa Avustaja] "D:\Program Files\Elisa\Avustaja\Elisa.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Microsoft Windows Sound] svrhost.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svrhost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Microsoft Windows Installer] D:\Documents and Settings\Jari\Application Data\Microsoft\dtsc\24410.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe
    O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\securenet.dll
    O10 - Unknown file in Winsock LSP: d:\windows\system32\securenet.dll
    O10 - Unknown file in Winsock LSP: d:\windows\system32\securenet.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192530440312
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: d:\windows\system32\mljjheb.dll
    O20 - Winlogon Notify: ddcyv - D:\WINDOWS\System32\ddcyv.dll (file missing)
    O20 - Winlogon Notify: fcccbca - fcccbca.dll (file missing)
    O20 - Winlogon Notify: iifCssQK - iifCssQK.dll (file missing)
    O20 - Winlogon Notify: iprace - iprace.dll (file missing)
    O20 - Winlogon Notify: kd1949 - kd1949.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: DomainService - Unknown owner - D:\Documents and Settings\Jari\Application Data\tmp9.tmp.exe (file missing)
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SecureSrv - Unknown owner - D:\Program Files\Hide My IP 2008\SecureSrv.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 12238 bytes


    Kone olisi tarkoitus puhdistaa haittaohjelmista ja palauttaa se jälleen toimintakuntoon. Toivottavasti osaatte auttaa :)
     
    OngelmaPC, Aug 13, 2008
    #1
  2. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    Eiköhän tuo tuosta saada kuntoon :D


    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
    * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
    * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
    täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

    1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
    Combofix.exe
    Combofix.exe

    Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * (C:\ComboFix.txt) raportti
    *
     
    yaht, Aug 13, 2008
    #2
  3. OngelmaPC

    OngelmaPC Member

    Joined:
    Aug 13, 2008
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    11
    Käytin tuossa juuri Anti-Malvaren läpi ja se löysi 125 haittaohjelmaa :O . Uskomatonta kuinka paljon koneella voi olla sontaa.

    Ajan huomenna tuon ComboFixin läpi ja annan logit näytille.
     
    OngelmaPC, Aug 13, 2008
    #3
  4. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    Asia selvä :D
     
    yaht, Aug 13, 2008
    #4
  5. OngelmaPC

    OngelmaPC Member

    Joined:
    Aug 13, 2008
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    11
    Nonniin, raporttia tulee:

    ComboFix

    Code:
    ComboFix 08-08-13.02 - Jari 2008-08-14 13:37:57.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1035.18.528 [GMT 3:00]
Running from: D:\Documents and Settings\Jari\Työpöytä\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((   Muut poistot   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\mainms.vpi
D:\WINDOWS\megavid.cdt
D:\WINDOWS\muotr.so
D:\WINDOWS\system32\1996\8236.dll
D:\WINDOWS\system32\aprlesxo.ini2
D:\WINDOWS\system32\aprlesxo.tmp
D:\WINDOWS\system32\ayIjQqss.ini2
D:\WINDOWS\system32\CB47HUxq.dll
D:\WINDOWS\system32\cdz1
D:\WINDOWS\system32\DgggNXyb.ini2
D:\WINDOWS\system32\drivers\npf.sys
D:\WINDOWS\system32\dsbvmaou.ini
D:\WINDOWS\system32\euysswla.ini
D:\WINDOWS\system32\hljwugsf.bin
D:\WINDOWS\system32\ivttvtup.ini
D:\WINDOWS\system32\kagwofti.ini
D:\WINDOWS\system32\lpefwrqw.ini
D:\WINDOWS\system32\LSYFOqss.ini2
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\packet.dll
D:\WINDOWS\system32\plnrgyfy.ini
D:\WINDOWS\system32\qxkswgwx.ini
D:\WINDOWS\system32\RBJQAcfe.ini
D:\WINDOWS\system32\RBJQAcfe.ini2
D:\WINDOWS\system32\RtAJPXyb.ini
D:\WINDOWS\system32\RtAJPXyb.ini2
D:\WINDOWS\system32\tps5
D:\WINDOWS\system32\wpcap.dll
D:\WINDOWS\system32\vycdd.bak1
D:\WINDOWS\system32\vycdd.bak2
D:\WINDOWS\system32\vycdd.ini
D:\WINDOWS\system32\vycdd.ini2
D:\WINDOWS\system32\vycdd.tmp
D:\WINDOWS\system32\xnirptiv.ini
D:\WINDOWS\temp\perflib_perfdata_1cc.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_MSSECURITY1.209.4
-------\Service_NPF


(((((   Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-14 to 2008-08-14  )))))))))))))))))
.

2100-02-16 15:09 . 2001-02-16 14:37	62	--a------	D:\WINDOWS\system32\LXBOUSCI.INI
2008-08-13 16:34 . 2008-08-13 16:34	<KANSIO>	d--------	D:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 16:34 . 2008-08-13 16:34	<KANSIO>	d--------	D:\Documents and Settings\Jari\Application Data\Malwarebytes
2008-08-13 16:34 . 2008-08-13 16:34	<KANSIO>	d--------	D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 16:34 . 2008-07-30 20:07	38,472	--a------	D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-13 16:34 . 2008-07-30 20:07	17,144	--a------	D:\WINDOWS\system32\drivers\mbam.sys
2008-08-12 19:30 . 2008-08-12 20:00	<KANSIO>	d--------	D:\Documents and Settings\Jari\Application Data\Thinstall
2008-08-12 19:09 . 2008-08-12 19:12	<KANSIO>	d--------	D:\Documents and Settings\Jari\bin
2008-08-08 12:34 . 2008-08-08 12:34	36,354	--a------	D:\WINDOWS\system32\GF47LYcu.exe
2008-08-05 13:14 . 2008-08-05 13:15	<KANSIO>	d--------	D:\WINDOWS\system32\Adobe
2008-07-29 20:31 . 2008-07-29 20:41	<KANSIO>	d--------	D:\Program Files\Glidos
2008-07-29 16:43 . 2002-03-07 00:19	454,656	--a------	D:\WINDOWS\system32\PaintX.dll
2008-07-29 15:37 . 2008-07-29 15:37	0	--a------	D:\Mikon
2008-07-28 12:27 . 2008-07-28 12:27	34,367	--a------	D:\WINDOWS\system32\GF47LYcu.zip
2008-07-27 14:27 . 2008-07-27 14:27	<KANSIO>	d--------	D:\Documents and Settings\Jari\Application Data\SecuROM
2008-07-26 18:37 . 1999-05-13 23:24	107,008	--a------	D:\WINDOWS\system32\PaintX.xls
2008-07-26 14:59 . 2008-07-26 14:59	<KANSIO>	d--------	D:\Program Files\Microsoft Synchronization Services
2008-07-26 14:59 . 2008-07-26 14:59	<KANSIO>	d--------	D:\Program Files\Microsoft SQL Server Compact Edition
2008-07-26 14:50 . 2008-07-28 13:23	<KANSIO>	d--------	D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-26 14:45 . 2008-07-26 14:45	<KANSIO>	d--------	D:\Program Files\Microsoft SDKs
2008-07-26 14:35 . 2008-07-28 13:23	<KANSIO>	d--------	D:\WINDOWS\system32\XPSViewer
2008-07-26 14:35 . 2008-07-26 14:35	<KANSIO>	d--------	D:\Program Files\MSBuild
2008-07-26 14:34 . 2008-07-26 14:34	<KANSIO>	d--------	D:\Program Files\Reference Assemblies
2008-07-26 14:33 . 2006-06-29 13:07	14,048	---------	D:\WINDOWS\system32\spmsg2.dll
2008-07-25 20:04 . 2008-07-25 20:05	4,362,567	--a------	D:\loveglados.zip
2008-07-25 19:52 . 2008-07-25 19:52	2,701,304	--a------	D:\vbsetup.exe
2008-07-21 17:06 . 2008-07-21 17:06	48	--a------	D:\WINDOWS\scmate.ini
2008-07-20 19:13 . 2008-08-12 18:50	<KANSIO>	d--------	D:\Mikon Kone - Jaettu Kansio
2008-07-20 17:02 . 2008-07-20 17:02	<KANSIO>	d--------	D:\Documents and Settings\Jari\Application Data\uk.co.planetside
2008-07-20 17:01 . 2008-07-20 17:01	<KANSIO>	d--------	D:\Program Files\Terragen
2008-07-19 18:49 . 2008-07-19 19:04	85,182,540	--a------	D:\ismo2.rar
2008-07-19 17:40 . 2008-07-19 17:40	<KANSIO>	d--------	D:\Documents and Settings\NetworkService\Application Data\Orbit
2008-07-18 09:00 . 2008-07-18 09:26	<KANSIO>	dr-------	D:\Documents and Settings\NetworkService\Suosikit
2008-07-16 20:24 . 2008-07-16 20:24	<KANSIO>	d--------	D:\Program Files\WinImage
2008-07-16 20:24 . 2005-10-16 08:00	12,928	--a------	D:\WINDOWS\system32\drivers\filedisk.sys
2008-07-16 17:38 . 2008-07-16 17:38	<KANSIO>	d--------	D:\Program Files\Microsoft Virtual PC
2008-07-15 23:03 . 2008-07-15 23:04	<KANSIO>	d--------	D:\mediawiki-1.12.0
2008-07-15 20:09 . 2008-07-15 20:09	280,565	--a------	D:\screen5.png
2008-07-15 20:06 . 2008-07-15 20:06	355,494	--a------	D:\screen4.png
2008-07-14 21:49 . 2008-07-14 21:49	<KANSIO>	d--------	D:\Program Files\Apple Software Update
2008-07-14 21:49 . 2008-07-14 21:49	<KANSIO>	d--------	D:\Documents and Settings\All Users\Application Data\Apple
2008-07-14 19:15 . 2008-07-14 19:15	335,404	--a------	D:\screen3.png
2008-07-14 19:14 . 2008-07-14 19:14	444,089	--a------	D:\screen2.png
2008-07-14 19:14 . 2008-07-14 19:14	168,808	--a------	D:\screen1.png

.
((((((((((((((((((((((((((((((((((((   Find3M-raportti   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 10:51	---------	d-----w	D:\Documents and Settings\Jari\Application Data\Orbit
2008-08-12 18:48	---------	d-----w	D:\Program Files\Windows Live Safety Center
2008-08-11 19:07	---------	d-----w	D:\Documents and Settings\Jari\Application Data\uTorrent
2008-08-09 17:26	---------	d-----w	D:\Documents and Settings\Jari\Application Data\OpenOffice.org2
2008-08-08 21:09	---------	d-----w	D:\Documents and Settings\Jari\Application Data\mIRC
2008-08-08 19:54	---------	d-----w	D:\Program Files\mIRC
2008-07-31 09:29	---------	d-----w	D:\Documents and Settings\Jari\Application Data\SPORE Creature Creator
2008-07-27 13:06	---------	d--h--w	D:\Program Files\InstallShield Installation Information
2008-07-26 18:02	---------	d-----w	D:\Program Files\Vstplugins
2008-07-26 18:02	---------	d-----w	D:\Program Files\Image-Line
2008-07-25 13:19	23	----a-w	D:\Documents and Settings\Jari\jagex_runescape_preferences.dat
2008-07-22 11:33	---------	d-----w	D:\Program Files\Java
2008-07-14 18:51	---------	d-----w	D:\Program Files\Paint.NET
2008-07-09 17:27	---------	d-----w	D:\Program Files\nBinder 5.5
2008-07-07 16:26	---------	d-----w	D:\Program Files\Flavar
2008-07-07 08:20	---------	d---a-w	D:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 07:23	107,888	----a-w	D:\WINDOWS\system32\CmdLineExt.dll
2008-06-20 11:58	---------	d-----w	D:\Documents and Settings\Jari\Application Data\Mobipocket Reader
2008-06-20 11:45	---------	d-----w	D:\Program Files\Mobipocket.com
2008-06-20 11:45	---------	d-----w	D:\Program Files\Common Files\Mobipocket Shared
2008-06-20 11:10	---------	d-----w	D:\Program Files\WinHTTrack
2008-06-17 18:19	---------	d-----w	D:\Program Files\VirtualDJ
2008-06-11 18:13	155,995	----a-w	D:\WINDOWS\java\Packages\I2N3LZD7.ZIP
2008-06-11 16:04	409,600	----a-w	D:\WINDOWS\system32\wrap_oal.dll
2008-06-11 16:04	114,688	----a-w	D:\WINDOWS\system32\OpenAL32.dll
2008-06-04 11:03	55,808	------w	D:\WINDOWS\trz1AE.tmp
2008-05-28 08:43	5,304	----a-w	D:\Program Files\program_files.txt
2008-05-21 13:45	217	----a-w	D:\Documents and Settings\Jari\echoo.com
2006-05-03 09:06	163,328	--sh--r	D:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47	31,232	--sh--r	D:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((   Rekisterin k„ynnistyskohteet   )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52 94208]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"LDM"="D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-07 13:47 67128]
"updateMgr"="D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"AudioDeck"="D:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 14:20 512000]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"Lexmark X84-X85 Button Monitor"="D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 13:36 40960]
"Lexmark X84-X85 Button Manager"="D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 09:36 53248]
"PrinTray"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 18:52 36864]
"LogitechCameraAssistant"="D:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472]
"LogitechVideo[inspector]"="D:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="D:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]
"Elisa Avustaja"="D:\Program Files\Elisa\Avustaja\Elisa.exe" [2007-10-22 16:15 189768]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]
"ISUSPM Startup"="D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 07:03 221184]
"ISUSScheduler"="D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 02:12 110592 D:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\mljjheb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Ohjelmat\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"D:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"D:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"=
"D:\\Ohjelmat\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 nmfilter;DriverStudio Device Filter;D:\WINDOWS\system32\DRIVERS\nmfilter.sys [2001-11-07 03:09]
R0 Siwvid;Siwvid;D:\WINDOWS\system32\drivers\Siwvid.sys [2001-11-07 03:09]
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R2 DbgMsg;Debug Message;D:\WINDOWS\system32\drivers\DbgMsg.sys [2001-11-07 06:40]
R3 LVPrcMon;Logitech LVPrcMon Driver;D:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 SecureSrv;SecureSrv;D:\Program Files\Hide My IP 2008\SecureSrv.exe [2008-03-13 15:36]
S3 NTice;NTice;D:\WINDOWS\system32\drivers\NTice.sys [2001-11-07 03:09]
S3 XDva120;XDva120;D:\WINDOWS\system32\XDva120.sys []
S4 Siwsym;Siwsym;D:\WINDOWS\system32\drivers\Siwsym.sys [2001-11-07 03:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8162b4a7-7d6f-11dc-8f08-005022401a2e}]
\Shell\AutoRun\command - F:\Ohjelmat\PStart\PStart.exe
.
'Ajoitetut teht„v„t'-kansion sis„lt”

2008-08-07 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-06-09 D:\WINDOWS\Tasks\RegClean Scheduled Scan.job
- D:\Program Files\RegClean\RegClean.exe []

2008-06-09 D:\WINDOWS\Tasks\RegClean Scheduled Scan.job
- D:\Program Files\RegClean []

2008-08-14 D:\WINDOWS\Tasks\RegCure Program Check.job
- D:\Program Files\RegCure\RegCure.exe [2007-08-02 19:20]

2008-06-09 D:\WINDOWS\Tasks\RegCure.job
- D:\Program Files\RegCure\RegCure.exe [2007-08-02 19:20]
.
- - - - ORPHANS REMOVED - - - -

Notify-ddcyv - D:\WINDOWS\System32\ddcyv.dll
Notify-fcccbca - fcccbca.dll
Notify-iifCssQK - iifCssQK.dll
Notify-iprace - iprace.dll
Notify-kd1949 - kd1949.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Jari\Application Data\Mozilla\Firefox\Profiles\pk1ftsya.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-08-14 13:51:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\lsass.exe
-> D:\WINDOWS\system32\securenet.dll

PROCESS: D:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\PSAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Orbitdownloader\orbitdm.exe
D:\Program Files\Orbitdownloader\orbitnet.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\GF47LYcu.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-14 14:08:58 - machine was rebooted [Jari]
ComboFix-quarantined-files.txt  2008-08-14 11:08:43

Pre-Run: 3,625,840,640 tavua vapaana
Post-Run: 3,637,084,160 tavua vapaana

273	--- E O F ---	2008-06-11 18:13:47
    AntiMalware

    Code:
    Malwarebytes' Anti-Malware 1.24
Tietokantaversio: 1047
Windows 5.1.2600 Service Pack 2

21:20:10 13.8.2008
mbam-log-8-13-2008 (21-20-10).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 290408
Kulunut aika: 4 hour(s), 18 minute(s), 28 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 21
Saastuneita rekisteriarvoja: 5
Saastuneita rekisterikohteita: 1
Saastuneita hakemistoja: 9
Saastuneita tiedostoja: 89

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\altcompare (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c108ae59-c97f-4517-8b74-5590be3c2a82} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvcl1.bhoapp.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvcl1.bhoapp (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{32131238-5434-4234-4234-432432423432} (Adware.BHO) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Sound (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Windows Sound (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c108ae59-c97f-4517-8b74-5590be3c2a82} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows installer (Backdoor.Bot) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\vbpdtvdp.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
D:\WINDOWS\system32\vntiho06 (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Program Files\altcmd (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Program Files\ColorUtility (Trojan.BHO) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jari\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
D:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ssqOFYSL(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rqRiHXqn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\iifgHArs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\byXNgggD(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\GF47LYcu.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\70e05q5q.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\lfn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
D:\WINDOWS\BMeb9867e7.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\BMeb9867e7.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0DA5AA3E-825F-4AD7-8DC0-FFB9E7B235C1}\RP320\A0102360.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0DA5AA3E-825F-4AD7-8DC0-FFB9E7B235C1}\RP320\A0102359.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0DA5AA3E-825F-4AD7-8DC0-FFB9E7B235C1}\RP320\A0102356.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0DA5AA3E-825F-4AD7-8DC0-FFB9E7B235C1}\RP320\A0102353.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0DA5AA3E-825F-4AD7-8DC0-FFB9E7B235C1}\RP320\A0102348.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0DA5AA3E-825F-4AD7-8DC0-FFB9E7B235C1}\RP320\A0102346.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0DA5AA3E-825F-4AD7-8DC0-FFB9E7B235C1}\RP320\A0102336.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0DA5AA3E-825F-4AD7-8DC0-FFB9E7B235C1}\RP319\A0101235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Program Files\altcmd\uninstall.bat (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Program Files\altcmd\altcmd.inf (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Program Files\VAV\VAV.zip (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
D:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
D:\Program Files\ColorUtility\uninstall.dat (Trojan.BHO) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jari\Suosikit\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jari\Suosikit\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jari\Suosikit\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jari\Application Data\Microsoft\dtsc\id (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080617185955968.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
D:\Documents (Backdoor.Bot) -> Quarantined and deleted successfully.
    HiJackThis

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:48, on 14.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\VIAudioi\SBADeck\ADeck.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\Logitech\Video\CameraAssistant.exe
D:\WINDOWS\system32\ElkCtrl.exe
D:\Program Files\Elisa\Avustaja\Elisa.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Orbitdownloader\orbitdm.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Orbitdownloader\orbitnet.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Hide My IP 2008\SecureSrv.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
F:\Ohjelmat\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - D:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AudioDeck] D:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] D:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] D:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] D:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Elisa Avustaja] "D:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\securenet.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192530440312[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/url]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: d:\windows\system32\mljjheb.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecureSrv - Unknown owner - D:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10908 bytes
     
    OngelmaPC, Aug 14, 2008
    #5
  6. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    Älä pistä noita logeja Code tageilla ei ole mitään mukavaa luettavaa.

    1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
    Combofix.exe
    Combofix.exe

    Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:



    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

    [​IMG]


    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)


    O20 - AppInit_DLLs: d:\windows\system32\mljjheb.dll


    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * (C:\ComboFix.txt) raportti
    *

    Tarkista koneesi F-Securen online skannerilla

    Huom, skanneri toimii vain Internet Explorer selaimella

    * Lue sivun ohjeet huolella läpi
    * Klikkaa Start scanning
    * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
    * Klikkaa Accept
    * Klikkaa Custom Scan
    * Säädä asetukset seuraavasti

    o "Virus Scan Option" kohdasta valitse Scan whole system
    o "Other Scan Option" kohdasta valitse Scan All Files
    o Valitse Scan whole system for rootkits
    o Valitse Scan whole system for spyware
    o Laita ruksi kohtaan Scan inside archives
    o Varmista että Use advanced heuristics on valittuna

    * Klikkaa Start
    * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
    * Odota kärsivällisesti
    * Kun sakannaus on suoritettu, klikkaa Automatic cleaning
    * Klikkaa Show Report
    * Raportti aukeaa selaimessa, kopioi teksti kokonaan
    * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
    * Voit sulkea skannerin
    * Lähetä raportti viestiketjuusi
     
    yaht, Aug 14, 2008
    #6
  7. OngelmaPC

    OngelmaPC Member

    Joined:
    Aug 13, 2008
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    11
    Tuon GF47LYcu.exe:n hävittäminen ei auttanut mitään. Ohjelma kummittelee edelleen prosesseissa..
     
    OngelmaPC, Aug 14, 2008
    #7

Share This Page