Lisää Mese viiruksia

Ns22 · May 29, 2008

Tässä logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48, on 2008-05-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MS Installer 3.0] setup.exe
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\RunServices: [MS Installer 3.0] setup.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O15 - Trusted Zone: http://s4.travian.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6408 bytes

kalminen · May 29, 2008

HJT logi normaalitilassa.

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\winudspm.exe

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Ns22 · May 29, 2008

Muuten. Haittaako kun annoin ton login vikasietotilankautta?

Ns22 · May 29, 2008

Tässä:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:28, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MS Installer 3.0] setup.exe
O4 - HKLM\..\RunServices: [MS Installer 3.0] setup.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O15 - Trusted Zone: http://s4.travian.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6320 bytes

----------------------------------------------------------

ComboFix 08-05-28.4 - Nicolas 2008-05-29 16:05:58.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.799 [GMT 3:00]
Running from: C:\Documents and Settings\Nicolas\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicolas\Työpöytä\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\winudspm.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Charmis\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\images.zip
C:\WINDOWS\winudspm.exe
.
---- Previous Run -------
.
C:\Documents and Settings\Charmis\Application Data\macromedia\Flash Player\#SharedObjects\FF7VBN9H\iforex.com
C:\Documents and Settings\Charmis\Application Data\macromedia\Flash Player\#SharedObjects\FF7VBN9H\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Charmis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Charmis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\adminlogg.txt
C:\WINDOWS\admintxt.txt
C:\WINDOWS\BMb7712d41.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\regedit.com
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\dkbrcgix.ini
C:\WINDOWS\system32\fcwkyefw.ini
C:\WINDOWS\system32\GhPYyyay.ini
C:\WINDOWS\system32\GhPYyyay.ini2
C:\WINDOWS\system32\gordupqy.exe
C:\WINDOWS\system32\iiffEvVN.dll
C:\WINDOWS\system32\khfCvVNH.dll
C:\WINDOWS\system32\ljJBsPgH.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nipvnsne.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\wfeykwcf.dll
C:\WINDOWS\system32\vtUKDuRj.dll
C:\WINDOWS\system32\xigcrbkd.dll
C:\WINDOWS\system32\xtoyctiq.dll
C:\WINDOWS\system32\yayyYPhG.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-29 )))))))))))))))))
.

2008-05-29 13:26 . 2008-05-29 13:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 13:26 . 2008-05-29 13:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-29 01:42 . 2008-05-29 01:42 229 --a------ C:\WINDOWS\system32\fff.bat
2008-05-28 23:46 . 2008-05-28 23:46 369 --a------ C:\vundoFIX.exe
2008-05-27 23:36 . 2008-05-27 23:36 40,960 --a------ C:\dcis.exe
2008-05-27 23:25 . 2008-05-27 23:25 40,960 --a------ C:\dciz.exe
2008-05-27 22:53 . 2008-05-28 00:29 56,832 --a------ C:\sexy.com
2008-05-27 21:31 . 2008-05-27 21:31 <KANSIO> d-------- C:\Program Files\Opera
2008-05-27 21:18 . 2008-05-28 23:03 40,960 --a------ C:\dci.exe
2008-05-22 20:33 . 2008-05-22 20:33 <KANSIO> d-------- C:\Program Files\Paradox Entertainment
2008-05-20 15:35 . 2008-05-22 20:23 <KANSIO> d-------- C:\Program Files\Paradox Interactive
2008-05-14 04:29 . 2008-05-14 04:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-05 15:17 . 2008-05-19 15:25 <KANSIO> d-------- C:\Program Files\Age of Empires II
2008-05-03 12:44 . 2008-05-03 12:44 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-03 12:37 . 2008-05-03 12:42 <KANSIO> d-------- C:\Program Files\TmUnitedForever
2008-05-02 14:12 . 2008-05-02 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-05-02 13:54 . 2008-05-02 14:00 <KANSIO> d-------- C:\Program Files\TrackMania United

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 22:40 --------- d-----w C:\Program Files\Steam
2008-05-28 21:05 --------- d-----w C:\Program Files\GameSpy Arcade
2008-05-28 20:46 369 ----a-w C:\vundoFIX.exe
2008-05-27 21:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Xfire
2008-05-27 18:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-27 18:53 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-27 13:23 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\LimeWire
2008-05-26 20:35 --------- d-----w C:\Documents and Settings\Charmis\Application Data\LimeWire
2008-05-23 12:05 --------- d-s---w C:\Program Files\Xfire
2008-05-22 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 12:05 --------- d-----w C:\Program Files\Betsson Poker
2008-05-17 15:30 --------- d-----w C:\Program Files\mIRC
2008-04-29 10:23 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-04-13 11:22 --------- d-----w C:\Program Files\PKR
2008-04-13 09:30 --------- d-----w C:\Program Files\PokerManager
2008-04-12 20:33 --------- d-----w C:\Program Files\ffdshow
2008-04-12 19:31 --------- d-----w C:\Program Files\CamStudio
2008-04-11 11:04 --------- d-----w C:\Program Files\PokerStars
2008-04-10 14:50 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-04-02 13:59 41,472 ----a-w C:\WINDOWS\runme2.exe
2008-04-01 16:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-04 14:48 8,781 ----a-w C:\askldjf.exe
2008-03-01 15:31 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:56 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-01-15 12:40 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-01-15 12:40 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-09-09 13:57 22,328 -c--a-w C:\Documents and Settings\Nicolas\Application Data\PnkBstrK.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 23:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2004-04-23 15:28 77824]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-15 23:13 185784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-28 12:19 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-28 12:18 740208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-21 14:40 286720]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-09-19 16:02 406016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MS Installer 3.0"="setup.exe" [2004-09-15 23:00 23040 C:\WINDOWS\system32\setup.exe]
"Windows UDP Control"="winudspm.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MS Installer 3.0"="setup.exe" [2004-09-15 23:00 23040 C:\WINDOWS\system32\setup.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 23:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-16 17:17:55 67128]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-05-15 17:01:25 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Charmis\\Työpöytä\\cccc\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\nicolar\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\nicolar\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\nicolar\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TrackMania United\\TmUnited.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Acer\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Acer\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\B2BPOKER\\Pokerium\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\TrackMania United\\TmUnitedLauncher.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Steam\\SteamApps\\nicolar\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\TmUnitedForever\\TmForever.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-09-08 12:27]
S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-28 12:18]
S2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-28 12:15]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\PLLUL~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-28 12:15]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-28 12:15]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-26 15:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-29 12:57:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 16:08:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 16:10:44
ComboFix-quarantined-files.txt 2008-05-29 13:10:42

Pre-Run: 60,619,960,320 tavua vapaana
Post-Run: 60,628,615,168 tavua vapaana

213 --- E O F --- 2008-05-15 22:27:22

kalminen · May 29, 2008

Muuten. Haittaako kun annoin ton login vikasietotilankautta?
Kyllä haitaa se ei näytä kaikkia.

-------------------------------------------------

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\dcis.exe
C:\dciz.exe
C:\sexy.com
C:\dci.exe
C:\askldjf.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows UDP Control"=-

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
-----------------------------------------------------
Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki + C:\ComboFix.txt).

Ns22 · May 29, 2008

Tässä Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.12
Tietokantaversio: 797

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 247531
Kulunut aika: 1 hour(s), 38 minute(s), 35 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 4
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 8
Saastuneita tiedostoja: 250

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\Typelib\{28f85800-2969-4966-8894-eda174875e71} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\history (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\logs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\history\1588847 (Adware.Casino) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\WINDOWS\system32\gordupqy.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xigcrbkd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyYPhG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A480F395-E94A-4F74-91AD-183A811383C0}\RP568\A0474138.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A480F395-E94A-4F74-91AD-183A811383C0}\RP568\A0474144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A480F395-E94A-4F74-91AD-183A811383C0}\RP568\A0474146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KCMDNIns.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\creditdebit.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\msvcp71.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\msvcr71.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\shfolder.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\zlib1.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\pot_bets.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\tabs_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\history\1588847\stats_GAME_THM.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\ext_creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Cardroom2\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.

Tässä Hjt-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:16, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MS Installer 3.0] setup.exe
O4 - HKLM\..\RunServices: [MS Installer 3.0] setup.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O15 - Trusted Zone: http://s4.travian.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/ActiveX/IfolorUploader_fika.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8027 bytes

Ja tässä Combofix-logi:

ComboFix 08-05-28.4 - Nicolas 2008-05-29 17:46:23.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.557 [GMT 3:00]
Running from: C:\Documents and Settings\Nicolas\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicolas\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\askldjf.exe
C:\dci.exe
C:\dcis.exe
C:\dciz.exe
C:\sexy.com
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\askldjf.exe
C:\dci.exe
C:\dcis.exe
C:\dciz.exe
C:\sexy.com

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-29 )))))))))))))))))
.

2008-05-29 16:55 . 2008-05-29 16:55 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-05-29 13:26 . 2008-05-29 16:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 13:26 . 2008-05-29 13:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-29 01:42 . 2008-05-29 01:42 229 --a------ C:\WINDOWS\system32\fff.bat
2008-05-28 23:46 . 2008-05-28 23:46 369 --a------ C:\vundoFIX.exe
2008-05-27 21:31 . 2008-05-27 21:31 <KANSIO> d-------- C:\Program Files\Opera
2008-05-22 20:33 . 2008-05-22 20:33 <KANSIO> d-------- C:\Program Files\Paradox Entertainment
2008-05-20 15:35 . 2008-05-22 20:23 <KANSIO> d-------- C:\Program Files\Paradox Interactive
2008-05-14 04:29 . 2008-05-14 04:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-05 15:17 . 2008-05-19 15:25 <KANSIO> d-------- C:\Program Files\Age of Empires II
2008-05-03 12:44 . 2008-05-03 12:44 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-03 12:37 . 2008-05-03 12:42 <KANSIO> d-------- C:\Program Files\TmUnitedForever
2008-05-02 14:12 . 2008-05-02 14:17 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania United
2008-05-02 13:54 . 2008-05-02 14:00 <KANSIO> d-------- C:\Program Files\TrackMania United

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 22:40 --------- d-----w C:\Program Files\Steam
2008-05-28 21:05 --------- d-----w C:\Program Files\GameSpy Arcade
2008-05-28 20:46 369 ----a-w C:\vundoFIX.exe
2008-05-27 21:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Xfire
2008-05-27 18:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-27 18:53 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-27 13:23 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\LimeWire
2008-05-26 20:35 --------- d-----w C:\Documents and Settings\Charmis\Application Data\LimeWire
2008-05-23 12:05 --------- d-s---w C:\Program Files\Xfire
2008-05-22 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 12:05 --------- d-----w C:\Program Files\Betsson Poker
2008-05-17 15:30 --------- d-----w C:\Program Files\mIRC
2008-04-29 10:23 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-04-13 11:22 --------- d-----w C:\Program Files\PKR
2008-04-13 09:30 --------- d-----w C:\Program Files\PokerManager
2008-04-12 20:33 --------- d-----w C:\Program Files\ffdshow
2008-04-12 19:31 --------- d-----w C:\Program Files\CamStudio
2008-04-11 11:04 --------- d-----w C:\Program Files\PokerStars
2008-04-10 14:50 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-04-02 13:59 41,472 ----a-w C:\WINDOWS\runme2.exe
2008-04-01 16:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 15:31 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:56 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-01-15 12:40 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-01-15 12:40 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-09-09 13:57 22,328 -c--a-w C:\Documents and Settings\Nicolas\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-29_16.10.36,92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:49:28 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:31:09 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:31:14 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:31:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:31:32 717,536 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:32:23 380,640 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
- 2008-05-29 12:54:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 13:49:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-09-15 20:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 12:00:47 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 1999-09-20 14:26:10 14,368 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
- 2004-09-15 20:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 12:00:47 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-05-29 13:50:12 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_140.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 23:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2004-04-23 15:28 77824]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-15 23:13 185784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-28 12:19 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-28 12:18 740208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-21 14:40 286720]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-09-19 16:02 406016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MS Installer 3.0"="setup.exe" [2004-09-15 23:00 23040 C:\WINDOWS\system32\setup.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MS Installer 3.0"="setup.exe" [2004-09-15 23:00 23040 C:\WINDOWS\system32\setup.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 23:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-16 17:17:55 67128]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-05-15 17:01:25 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Charmis\\Työpöytä\\cccc\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\nicolar\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\nicolar\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\nicolar\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TrackMania United\\TmUnited.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Acer\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Acer\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Acer\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\B2BPOKER\\Pokerium\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\B2BPOKER\\Pokerihuone\\jre\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\TrackMania United\\TmUnitedLauncher.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Steam\\SteamApps\\nicolar\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\TmUnitedForever\\TmForever.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-09-08 12:27]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-28 12:18]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-28 12:15]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\PLLUL~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-28 12:15]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-28 12:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\aoesetup.exe /autorun
\Shell\directx\command - E:\DirectX\dxsetup.exe
\Shell\dplay\command - E:\DirectX\dplay61a.exe
\Shell\dxdiag\command - E:\goodies\ar40eng.exe
\Shell\dxinfo\command - E:\goodies\DirectX\dxinfo.exe
\Shell\dxtest\command - E:\DirectX\dxdiag.exe
\Shell\dxtool\command - E:\goodies\DirectX\dxtool.exe
\Shell\log\command - E:\goodies\machine\machine.exe -l
\Shell\machine\command - E:\goodies\machine\machine.exe
\Shell\setup\command - E:\aoesetup.exe /autorun
\Shell\zone\command - E:\goodies\mszone\zoneA600.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-26 15:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-29 13:52:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 17:50:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 17:51:55
ComboFix-quarantined-files.txt 2008-05-29 14:51:52
ComboFix2.txt 2008-05-29 13:10:44

Pre-Run: 59,299,860,480 tavua vapaana
Post-Run: 59,317,600,256 tavua vapaana

217 --- E O F --- 2008-05-29 13:17:05

kalminen · May 29, 2008

Fixaa HJT:llä nämä pois käynnistymästä:
O4 - HKLM\..\Run: [MS Installer 3.0] setup.exe
O4 - HKLM\..\RunServices: [MS Installer 3.0] setup.exe

-------------------------------------------------------------------

******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
***************************************************************************

******************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
***************************************************************************

Se on sitten siinä

Ns22 · May 29, 2008

Juu, Kiitos taas. Kone toimii mainiosti.

Geffen69 · May 29, 2008

Entäs mun?:

ComboFix 08-05-29.1 - Omistaja 2008-05-29 21:21:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.524 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\winudspm.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMab573e4b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\amctevte.dll
C:\WINDOWS\system32\cbXnMCRK.dll
C:\WINDOWS\system32\DghNqBeg.ini
C:\WINDOWS\system32\DghNqBeg.ini2
C:\WINDOWS\system32\ehoenwiv.ini
C:\WINDOWS\system32\fccyyVPi.dll
C:\WINDOWS\system32\foeuaqst.ini
C:\WINDOWS\system32\iwsqpxat.dll
C:\WINDOWS\system32\khfGyxYP.dll
C:\WINDOWS\system32\KRCMnXbc.ini
C:\WINDOWS\system32\KRCMnXbc.ini2
C:\WINDOWS\system32\lpvibnii.dll
C:\WINDOWS\system32\lrfwytwf.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJDwVNH.dll
C:\WINDOWS\system32\msynkdof.dll
C:\WINDOWS\system32\opnlIYpM.dll
C:\WINDOWS\system32\otcwprlb.ini
C:\WINDOWS\system32\otqnxdgt.dll
C:\WINDOWS\system32\poejeuqj.ini
C:\WINDOWS\system32\psksmems.ini
C:\WINDOWS\system32\qlhrrctx.ini
C:\WINDOWS\system32\qoMgdCUl.dll
C:\WINDOWS\system32\qwifoiny.ini
C:\WINDOWS\system32\ruxIRqru.ini
C:\WINDOWS\system32\ruxIRqru.ini2
C:\WINDOWS\system32\taxpqswi.ini
C:\WINDOWS\system32\urqRIxur.dll
C:\WINDOWS\system32\vrpbbvtf.ini
C:\WINDOWS\system32\wxqsydap.ini
C:\WINDOWS\system32\YbcJmUvw.ini
C:\WINDOWS\system32\YbcJmUvw.ini2
C:\WINDOWS\system32\yniofiwq.dll
C:\WINDOWS\winudspm.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-28 to 2008-05-29 )))))))))))))))))
.

2008-05-29 21:08 . 2008-05-29 21:08 <KANSIO> d-------- C:\Program Files\Uniblue
2008-05-29 20:49 . 2008-05-29 20:49 133,632 --a------ C:\WINDOWS\system32\kpmblhyq.dll
2008-05-29 20:46 . 2008-05-29 20:46 2,389 --a------ C:\WINDOWS\system32\dnvqxumr.exe
2008-05-29 20:40 . 2008-05-29 20:40 116,736 --a------ C:\WINDOWS\system32\xtcrrhlq.dll
2008-05-29 20:38 . 2008-05-29 20:38 126,976 --a------ C:\WINDOWS\system32\tkeynqxh.dll
2008-05-29 19:38 . 2008-05-29 19:38 40,960 --a------ C:\dsdc.exe
2008-05-29 17:41 . 2008-05-29 17:41 2,389 --a------ C:\WINDOWS\system32\rwtbghws.exe
2008-05-29 15:55 . 2008-05-29 15:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-29 15:54 . 2008-05-29 15:54 <KANSIO> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-29 15:54 . 2008-05-29 15:54 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 15:54 . 2008-05-29 15:54 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\SUPERAntiSpyware.com
2008-05-29 15:35 . 2008-05-29 21:08 60,132 --a------ C:\ddc.exe
2008-05-29 15:14 . 2008-05-29 17:03 56,832 --a------ C:\fa.com
2008-05-29 07:28 . 2008-05-29 15:21 40,960 --a------ C:\d.exe
2008-05-28 20:26 . 2008-05-28 20:26 40,960 --a------ C:\dczi.exe
2008-05-28 19:27 . 2008-05-28 20:10 56,832 --a------ C:\sxy1.com
2008-05-28 19:21 . 2008-05-28 19:21 56,832 --a------ C:\sxy.com
2008-05-28 18:45 . 2008-05-29 16:29 3,424 --a------ C:\dci.exe
2008-05-26 12:26 . 2008-05-26 12:26 <KANSIO> d-------- C:\Documents and Settings\J„rjestelm„nvalvoja
2008-05-03 14:08 . 2008-05-03 14:16 <KANSIO> d-------- C:\Program Files\America's Army Server Manager

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 18:24 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\uTorrent
2008-05-29 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-29 18:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-29 17:03 --------- d-----w C:\Documents and Settings\Jenni\Application Data\Skype
2008-05-29 14:25 --------- d-----w C:\Documents and Settings\Jenni\Application Data\skypePM
2008-05-29 10:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 10:23 --------- d-----w C:\Program Files\Rockstar Games
2008-05-29 08:21 --------- d-----w C:\Program Files\uTorrent
2008-05-26 16:23 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2008-05-14 14:18 --------- d-----w C:\Program Files\Last.fm
2008-05-03 11:23 --------- d-----w C:\Program Files\America's Army
2008-05-03 10:57 --------- d-----w C:\Program Files\Microsoft Games
2008-04-24 09:23 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-20 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-18 14:31 --------- d-----w C:\Program Files\OGUTeam
2008-04-15 18:57 --------- d-----w C:\Program Files\LimeWire
2008-04-09 19:01 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-04-09 14:41 --------- d-----w C:\Program Files\Empire Interactive
2008-04-08 12:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-08 11:47 --------- d-----w C:\Program Files\GameSpy
2008-04-08 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-08 11:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-06 11:26 --------- d-----w C:\Program Files\ToniArts
2008-04-06 11:21 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-05 14:32 --------- d-----w C:\Program Files\Java
2008-04-05 13:49 --------- d-----w C:\Program Files\Ares
2008-04-05 13:36 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-04-03 09:19 --------- d-----w C:\Program Files\Guitar Pro 5
2008-04-01 10:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 12:46 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Sibelius Software
2008-03-31 12:43 --------- d-----w C:\Program Files\Sibelius Software
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-09 10:48 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-06 15:42 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-06 12:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-10 14:40 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 21:31 1372160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2008-04-08 10:50 219952]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2008-04-08 10:50 219952]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-11 00:46 709992]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-18 00:45 279912]
"Windows UDP Control"="winudspm.exe" []
"BMab573e4b"="C:\WINDOWS\system32\tkeynqxh.dll" [2008-05-29 20:38 126976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Omistaja^Käynnistä-valikko^Ohjelmat^Käynnistys^desktop.ini]
path=C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\Program Files\\getright\\GetRight.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"F:\\Taneli\\Asennukset\\utorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:53]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-18 00:45]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-11 00:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eefeea6-9ead-11dc-8fee-806d6172696f}]
\Shell\AutoRun\command - G:\FarCryAutoCD.exe

*Newly Created Service* - COMHOST
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-23 19:58:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:28:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"VX1000"="C:\\WINDOWS\\vVX1000.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-05-29 21:32:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 18:32:29

Pre-Run: 35,007,442,944 tavua vapaana
Post-Run: 34,911,645,696 tavua vapaana

201 --- E O F --- 2008-05-29 17:24:55

kalminen · May 30, 2008

Kyllä täällä tauhkaa on Laita HJT:n logi

Log in or Sign up

Lisää Mese viiruksia

Ns22 Guest

kalminen Regular member

Ns22 Guest

Ns22 Guest

kalminen Regular member

Ns22 Guest

kalminen Regular member

Ns22 Guest

Geffen69 Member

kalminen Regular member

Share This Page

Log in or Sign up

Lisää Mese viiruksia

Ns22 Guest

kalminen Regular member

Ns22 Guest

Ns22 Guest

kalminen Regular member

Ns22 Guest

kalminen Regular member

Ns22 Guest

Geffen69 Member

kalminen Regular member

Share This Page

Useful Searches