Messenger virus pyyhkäisee työpöydän ja käynnistä palkin pois

tavinpera · Jun 4, 2008

Elikkä ilmeisesti mesen hienona kuvaviruksena toiselle koneelle päässyt ikävä virus, joka, tosiaanki, windowssin käynnistyessä jättää näyttöön näkyviin ainoastaan taustakuvan. Sitten kaikki kuvakkeet ja alapalkki tulee näkyviin ja taas poistuu hetken kuluttua. Mitään ohjelmia ei oikeastaan voi esim. työpöydältä käynnistää, koska ne sulkeutuvat kun virus taas pyyhkäisee ruudun tyhjäksi. Ja tätä "rämpytystä" virus sitten pitää oman aikansa kunnes lopulta loppuu vilkkuminen ja jäljelle jää vain taustakuva.

Järjestelmänhallinnan ja muistitikun kautta olen sitten ajellut ernäisiä ohjelmia (antimalware, remove MSNvirus, ewido, MSNfix, SDfix yms..) tuloksetta läpi.

Tämä vilkkuminen tulee myös kun boottaa vikasietotilaan. Todella sitkeä ja hermojariistävä tapaus, johon toivon saavani täältä apuja/neuvoja.

Kiitos.

yaht · Jun 4, 2008

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

tavinpera · Jun 4, 2008

Dodii.. Eli ainakin toi vilkkuminen loppui kun ajoin ton Conbofixin.

HJT-loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53, on 2008-06-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe

Tollasta se sylki.
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AhIeBho Class - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 8.0\AHOI\ah_ie_bho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?8a2f5cba5f3942fb945d595555c85d98
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?8a2f5cba5f3942fb945d595555c85d98
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9056 bytes

Combofix.txt:
ComboFix 08-06-03.1 - Tietokonelainaamo 2008-06-04 14:27:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.224 [GMT 3:00]
Running from: C:\Documents and Settings\Tietokonelainaamo\Työpöytä\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awttsPiG.dll
C:\WINDOWS\system32\GiPsttwa.ini
C:\WINDOWS\system32\GiPsttwa.ini2

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-04 to 2008-06-04 )))))))))))))))))
.

2008-06-03 21:47 . 2008-06-03 21:47 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-06-03 21:14 . 2008-06-03 21:16 <KANSIO> d-------- C:\MSNFix
2008-06-02 14:17 . 2008-06-02 14:17 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-05-29 20:05 . 2008-05-29 20:05 <KANSIO> d-------- C:\Documents and Settings\Tietokonelainaamo\Application Data\Malwarebytes
2008-05-29 20:04 . 2008-05-29 20:05 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 20:04 . 2008-05-29 20:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 20:04 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 20:04 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 18:54 . 2008-05-29 18:59 <KANSIO> d-------- C:\Documents and Settings\J„rjestelm„nvalvoja.NKL-B952CF2BDA2
2008-05-29 18:09 . 2008-05-29 18:31 <KANSIO> d---s---- C:\Documents and Settings\J„rjestelm„nvalvoja
2008-05-29 15:31 . 2008-05-29 15:30 56,832 -r-hs---- C:\WINDOWS\winudspm.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 15:57 --------- d-----w C:\Program Files\Phun
2008-05-29 15:56 --------- d-----w C:\Program Files\Gamenext
2008-05-27 09:58 --------- d-----w C:\Documents and Settings\Tietokonelainaamo\Application Data\AdobeUM
2008-04-30 10:13 --------- d-----w C:\Program Files\Windows Live
2008-04-30 10:13 --------- d-----w C:\Documents and Settings\Tietokonelainaamo\Application Data\Windows Live Writer
2008-04-30 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-23 12:51 --------- d-----w C:\Documents and Settings\Tietokonelainaamo\Application Data\Mount&Blade
2008-04-17 17:22 61,952 ----a-w C:\f-vmonde.exe
2008-04-06 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2006-06-23 11:52 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WhenUSave"="C:\Program Files\Save\Save.exe" [ ]
"Steam"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2004-09-09 12:03 118832]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 11:57 684032]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 15:08 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
"Windows UDP Control"="winudspm.exe" [2008-05-29 15:30 56832 C:\WINDOWS\winudspm.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"C:\\Program Files\\ZoomText 8.0\\Zt8.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9212:TCP"= 9212:TCP:BitComet 9212 TCP
"9212:UDP"= 9212:UDP:BitComet 9212 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2004-11-10 15:58]
R1 Ai2sXP;Ai2sXP;C:\WINDOWS\system32\drivers\Ai2sXP.sys [2005-09-12 10:40]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2005-08-29 13:28]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 19:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2004-09-10 19:14]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 15:32]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 22:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e82f744f-1895-11da-8946-806d6172696f}]
\Shell\AutoRun\command - E:\Bin\Assetup.exe

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-04 06:50:01 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exe
"2008-06-04 11:24:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"

yaht · Jun 4, 2008

Mene ohjauspaneeliin ja avaa lisää tai poista sovellus etsi listasta WhenUSave ja poista se.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\winudspm.exe

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Elchey · Jun 4, 2008

mulla on iskeny sama homma, eli mitä mun pitäis tehä? olen ladannut hijackthis:in ja saanut login tallennettua. paitsi että mulla häviää kaikki heti alussa, eli en voi juurikaan mitään tehdä. mitään neuvoja?

tässä hjt logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:29, on 4.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\svehost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\HP_OMI~1.LUT\LOCALS~1\Temp\msprint.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\imapi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: nmwegbsf - {568053EE-18D6-4B8A-A3AD-854CF50A63F2} - C:\WINDOWS\nmwegbsf.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [Dl] C:\Program Files\svehost.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\HP_OMI~1.LUT\LOCALS~1\Temp\msprint.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: erpobmsw - {14619087-7BAF-4DFF-8F9D-B3FF3EA6B676} - C:\WINDOWS\erpobmsw.dll
O21 - SSODL: adgpfoxs - {8CE1DEBF-AB7C-4798-9C1E-726511DB2058} - C:\WINDOWS\adgpfoxs.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 11979 bytes

Elchey · Jun 4, 2008

tuo combofix ei ota toimiakseen, ainakun klikkaan sitä niin tulee virhesanoma että "suorittanut laittoman toiminnon ja se lopetetaan" : /

yaht · Jun 5, 2008

Noh koitetaan sitten tällä.

Kun olet suorittanut SDfix niin suorita myös Combofix.exe tuolla vikasietotilassa.

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

Elchey · Jun 5, 2008

noniin, elikkäs sain nämä tehtyä ja välkkyminen loppui.

tässä tuore hjt-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:16, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\svehost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {10E51069-E925-49F2-8777-E8226A40B128} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Dl] C:\Program Files\svehost.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 12713 bytes

ja tässä SDFixin raportti:

SDFix: Version 1.187
Run by HP_Omistaja on to 05.06.2008 at 10:41

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\HP_OMI~1.LUT\TYPYT~1\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\WinSecure.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 10:56:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:cf,f8,6c,a6,41,3b,18,2a,85,8d,7e,15,1a,1a,22,32,3e,bb,b4,c4,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:7f,24,8b,5a,6f,92,64,eb,9f,f2,e0,c3,e3,6a,47,94,f6,67,fe,2f,14,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d7,9a,f1,2b,cc,2f,9f,76,6b,1b,c3,ee,89,21,91,64,89,..
"khjeh"=hex:d5,87,23,4d,41,03,0b,8b,52,0b,d1,c3,99,0c,9d,b1,64,47,d5,ef,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b4,14,f4,58,c3,47,c1,8b,3a,a6,05,e7,cb,39,ab,c8,ad,97,b9,a9,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:cf,f8,6c,a6,41,3b,18,2a,85,8d,7e,15,1a,1a,22,32,3e,bb,b4,c4,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:7f,24,8b,5a,6f,92,64,eb,9f,f2,e0,c3,e3,6a,47,94,f6,67,fe,2f,14,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d7,9a,f1,2b,cc,2f,9f,76,6b,1b,c3,ee,89,21,91,64,89,..
"khjeh"=hex:d5,87,23,4d,41,03,0b,8b,52,0b,d1,c3,99,0c,9d,b1,64,47,d5,ef,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cd,0a,1e,95,29,41,ef,3f,95,fe,10,0f,a1,76,93,cf,f8,dc,62,b8,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,7e,82,cf,d2,7a,af,a1,3a,9a,33,b1,77,78,42,45,76,de,..
"hj34z0"=hex:b8,61,5c,74,35,6e,a7,03,45,0f,52,02,4a,49,56,32,6a,5f,ad,fc,19,..
"hj34z1"=hex:0e,61,5c,74,4d,6e,a7,03,44,0f,53,02,4b,49,56,32,6a,5f,ad,fc,79,..
"hj34z2"=hex:0e,61,5c,74,4d,6e,a7,03,44,0f,53,02,4b,49,56,32,6a,5f,ad,fc,79,..
"hj34z3"=hex:0e,61,5c,74,4d,6e,a7,03,44,0f,53,02,4b,49,56,32,6a,5f,ad,fc,79,..
"hj34z4"=hex:0e,61,5c,74,4d,6e,a7,03,44,0f,53,02,4b,49,56,32,6a,5f,ad,fc,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:4555052d
"s2"=dword:744c9d22
"h0"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:cf,f8,6c,a6,41,3b,18,2a,85,8d,7e,15,1a,1a,22,32,3e,bb,b4,c4,2d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:33,bc,11,aa,29,c0,c3,6b,f5,de,c3,7f,77,ff,25,ef,8b,d0,91,87,63,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,34,e4,39,3b,4f,d9,18,c0,54,ba,6c,79,48,40,f5,c7,da,..
"hdf12"=hex:59,d8,e5,36,6d,c4,2f,45,36,62,b7,72,93,0a,d0,c6,b9,87,fc,59,9e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:05,bd,12,c3,e8,63,27,83,1b,21,04,03,a8,13,d3,4b,b3,43,d9,c0,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:bf,94,da,e3,2b,35,f9,76,13,fc,42,4a,cf,86,56,b7,26,63,7e,83,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:cf,f8,6c,a6,41,3b,18,2a,85,8d,7e,15,1a,1a,22,32,3e,bb,b4,c4,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:33,bc,11,aa,29,c0,c3,6b,f5,de,c3,7f,77,ff,25,ef,8b,d0,91,87,63,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,34,e4,39,3b,4f,d9,18,c0,54,ba,6c,79,48,40,f5,c7,da,..
"hdf12"=hex:59,d8,e5,36,6d,c4,2f,45,36,62,b7,72,93,0a,d0,c6,b9,87,fc,59,9e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:05,bd,12,c3,e8,63,27,83,1b,21,04,03,a8,13,d3,4b,b3,43,d9,c0,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:bf,94,da,e3,2b,35,f9,76,13,fc,42,4a,cf,86,56,b7,26,63,7e,83,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:cf,f8,6c,a6,41,3b,18,2a,85,8d,7e,15,1a,1a,22,32,3e,bb,b4,c4,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:33,bc,11,aa,29,c0,c3,6b,f5,de,c3,7f,77,ff,25,ef,8b,d0,91,87,63,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,34,e4,39,3b,4f,d9,18,c0,54,ba,6c,79,48,40,f5,c7,da,..
"hdf12"=hex:59,d8,e5,36,6d,c4,2f,45,36,62,b7,72,93,0a,d0,c6,b9,87,fc,59,9e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:05,bd,12,c3,e8,63,27,83,1b,21,04,03,a8,13,d3,4b,b3,43,d9,c0,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:bf,94,da,e3,2b,35,f9,76,13,fc,42,4a,cf,86,56,b7,26,63,7e,83,bc,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="04E821E800EED73CA2209052292778FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558EDD5E5BE2F6E667C038D530D6EB34521D3B397CEEC7290194209E232EB7F2F3E3492B0C51109D0D4E8BF04BC491BE6E18158B227459EC1E7195962A6098926A3A07EE0102D69D698FF1CB8E8B4DFC01AECF1E55EC4CEA81277C49D329B10B4F5831A4FD856D569FBF1352B47D9959421F5261630BA1BBF969DA4519C37623EA068E17C139D8DB8F5D97AC663C2C554BBAC4F9FDD95DEFFAFEF94CD2BC5D19A8A02A44F1D1A0374078EBB43140BCE75AE716C13DB48B0A1C4368D2C177609B999753DF17D4CFE5D7B8417C065689FAD12174C19ACD380116A5F7030AA87D4F706F1D4E9C9CF65824558AC4BA9D52ECB676D6BDF4A876C049A840BA31D93A4B06405F2C535828F4971DFE870809DA8F3386F6A88E1E5A2739E3998AA4E9991CD6B63447F00BFC12C4EF1D6E0C616C27968A51AC0D5B7D870B83A3B8318A29438013FA218C0B10FEE6C223DAC7435471D04CA5237BE000A98B463FBE8DBF7633482958F1A10401FB5821955D211B631978A87BA049840147A8FD934A4FE493D396E1302392F3F3BE9CA63EC0E0B0ECC148939A66C66E2790F3140ABB70A8970176B8B15423AD106F5784A67F361ACA809C92116EAB1B9B28270451AA538A1E0C98BE49D67B58012B5180A148AF42D9DFF840AE65925A0D251B5BDBDEB9E0C438CF962AB1A7EE760477F340FEC3E9795E82CA88AA78D22C12CF3DDED54BD62E3D157BCC20983FA4FDD94C5E3B4D250EEC02737A54C1FB2EEDE6E254C193E881C604B6EB0EA26DC1912F091549085B817367911FA93224CEACA8957C09816AE8765B2A0622FDEE8BAC50C145A69648C049C38F57A7776949B4FE37D643E8FE1360014A5E2F470F40B0B820930A7DFA3BBE4CEB4A7F9C4461E17938AB4002A0338AFB1F7D427EEC24710ADDE8572558E6155C38DE1417F9DA81CAA1047E661F00F1F7C32C1888F97E3A8850EF2DDD97BA82701A4500BB2980D8490DAD36161B3307C46A7CA3AE7F1BC41EDA1A59D6C435B02B4DEA0E45C29F9C712CBBD0750A8C2ED6D53F8C1B164944D7F51A60264055BDD12087BFD1898AF960BF0569CAB5CD3D455F0CAC602DDC5E6530E8F8C4BBA03B4F721449E399950E5A21A154C23CBD82CD723E91F0872EA91D2BC30F90C1A0B0B0BDCD93E1DC9BECC4BAF0166A8E273ECD8F767F27BB98B5F51BA8414A2C6096290BB3BA9615791E2C8B94E638F459224ACB15EB3EB57B828E4ADCE4982B715B8CF78D0FAFD7919B3E2773368106A6596C4EC381D5B23904A7946880844367E156B66315C00DC854CE3537A48231E47C7DD3EB1F7446BB25A4EC18CFF94ADCFE240F"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Joona\\MOHPA\\mohpa.exe"="C:\\Joona\\MOHPA\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"="C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe:*:Enabled:F-Secure Internet Security 2005"
"C:\\Program Files\\F-Secure Internet Securit\\backweb\\4476822\\Program\\fspex.exe"="C:\\Program Files\\F-Secure Internet Securit\\backweb\\4476822\\Program\\fspex.exe:*:Enabled:F-Secure Internet Security 2005"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\strong dc++\\StrongDC.exe"="C:\\Program Files\\strong dc++\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\HP_Omistaja\\Application Data\\Opera\\opera 8.0\\profile\\cache4\\temporary_download\\utorrent.exe"="C:\\Documents and Settings\\HP_Omistaja\\Application Data\\Opera\\opera 8.0\\profile\\cache4\\temporary_download\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Documents and Settings\\HP_Omistaja\\Ty”p”yt„\\utorrent-1.exe"="C:\\Documents and Settings\\HP_Omistaja\\Ty”p”yt„\\utorrent-1.exe:*:Enabled:utorrent-1"
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"="C:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:EnabledC++"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Ohjattu tiedostojen ja asetusten siirt„minen"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Documents and Settings\\HP_Omistaja\\Ty”p”yt„\\utorrent.exe"="C:\\Documents and Settings\\HP_Omistaja\\Ty”p”yt„\\utorrent.exe:*:Enabled:utorrent"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Joona\\red faction\\RedFaction.exe"="C:\\Joona\\red faction\\RedFaction.exe:*:Enabled:Red Faction Launcher"
"C:\\Joona\\red faction\\rf.exe"="C:\\Joona\\red faction\\rf.exe:*:Enabled:Red Faction"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Documents and Settings\\HP_Omistaja\\Ty”p”yt„\\utorrent 1.6.1.exe"="C:\\Documents and Settings\\HP_Omistaja\\Ty”p”yt„\\utorrent 1.6.1.exe:*:Enabled:utorrent 1.6.1"
"C:\\Documents and Settings\\HP_Omistaja\\Ty”p”yt„\\WinMX.exe"="C:\\Documents and Settings\\HP_Omistaja\\Ty”p”yt„\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Opera\\opera 8.0\\Opera.exe"="C:\\Program Files\\Opera\\opera 8.0\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\BitZip\\bitzip.exe"="C:\\Program Files\\BitZip\\bitzip.exe:*:Enabled:bitzip"
"C:\\Program Files\\Kerio\\Personal Firewall\\PERSFW.exe"="C:\\Program Files\\Kerio\\Personal Firewall\\PERSFW.exe:*:Enabled:Kerio Personal Firewall Engine"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Suorita DLL sovelluksena"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"="C:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\TeleWell ADSL Configuration Tool\\ADSLU.exe"="C:\\Program Files\\TeleWell ADSL Configuration Tool\\ADSLU.exe:*:Enabled:ADSLU"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\HP_OMI~1.LUT\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Fri 4 Feb 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 4 Feb 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Tue 10 Oct 2006 410,045 A.SH. --- "C:\WINDOWS\system32\qpqss.bak1"
Fri 20 Oct 2006 411,879 A.SH. --- "C:\WINDOWS\system32\qpqss.bak2"

Finished!

yaht · Jun 5, 2008

KOitas viellä tuota Combofix.exe siellä vikasietotilassa.

Elchey · Jun 5, 2008

Tässäpä tämä Combofixin raportti:

ComboFix 08-06-03.4 - HP_Omistaja 2008-06-05 14:40:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.979 [GMT 3:00]
Running from: C:\Documents and Settings\HP_Omistaja.LUTTINEN\Työpöytä\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\common\lib\ioloHL.dll

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Omistaja\Application Data\Dxcdmns.dll
C:\Documents and Settings\HP_Omistaja\Application Data\Dxcknwrd.dll
C:\Documents and Settings\HP_Omistaja\err.log
C:\Program Files\Common Files\{38A15~1
C:\Program Files\Common Files\{38A15~1\Uninst.exe
C:\Program Files\Common Files\{58A15~1
C:\Program Files\Common Files\{58A15~2
C:\Program Files\Common Files\cloader
C:\Program Files\Common Files\cloader\32vegas\logos\32vegas_Logo.ico
C:\Program Files\Common Files\cloader\32vegas\logos\Interop.IWshRuntimeLibrary.dll
C:\Program Files\Common Files\misc002
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\tmp25.tmp
C:\WINDOWS\system32\tmp26.tmp
C:\WINDOWS\system32\VvGilUvw.ini
C:\WINDOWS\system32\VvGilUvw.ini2

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-05 to 2008-06-05 )))))))))))))))))
.

2008-06-05 10:33 . 2008-06-05 10:34 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-06-04 22:39 . 2008-06-04 22:39 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 22:39 . 2008-06-04 22:39 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\Malwarebytes
2008-06-04 22:39 . 2008-06-04 22:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 22:39 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 22:39 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 22:35 . 2008-06-04 22:35 106 --a------ C:\delete.bat
2008-06-04 21:49 . 2008-06-04 21:49 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-04 21:42 . 2008-06-04 19:36 94,208 --a------ C:\WINDOWS\erlg.exe
2008-06-04 21:16 . 2008-06-04 22:01 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-06-04 20:59 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-06-04 20:57 . 2008-06-04 20:57 <KANSIO> d-------- C:\Program Files\ESET
2008-06-04 19:29 . 2008-06-04 19:29 <KANSIO> d-------- C:\Program Files\ToniArts
2008-06-04 19:09 . 2008-06-04 20:40 77,177 --a------ C:\Program Files\svehost.exe
2008-06-04 11:10 . 2008-06-04 11:13 885,248 --a------ C:\WINDOWS\system32\msupdte.exe
2008-06-02 22:41 . 2008-06-02 22:50 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-06-02 21:53 . 2008-06-02 21:53 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\ESET
2008-06-02 21:51 . 2008-06-02 21:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-02 20:53 . 2007-09-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-06-02 20:04 . 2008-06-02 20:07 4,847 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-02 19:27 . 2008-06-02 19:27 <KANSIO> d-------- C:\IPSDEF
2008-06-02 17:49 . 2008-06-02 17:49 <KANSIO> d-------- C:\Program Files\Microsoft SDKs
2008-06-02 17:49 . 2008-06-02 17:49 <KANSIO> d-------- C:\Program Files\Common Files\Merge Modules
2008-06-02 17:38 . 2008-06-02 17:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-02 17:37 . 2008-06-02 20:27 <KANSIO> d-------- C:\Program Files\ATI Technologies
2008-06-02 14:05 . 2008-06-02 14:05 <KANSIO> d-------- C:\Program Files\Radeon Omega Drivers
2008-05-30 08:46 . 2007-10-25 19:56 29,140,992 --a------ C:\WINDOWS\system32\shell32(3).dll
2008-05-30 08:40 . 2008-05-30 08:41 <KANSIO> d-------- C:\4cbfe2777d44cbccfaf14c426f
2008-05-23 16:07 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(5).dll
2008-05-23 16:07 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(4).dll
2008-05-23 16:07 . 2006-11-27 17:54 539,136 --a------ C:\WINDOWS\system32\msftedit(2).dll
2008-05-23 16:07 . 2004-09-15 15:00 351,232 --a------ C:\WINDOWS\system32\winhttp(5).dll
2008-05-23 16:07 . 2004-09-15 15:00 351,232 --a------ C:\WINDOWS\system32\winhttp(4).dll
2008-05-23 15:59 . 2008-05-23 16:01 <KANSIO> d-------- C:\d858429ec26ace7952
2008-05-22 15:10 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(7).dll
2008-05-22 15:10 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(6).dll
2008-05-22 15:10 . 2006-11-27 17:54 539,136 --a------ C:\WINDOWS\system32\msftedit(3).dll
2008-05-22 15:01 . 2008-05-22 15:03 <KANSIO> d-------- C:\50eb6c55dc40b3fe68
2008-05-21 21:00 . 2007-10-25 19:56 29,140,992 --a------ C:\WINDOWS\system32\shell32(9).dll
2008-05-21 16:28 . 2007-08-10 08:17 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-05-21 16:23 . 2007-10-25 19:56 29,140,992 --a------ C:\WINDOWS\system32\shell32(10).dll
2008-05-21 16:22 . 2004-09-15 15:00 2,957,312 --a------ C:\WINDOWS\system32\wmploc.dll
2008-05-21 15:44 . 2008-05-30 08:41 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-19 13:59 . 2008-05-19 14:00 <KANSIO> d-------- C:\WINDOWS\Packs
2008-05-16 19:11 . 2008-05-21 13:00 <KANSIO> d-------- C:\Program Files\WinAce
2008-05-12 14:31 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-12 14:31 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-12 14:31 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-12 14:31 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-12 14:31 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-12 14:31 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-12 14:31 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-12 14:31 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-12 14:31 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-08 21:49 . 2008-05-21 13:02 3,532 --a------ C:\drmHeader.bin
2008-05-08 14:12 . 2008-05-08 14:12 <KANSIO> d--hs---- C:\Documents and Settings\HP_Omistaja.LUTTINEN\UserData

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 11:46 --------- d-----w C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\uTorrent
2008-06-04 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-02 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-06-02 17:07 52,095 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-06-02 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-02 16:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-02 14:49 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-06-02 14:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:38 --------- d-----w C:\Program Files\Eidos
2008-05-21 10:12 --------- d-----w C:\Program Files\DivX
2008-05-12 17:44 4,608 --sha-w C:\Program Files\Thumbs.db
2008-05-11 09:31 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-10 08:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-06 13:30 --------- d-----w C:\Program Files\ImTOO
2008-05-06 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-26 09:45 --------- d-----w C:\Program Files\directx
2008-04-24 10:47 --------- d-----w C:\Program Files\Styler
2008-04-21 14:39 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-04-21 14:32 --------- d-----w C:\Program Files\Realtek
2008-04-21 14:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-19 12:31 --------- d-----w C:\Program Files\EasyDVDShrink
2008-04-19 07:23 --------- d-----w C:\Program Files\RevConnect
2008-04-17 13:04 --------- d-----w C:\Program Files\DC++
2008-04-10 07:24 --------- d-----w C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\ViStart
2008-04-10 07:16 --------- d-----w C:\Program Files\WinFlip
2008-04-10 07:16 --------- d-----w C:\Program Files\TrueTransparency
2008-04-10 07:16 --------- d-----w C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\Styler
2008-04-07 15:41 --------- d-----w C:\Program Files\The KMPlayer
2008-04-06 15:57 --------- d-----w C:\Program Files\Kantaris
2008-03-26 14:14 16,859,136 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-03-05 16:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2007-12-16 13:08 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-22 16:18 51,136 ----a-w C:\Documents and Settings\HP_Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2007-08-08 07:56 20,792 ----a-w C:\Program Files\toolbar.bmp
.

------- Sigcheck -------

2004-09-29 21:46 656896 227301ed5bfae23c96e41e71871e77c6 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 20:12 657920 9f621aa8e09012a4566480eda61c368c C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 23:58 658944 75eea34c4afd5a983f5e6b660e5f1da2 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 10:48 657920 59217f091df07b7e4fc52d2c2f97cedd C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-03 03:08 660480 2983c9ae18e389c328a349f572f1aaad C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-03 05:11 659456 042e7a572b55af4b7d11a6a8a5179f8c C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-21 06:39 661504 27c407d0527b18201f1f2927d39b246f C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 06:58 663552 0b5f9971aa3522edeca79fd34619652f C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 08:27 663552 c4e5a8f0cdeb3ae634ec96b5c5a5715e C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 14:25 664576 ed19f0e21afc6ad5f7b206be851f662b C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 11:37 664576 f24d8577ec89d6ad405ea85eb51285d7 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2007-03-23 12:29 823296 462f189562635461bd5f6917a0bbb3fc C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 11:29 823808 c44d048452288b8e3d0d0c6668fec649 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 17:15 824320 2733e526118d99b6e034d8c4edd4d11e C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 12:50 825344 576cda8ff35c88b4e53acc9247bb4ba6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 02:23 825344 97448c39d6185a4514dda6c6a861a4e6 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 04:42 825344 4551eb7ab420af3db7eabd5a83c8100c C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-02-16 12:32 666112 881fa37655bb51812725127bdb3ade46 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-03-01 15:35 827392 62b193606f56d6ceab6704af6a45774f C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-01-22 02:26 589312 8608299672e6e6440e879314effc07e7 C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\wininet.dll
2004-09-15 15:00 656384 24965d454199a92ee14f2f0e4374f89c C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 12:02 659456 c8a0e7dfdabfe96394fa4a739c193a10 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 16:32 822784 a316582e09c465750ed9061307004e50 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 10:40 822784 d75ec9b36ec9d617906859341be701df C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 17:06 1339904 ceb059ba4bdae7dc07694d14ee55f3ac C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 12:59 824832 5a88886d5958af9309b517897d02260c C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 05:14 824832 d0d4908912f67aad4cc6e8b0b1df39c9 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2007-12-07 05:14 824832 d0d4908912f67aad4cc6e8b0b1df39c9 C:\WINDOWS\SoftwareDistribution\Download.old\db60c959bf9ebe869557fc7e6d0ffbf9\SP2GDR\wininet.dll
2007-12-07 04:42 825344 4551eb7ab420af3db7eabd5a83c8100c C:\WINDOWS\SoftwareDistribution\Download.old\db60c959bf9ebe869557fc7e6d0ffbf9\SP2QFE\wininet.dll
2008-03-01 16:01 826368 a593abdc028e8ef0137ea953f84704b1 C:\WINDOWS\SoftwareDistribution\Download.old\e5ec8653cde82bf774bd3f2e4fb1b3c3\SP2GDR\wininet.dll
2008-03-01 15:35 827392 62b193606f56d6ceab6704af6a45774f C:\WINDOWS\SoftwareDistribution\Download.old\e5ec8653cde82bf774bd3f2e4fb1b3c3\SP2QFE\wininet.dll
2008-04-14 19:11 666112 805df36832d972480e4ec8adc5a85c9b C:\WINDOWS\SoftwareDistribution\Download.old\e931f3c00b4c04354823a05f49f16b2a\wininet.dll
2008-03-01 16:01 1260544 90af8190a19652bd9cbed351e4fbf274 C:\WINDOWS\system32\wininet.dll
2008-03-01 16:01 1260544 90af8190a19652bd9cbed351e4fbf274 C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-13 16:22 3195904 3ee7fa6f9154a47c2ad73cdc2bceb9d1 C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-15 15:00 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 19:12 1034240 0c35f47295002f8a06419744e945d670 C:\WINDOWS\SoftwareDistribution\Download.old\e931f3c00b4c04354823a05f49f16b2a\explorer.exe
2007-06-13 16:22 3195904 3ee7fa6f9154a47c2ad73cdc2bceb9d1 C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 23:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-21 22:43 219952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 19:30 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 16:08 136136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 09:35 36352]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 19:00 55368]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 03:05 200704]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-25 22:13 180269]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-12-04 12:58 675840]
"DaemonTools_WhenUSave_Installer"="C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe" [ ]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-04-04 12:32 725352]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 17:26 2808832 C:\WINDOWS\alcwzrd.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 04:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"Dl"="C:\Program Files\svehost.exe" [2008-06-04 20:40 77177]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.MJPG"= pvmjpg21.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12247:TCP"= 12247:TCP:BitComet 12247 TCP
"12247:UDP"= 12247:UDP:BitComet 12247 UDP
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 10:55]
R1 BUFADPT;BUFADPT;C:\WINDOWS\System32\BUFADPT.SYS [2004-03-31 07:31]
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R2 PCTWPASV;SoftAP WPA Authenticator Service;"C:\Program Files\Arcadyan Wireless\pctwpasv.exe" [2004-01-30 14:59]
R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-29 23:29]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-12-08 14:57]
S3 CA504AV;GSmart Mini 2 WDM Video Capture;C:\WINDOWS\system32\Drivers\4MAV.SYS [2002-03-09 11:10]
S3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-23 21:34]
S3 ESSIDSET;ESSIDSET;C:\WINDOWS\System32\ESSIDSET.SYS [2004-03-31 07:32]
S3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-27 19:49]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 09:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 09:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 09:05]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-01-19 15:37]
S3 zlportio;zlportio;C:\Documents and Settings\HP_Omistaja\Työpöytä\ultrastar\zlportio.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4991b02-ceef-11db-91ca-00112f9242d4}]
\Shell\AutoRun\command - O:\setup.exe

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-02 08:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 15:06:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203349155.job"
- C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-04-06 08:59:25 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 14:48:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-06-05 14:55:05 - machine was rebooted [HP_Omistaja]
ComboFix-quarantined-files.txt 2008-06-05 11:54:57

Pre-Run: 16,785,002,496 tavua vapaana
Post-Run: 19,221,331,968 tavua vapaana

345 --- E O F --- 2008-06-02 16:22:57

tavinpera · Jun 5, 2008

Eli tässä olisi mun uusimmat.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:10, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AhIeBho Class - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 8.0\AHOI\ah_ie_bho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\system32\tuvVljkl.dll (file missing)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E540945D-7B98-474C-A496-060C6BB1B9F9} - C:\WINDOWS\system32\ssqOGWnM.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?8a2f5cba5f3942fb945d595555c85d98
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?8a2f5cba5f3942fb945d595555c85d98
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: tuvVljkl - tuvVljkl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8952 bytes

Combofix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:10, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AhIeBho Class - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 8.0\AHOI\ah_ie_bho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\system32\tuvVljkl.dll (file missing)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E540945D-7B98-474C-A496-060C6BB1B9F9} - C:\WINDOWS\system32\ssqOGWnM.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?8a2f5cba5f3942fb945d595555c85d98
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?8a2f5cba5f3942fb945d595555c85d98
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Tietokonelainaamo\Työpöytä\Aleksin kansio\BitCOmet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: tuvVljkl - tuvVljkl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8952 bytes

Elchey · Jun 6, 2008

onko mulla nuitten raporttien kannalta katottuna nyt niinku puhdas? ..toivottavasti.

yaht · Jun 6, 2008

Viellä on poistettavaa.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\system32\msupdte.exe
C:\Program Files\svehost.exe
C:\WINDOWS\service.exe

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\WINDOWS\system32\tuvVljkl.dll (file missing)
O4 - HKLM\..\Run: [Windows svchost] service.exe
O20 - Winlogon Notify: tuvVljkl - tuvVljkl.dll (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Noiden ohjeiden jälkeen aja tämä ohjelma.

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

Elchey · Jun 7, 2008

dodi, elikkäs oon ajanut tässä virustarkistukset sekä nuo ohjelmat pari kertaa ennenkuin huomasin vastauksen, ja nyt tein nämä. Tiedostoja ei enää löytynyt hijackthis.illä. ilmeisesti poistunut? Tässä kuitenkin combofixin ja hjt-logi.,

ComboFix 08-06-06.6 - HP_Omistaja 2008-06-07 16:20:08.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.975 [GMT 3:00]
Running from: C:\Documents and Settings\HP_Omistaja.LUTTINEN\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Omistaja.LUTTINEN\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\svehost.exe
C:\WINDOWS\service.exe
C:\WINDOWS\system32\msupdte.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-07 01:26 . 2008-06-07 01:26 <KANSIO> d-------- C:\Program Files\Avira
2008-06-07 01:26 . 2008-06-07 01:26 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-06 14:48 . 2008-06-06 14:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-06 14:47 . 2008-06-06 14:47 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-06 12:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-06 12:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-06 12:45 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-06 02:01 . 2008-06-06 13:06 52,736 --a------ C:\WINDOWS\system32\blphcreaj0e3ac.scr
2008-06-06 01:09 . 2008-06-06 01:09 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-06-06 01:06 . 2007-07-25 09:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-06-05 15:37 . 2008-06-05 15:37 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\shcteaj0e3ac
2008-06-05 15:36 . 2008-06-06 13:06 90,838 --a------ C:\WINDOWS\system32\phcreaj0e3ac.bmp
2008-06-05 10:33 . 2008-06-05 10:34 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-06-04 22:39 . 2008-06-04 22:39 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 22:39 . 2008-06-04 22:39 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\Malwarebytes
2008-06-04 22:39 . 2008-06-04 22:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 22:39 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 22:39 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 21:49 . 2008-06-04 21:49 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-04 21:42 . 2008-06-04 19:36 94,208 --a------ C:\WINDOWS\erlg.exe
2008-06-04 21:16 . 2008-06-04 22:01 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-06-04 19:29 . 2008-06-04 19:29 <KANSIO> d-------- C:\Program Files\ToniArts
2008-06-02 22:41 . 2008-06-02 22:50 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-06-02 21:53 . 2008-06-02 21:53 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\ESET
2008-06-02 21:51 . 2008-06-02 21:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-02 20:53 . 2007-09-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-06-02 20:04 . 2008-06-02 20:07 4,847 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-02 19:27 . 2008-06-02 19:27 <KANSIO> d-------- C:\IPSDEF
2008-06-02 17:49 . 2008-06-02 17:49 <KANSIO> d-------- C:\Program Files\Microsoft SDKs
2008-06-02 17:49 . 2008-06-02 17:49 <KANSIO> d-------- C:\Program Files\Common Files\Merge Modules
2008-06-02 17:38 . 2008-06-02 17:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-02 17:37 . 2008-06-02 20:27 <KANSIO> d-------- C:\Program Files\ATI Technologies
2008-06-02 14:05 . 2008-06-02 14:05 <KANSIO> d-------- C:\Program Files\Radeon Omega Drivers
2008-05-30 08:46 . 2007-10-25 19:56 29,140,992 --a------ C:\WINDOWS\system32\shell32(3).dll
2008-05-30 08:40 . 2008-05-30 08:41 <KANSIO> d-------- C:\4cbfe2777d44cbccfaf14c426f
2008-05-23 16:07 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(5).dll
2008-05-23 16:07 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(4).dll
2008-05-23 16:07 . 2006-11-27 17:54 539,136 --a------ C:\WINDOWS\system32\msftedit(2).dll
2008-05-23 16:07 . 2004-09-15 15:00 351,232 --a------ C:\WINDOWS\system32\winhttp(5).dll
2008-05-23 16:07 . 2004-09-15 15:00 351,232 --a------ C:\WINDOWS\system32\winhttp(4).dll
2008-05-23 15:59 . 2008-05-23 16:01 <KANSIO> d-------- C:\d858429ec26ace7952
2008-05-22 15:10 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(7).dll
2008-05-22 15:10 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(6).dll
2008-05-22 15:10 . 2006-11-27 17:54 539,136 --a------ C:\WINDOWS\system32\msftedit(3).dll
2008-05-22 15:01 . 2008-05-22 15:03 <KANSIO> d-------- C:\50eb6c55dc40b3fe68
2008-05-21 21:00 . 2007-10-25 19:56 29,140,992 --a------ C:\WINDOWS\system32\shell32(9).dll
2008-05-21 16:28 . 2007-08-10 08:17 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-05-21 16:23 . 2007-10-25 19:56 29,140,992 --a------ C:\WINDOWS\system32\shell32(10).dll
2008-05-21 16:22 . 2004-09-15 15:00 2,957,312 --a------ C:\WINDOWS\system32\wmploc.dll
2008-05-21 15:44 . 2008-05-30 08:41 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-19 13:59 . 2008-05-19 14:00 <KANSIO> d-------- C:\WINDOWS\Packs
2008-05-16 19:11 . 2008-05-21 13:00 <KANSIO> d-------- C:\Program Files\WinAce
2008-05-12 14:31 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-12 14:31 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-12 14:31 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-12 14:31 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-12 14:31 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-12 14:31 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-12 14:31 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-12 14:31 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-12 14:31 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-08 21:49 . 2008-05-21 13:02 3,532 --a------ C:\drmHeader.bin
2008-05-08 14:12 . 2008-05-08 14:12 <KANSIO> d--hs---- C:\Documents and Settings\HP_Omistaja.LUTTINEN\UserData

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 13:23 --------- d-----w C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\uTorrent
2008-06-06 22:22 --------- d-----w C:\Program Files\iolo
2008-06-06 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-06-06 09:45 --------- d-----w C:\Program Files\Java
2008-06-04 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-02 17:07 52,095 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-06-02 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-02 16:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-02 14:49 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-06-02 14:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:38 --------- d-----w C:\Program Files\Eidos
2008-05-22 10:58 49,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\PCHI18N.dll
2008-05-22 10:58 4,096 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\winverifytrustwrapper.dll
2008-05-22 10:58 36,864 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\jsharpde\gnu.dll
2008-05-22 10:58 315,392 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\jsharpde\pchmsxml.dll
2008-05-22 10:58 155,877 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\jsharpde\js.zip
2008-05-21 10:12 --------- d-----w C:\Program Files\DivX
2008-05-12 17:44 4,608 --sha-w C:\Program Files\Thumbs.db
2008-05-11 09:31 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-10 08:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-06 13:30 --------- d-----w C:\Program Files\ImTOO
2008-05-06 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-26 09:45 --------- d-----w C:\Program Files\directx
2008-04-24 10:47 --------- d-----w C:\Program Files\Styler
2008-04-21 14:39 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-04-21 14:32 --------- d-----w C:\Program Files\Realtek
2008-04-21 14:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-19 12:31 --------- d-----w C:\Program Files\EasyDVDShrink
2008-04-19 07:23 --------- d-----w C:\Program Files\RevConnect
2008-04-17 13:04 --------- d-----w C:\Program Files\DC++
2008-04-14 16:12 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-10 07:24 --------- d-----w C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\ViStart
2008-04-10 07:16 --------- d-----w C:\Program Files\WinFlip
2008-04-10 07:16 --------- d-----w C:\Program Files\TrueTransparency
2008-04-10 07:16 --------- d-----w C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\Styler
2008-04-07 15:41 --------- d-----w C:\Program Files\The KMPlayer
2008-03-26 14:14 16,859,136 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-16 13:08 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-22 16:18 51,136 ----a-w C:\Documents and Settings\HP_Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2007-08-08 07:56 20,792 ----a-w C:\Program Files\toolbar.bmp
.

------- Sigcheck -------

2004-09-29 21:46 656896 227301ed5bfae23c96e41e71871e77c6 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 20:12 657920 9f621aa8e09012a4566480eda61c368c C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 23:58 658944 75eea34c4afd5a983f5e6b660e5f1da2 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 10:48 657920 59217f091df07b7e4fc52d2c2f97cedd C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-03 03:08 660480 2983c9ae18e389c328a349f572f1aaad C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-03 05:11 659456 042e7a572b55af4b7d11a6a8a5179f8c C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-21 06:39 661504 27c407d0527b18201f1f2927d39b246f C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 06:58 663552 0b5f9971aa3522edeca79fd34619652f C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 08:27 663552 c4e5a8f0cdeb3ae634ec96b5c5a5715e C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 14:25 664576 ed19f0e21afc6ad5f7b206be851f662b C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 11:37 664576 f24d8577ec89d6ad405ea85eb51285d7 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2007-03-23 12:29 823296 462f189562635461bd5f6917a0bbb3fc C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 11:29 823808 c44d048452288b8e3d0d0c6668fec649 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 17:15 824320 2733e526118d99b6e034d8c4edd4d11e C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 12:50 825344 576cda8ff35c88b4e53acc9247bb4ba6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 02:23 825344 97448c39d6185a4514dda6c6a861a4e6 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 04:42 825344 4551eb7ab420af3db7eabd5a83c8100c C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-02-16 12:32 666112 881fa37655bb51812725127bdb3ade46 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-03-01 15:35 827392 62b193606f56d6ceab6704af6a45774f C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-01-22 02:26 589312 8608299672e6e6440e879314effc07e7 C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\wininet.dll
2004-09-15 15:00 656384 24965d454199a92ee14f2f0e4374f89c C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 12:02 659456 c8a0e7dfdabfe96394fa4a739c193a10 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 16:32 822784 a316582e09c465750ed9061307004e50 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 10:40 822784 d75ec9b36ec9d617906859341be701df C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 17:06 1339904 ceb059ba4bdae7dc07694d14ee55f3ac C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 12:59 824832 5a88886d5958af9309b517897d02260c C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 05:14 824832 d0d4908912f67aad4cc6e8b0b1df39c9 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2007-12-07 05:14 824832 d0d4908912f67aad4cc6e8b0b1df39c9 C:\WINDOWS\SoftwareDistribution\Download.old\db60c959bf9ebe869557fc7e6d0ffbf9\SP2GDR\wininet.dll
2007-12-07 04:42 825344 4551eb7ab420af3db7eabd5a83c8100c C:\WINDOWS\SoftwareDistribution\Download.old\db60c959bf9ebe869557fc7e6d0ffbf9\SP2QFE\wininet.dll
2008-03-01 16:01 826368 a593abdc028e8ef0137ea953f84704b1 C:\WINDOWS\SoftwareDistribution\Download.old\e5ec8653cde82bf774bd3f2e4fb1b3c3\SP2GDR\wininet.dll
2008-03-01 15:35 827392 62b193606f56d6ceab6704af6a45774f C:\WINDOWS\SoftwareDistribution\Download.old\e5ec8653cde82bf774bd3f2e4fb1b3c3\SP2QFE\wininet.dll
2008-04-14 19:11 666112 805df36832d972480e4ec8adc5a85c9b C:\WINDOWS\SoftwareDistribution\Download.old\e931f3c00b4c04354823a05f49f16b2a\wininet.dll
2008-03-01 16:01 1260544 90af8190a19652bd9cbed351e4fbf274 C:\WINDOWS\system32\wininet.dll
2008-03-01 16:01 1260544 90af8190a19652bd9cbed351e4fbf274 C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-13 16:22 3195904 3ee7fa6f9154a47c2ad73cdc2bceb9d1 C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-15 15:00 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 19:12 1034240 0c35f47295002f8a06419744e945d670 C:\WINDOWS\SoftwareDistribution\Download.old\e931f3c00b4c04354823a05f49f16b2a\explorer.exe
2007-06-13 16:22 3195904 3ee7fa6f9154a47c2ad73cdc2bceb9d1 C:\WINDOWS\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 23:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-21 22:43 219952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 19:30 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 16:08 136136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 09:35 36352]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 19:00 55368]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 03:05 200704]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-25 22:13 180269]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-12-04 12:58 675840]
"DaemonTools_WhenUSave_Installer"="C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 17:26 2808832 C:\WINDOWS\alcwzrd.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 04:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"Dl"="C:\Program Files\svehost.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\HP_Omistaja.LUTTINEN\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 23:47:48 344064]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 15:20:14 180224]
Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 15:41:10 90112]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
hp psc 1000 series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe [2003-04-09 19:21:38 147456]
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-09 19:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.MJPG"= pvmjpg21.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkq06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx74.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12247:TCP"= 12247:TCP:BitComet 12247 TCP
"12247:UDP"= 12247:UDP:BitComet 12247 UDP
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 10:55]
R1 BUFADPT;BUFADPT;C:\WINDOWS\System32\BUFADPT.SYS [2004-03-31 07:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 PCTWPASV;SoftAP WPA Authenticator Service;"C:\Program Files\Arcadyan Wireless\pctwpasv.exe" [2004-01-30 14:59]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-29 23:29]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-12-08 14:57]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S3 CA504AV;GSmart Mini 2 WDM Video Capture;C:\WINDOWS\system32\Drivers\4MAV.SYS [2002-03-09 11:10]
S3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-23 21:34]
S3 ESSIDSET;ESSIDSET;C:\WINDOWS\System32\ESSIDSET.SYS [2004-03-31 07:32]
S3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-27 19:49]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 09:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 09:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 09:05]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-01-19 15:37]
S3 Winkq06;Winkq06;C:\WINDOWS\System32\drivers\Winkq06.sys []
S3 Winqx74;Winqx74;C:\WINDOWS\System32\drivers\Winqx74.sys []
S3 zlportio;zlportio;C:\Documents and Settings\HP_Omistaja\Työpöytä\ultrastar\zlportio.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4991b02-ceef-11db-91ca-00112f9242d4}]
\Shell\AutoRun\command - O:\setup.exe

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-02 08:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 15:06:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203349155.job"
- C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-04-06 08:59:25 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 16:26:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Completion time: 2008-06-07 16:28:36
ComboFix-quarantined-files.txt 2008-06-07 13:28:27

Pre-Run: 18,876,751,872 tavua vapaana
Post-Run: 18,848,813,056 tavua vapaana

334 --- E O F --- 2008-06-02 16:22:57

HJT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Dl] C:\Program Files\svehost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 12573 bytes

yaht · Jun 7, 2008

Poista käsin

C:\Program Files\svehost.exe

un olet poistanyt tyhjennä roskis ja jos et voi poistaa tiedostoa sammuta svehost.exe niminen prosessi Tehtävienhallinnasta.

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

Elchey · Jun 7, 2008

poistin ton svehost.exen hijackthisin kautta kun en siihen muuten päässyt käsiksi. Tässä malwarebytesin logi + hjt-log

Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 826

23:20:58 7.6.2008
mbam-log-6-7-2008 (23-20-58).txt

Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 42143
Kulunut aika: 10 minute(s), 36 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\WINDOWS\system32\blphcreaj0e3ac.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Process.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 12650 bytes

yaht · Jun 8, 2008

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\Program Files\svehost.exe

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Elchey · Jun 8, 2008

hjt ja combofix-logit:

ComboFix 08-06-07.3 - HP_Omistaja 2008-06-08 15:32:48.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.957 [GMT 3:00]
Running from: C:\Documents and Settings\HP_Omistaja.LUTTINEN\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Omistaja.LUTTINEN\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\svehost.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
.

2008-06-07 01:26 . 2008-06-07 01:26 <KANSIO> d-------- C:\Program Files\Avira
2008-06-07 01:26 . 2008-06-07 01:26 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-06 14:48 . 2008-06-06 14:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-06 14:47 . 2008-06-06 14:47 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-06 12:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-06 12:45 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-06 01:09 . 2008-06-06 01:09 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-06-06 01:06 . 2007-07-25 09:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-06-05 15:37 . 2008-06-05 15:37 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\shcteaj0e3ac
2008-06-05 15:36 . 2008-06-06 13:06 90,838 --a------ C:\WINDOWS\system32\phcreaj0e3ac.bmp
2008-06-05 10:33 . 2008-06-05 10:34 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-06-04 22:39 . 2008-06-04 22:39 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 22:39 . 2008-06-04 22:39 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\Malwarebytes
2008-06-04 22:39 . 2008-06-04 22:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 22:39 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 22:39 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 21:49 . 2008-06-04 21:49 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-04 21:42 . 2008-06-04 19:36 94,208 --a------ C:\WINDOWS\erlg.exe
2008-06-04 21:16 . 2008-06-04 22:01 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-06-04 19:29 . 2008-06-04 19:29 <KANSIO> d-------- C:\Program Files\ToniArts
2008-06-02 22:41 . 2008-06-02 22:50 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-06-02 21:53 . 2008-06-02 21:53 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\ESET
2008-06-02 21:51 . 2008-06-02 21:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-02 20:53 . 2007-09-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-06-02 20:04 . 2008-06-02 20:07 4,847 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-02 19:27 . 2008-06-02 19:27 <KANSIO> d-------- C:\IPSDEF
2008-06-02 17:49 . 2008-06-02 17:49 <KANSIO> d-------- C:\Program Files\Microsoft SDKs
2008-06-02 17:49 . 2008-06-02 17:49 <KANSIO> d-------- C:\Program Files\Common Files\Merge Modules
2008-06-02 17:38 . 2008-06-02 17:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-02 17:37 . 2008-06-02 20:27 <KANSIO> d-------- C:\Program Files\ATI Technologies
2008-06-02 14:05 . 2008-06-02 14:05 <KANSIO> d-------- C:\Program Files\Radeon Omega Drivers
2008-05-30 08:46 . 2007-10-25 19:56 29,140,992 --a------ C:\WINDOWS\system32\shell32(3).dll
2008-05-30 08:40 . 2008-05-30 08:41 <KANSIO> d-------- C:\4cbfe2777d44cbccfaf14c426f
2008-05-23 16:07 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(5).dll
2008-05-23 16:07 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(4).dll
2008-05-23 16:07 . 2006-11-27 17:54 539,136 --a------ C:\WINDOWS\system32\msftedit(2).dll
2008-05-23 16:07 . 2004-09-15 15:00 351,232 --a------ C:\WINDOWS\system32\winhttp(5).dll
2008-05-23 16:07 . 2004-09-15 15:00 351,232 --a------ C:\WINDOWS\system32\winhttp(4).dll
2008-05-23 15:59 . 2008-05-23 16:01 <KANSIO> d-------- C:\d858429ec26ace7952
2008-05-22 15:10 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(7).dll
2008-05-22 15:10 . 2004-09-15 02:11 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res(6).dll
2008-05-22 15:10 . 2006-11-27 17:54 539,136 --a------ C:\WINDOWS\system32\msftedit(3).dll
2008-05-22 15:01 . 2008-05-22 15:03 <KANSIO> d-------- C:\50eb6c55dc40b3fe68
2008-05-21 21:00 . 2007-10-25 19:56 29,140,992 --a------ C:\WINDOWS\system32\shell32(9).dll
2008-05-21 16:28 . 2007-08-10 08:17 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-05-21 16:23 . 2007-10-25 19:56 29,140,992 --a------ C:\WINDOWS\system32\shell32(10).dll
2008-05-21 16:22 . 2004-09-15 15:00 2,957,312 --a------ C:\WINDOWS\system32\wmploc.dll
2008-05-21 15:44 . 2008-05-30 08:41 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-19 13:59 . 2008-05-19 14:00 <KANSIO> d-------- C:\WINDOWS\Packs
2008-05-16 19:11 . 2008-05-21 13:00 <KANSIO> d-------- C:\Program Files\WinAce
2008-05-12 14:31 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-12 14:31 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-12 14:31 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-12 14:31 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-12 14:31 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-12 14:31 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-12 14:31 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-12 14:31 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-12 14:31 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-08 21:49 . 2008-05-21 13:02 3,532 --a------ C:\drmHeader.bin
2008-05-08 14:12 . 2008-05-08 14:12 <KANSIO> d--hs---- C:\Documents and Settings\HP_Omistaja.LUTTINEN\UserData

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 11:30 --------- d-----w C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\uTorrent
2008-06-07 14:25 --------- d-----w C:\Program Files\RevConnect
2008-06-06 22:22 --------- d-----w C:\Program Files\iolo
2008-06-06 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-06-06 09:45 --------- d-----w C:\Program Files\Java
2008-06-04 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-02 17:07 52,095 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-06-02 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-02 16:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-02 14:49 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-06-02 14:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:38 --------- d-----w C:\Program Files\Eidos
2008-05-22 10:58 49,152 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\PCHI18N.dll
2008-05-22 10:58 4,096 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\winverifytrustwrapper.dll
2008-05-22 10:58 36,864 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\jsharpde\gnu.dll
2008-05-22 10:58 315,392 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\jsharpde\pchmsxml.dll
2008-05-22 10:58 155,877 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4\plugin\bin\jsharpde\js.zip
2008-05-21 10:12 --------- d-----w C:\Program Files\DivX
2008-05-12 17:44 4,608 --sha-w C:\Program Files\Thumbs.db
2008-05-11 09:31 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-10 08:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-06 13:30 --------- d-----w C:\Program Files\ImTOO
2008-05-06 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-26 09:45 --------- d-----w C:\Program Files\directx
2008-04-24 10:47 --------- d-----w C:\Program Files\Styler
2008-04-21 14:39 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-04-21 14:32 --------- d-----w C:\Program Files\Realtek
2008-04-21 14:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-19 12:31 --------- d-----w C:\Program Files\EasyDVDShrink
2008-04-17 13:04 --------- d-----w C:\Program Files\DC++
2008-04-14 16:12 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-10 07:24 --------- d-----w C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\ViStart
2008-04-10 07:16 --------- d-----w C:\Program Files\WinFlip
2008-04-10 07:16 --------- d-----w C:\Program Files\TrueTransparency
2008-04-10 07:16 --------- d-----w C:\Documents and Settings\HP_Omistaja.LUTTINEN\Application Data\Styler
2008-03-26 14:14 16,859,136 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-16 13:08 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-22 16:18 51,136 ----a-w C:\Documents and Settings\HP_Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2007-08-08 07:56 20,792 ----a-w C:\Program Files\toolbar.bmp
.

------- Sigcheck -------

2004-09-29 21:46 656896 227301ed5bfae23c96e41e71871e77c6 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 20:12 657920 9f621aa8e09012a4566480eda61c368c C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 23:58 658944 75eea34c4afd5a983f5e6b660e5f1da2 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 10:48 657920 59217f091df07b7e4fc52d2c2f97cedd C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-03 03:08 660480 2983c9ae18e389c328a349f572f1aaad C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-03 05:11 659456 042e7a572b55af4b7d11a6a8a5179f8c C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-21 06:39 661504 27c407d0527b18201f1f2927d39b246f C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 06:58 663552 0b5f9971aa3522edeca79fd34619652f C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 08:27 663552 c4e5a8f0cdeb3ae634ec96b5c5a5715e C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 14:25 664576 ed19f0e21afc6ad5f7b206be851f662b C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 11:37 664576 f24d8577ec89d6ad405ea85eb51285d7 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2007-03-23 12:29 823296 462f189562635461bd5f6917a0bbb3fc C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 11:29 823808 c44d048452288b8e3d0d0c6668fec649 C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 17:15 824320 2733e526118d99b6e034d8c4edd4d11e C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 12:50 825344 576cda8ff35c88b4e53acc9247bb4ba6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 02:23 825344 97448c39d6185a4514dda6c6a861a4e6 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 04:42 825344 4551eb7ab420af3db7eabd5a83c8100c C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-02-16 12:32 666112 881fa37655bb51812725127bdb3ade46 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-03-01 15:35 827392 62b193606f56d6ceab6704af6a45774f C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-01-22 02:26 589312 8608299672e6e6440e879314effc07e7 C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\wininet.dll
2004-09-15 15:00 656384 24965d454199a92ee14f2f0e4374f89c C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 12:02 659456 c8a0e7dfdabfe96394fa4a739c193a10 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 16:32 822784 a316582e09c465750ed9061307004e50 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 10:40 822784 d75ec9b36ec9d617906859341be701df C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 17:06 1339904 ceb059ba4bdae7dc07694d14ee55f3ac C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 12:59 824832 5a88886d5958af9309b517897d02260c C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 05:14 824832 d0d4908912f67aad4cc6e8b0b1df39c9 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2007-12-07 05:14 824832 d0d4908912f67aad4cc6e8b0b1df39c9 C:\WINDOWS\SoftwareDistribution\Download.old\db60c959bf9ebe869557fc7e6d0ffbf9\SP2GDR\wininet.dll
2007-12-07 04:42 825344 4551eb7ab420af3db7eabd5a83c8100c C:\WINDOWS\SoftwareDistribution\Download.old\db60c959bf9ebe869557fc7e6d0ffbf9\SP2QFE\wininet.dll
2008-03-01 16:01 826368 a593abdc028e8ef0137ea953f84704b1 C:\WINDOWS\SoftwareDistribution\Download.old\e5ec8653cde82bf774bd3f2e4fb1b3c3\SP2GDR\wininet.dll
2008-03-01 15:35 827392 62b193606f56d6ceab6704af6a45774f C:\WINDOWS\SoftwareDistribution\Download.old\e5ec8653cde82bf774bd3f2e4fb1b3c3\SP2QFE\wininet.dll
2008-04-14 19:11 666112 805df36832d972480e4ec8adc5a85c9b C:\WINDOWS\SoftwareDistribution\Download.old\e931f3c00b4c04354823a05f49f16b2a\wininet.dll
2008-03-01 16:01 1260544 90af8190a19652bd9cbed351e4fbf274 C:\WINDOWS\system32\wininet.dll
2008-03-01 16:01 1260544 90af8190a19652bd9cbed351e4fbf274 C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-13 16:22 3195904 3ee7fa6f9154a47c2ad73cdc2bceb9d1 C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-09-15 15:00 1032704 43c0b3d357f319875a51bc111f393147 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 19:12 1034240 0c35f47295002f8a06419744e945d670 C:\WINDOWS\SoftwareDistribution\Download.old\e931f3c00b4c04354823a05f49f16b2a\explorer.exe
2007-06-13 16:22 3195904 3ee7fa6f9154a47c2ad73cdc2bceb9d1 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-07_16.27.36,28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 22:22:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 08:50:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-06 22:27:07 70,110 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-08 08:55:55 70,110 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-06 22:27:07 83,582 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-06-08 08:55:55 83,582 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-06-06 22:27:07 439,112 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-08 08:55:55 439,112 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-06 22:27:07 414,250 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-06-08 08:55:55 414,250 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-06-08 08:52:40 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_fc.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 23:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 23:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-21 22:43 219952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 19:30 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 16:08 136136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 09:35 36352]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 19:00 55368]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 03:05 200704]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-25 22:13 180269]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-12-04 12:58 675840]
"DaemonTools_WhenUSave_Installer"="C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 17:26 2808832 C:\WINDOWS\alcwzrd.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 04:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\HP_Omistaja.LUTTINEN\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 23:47:48 344064]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 15:20:14 180224]
Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 15:41:10 90112]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
hp psc 1000 series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe [2003-04-09 19:21:38 147456]
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-09 19:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.MJPG"= pvmjpg21.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkq06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx74.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12247:TCP"= 12247:TCP:BitComet 12247 TCP
"12247:UDP"= 12247:UDP:BitComet 12247 UDP
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 10:55]
R1 BUFADPT;BUFADPT;C:\WINDOWS\System32\BUFADPT.SYS [2004-03-31 07:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 PCTWPASV;SoftAP WPA Authenticator Service;"C:\Program Files\Arcadyan Wireless\pctwpasv.exe" [2004-01-30 14:59]
R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-29 23:29]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-12-08 14:57]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 CA504AV;GSmart Mini 2 WDM Video Capture;C:\WINDOWS\system32\Drivers\4MAV.SYS [2002-03-09 11:10]
S3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-23 21:34]
S3 ESSIDSET;ESSIDSET;C:\WINDOWS\System32\ESSIDSET.SYS [2004-03-31 07:32]
S3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-27 19:49]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 09:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 09:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 09:05]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-01-19 15:37]
S3 Winkq06;Winkq06;C:\WINDOWS\System32\drivers\Winkq06.sys []
S3 Winqx74;Winqx74;C:\WINDOWS\System32\drivers\Winqx74.sys []
S3 zlportio;zlportio;C:\Documents and Settings\HP_Omistaja\Työpöytä\ultrastar\zlportio.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4991b02-ceef-11db-91ca-00112f9242d4}]
\Shell\AutoRun\command - O:\setup.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-02 08:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 15:06:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203349155.job"
- C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-04-06 08:59:25 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 15:37:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Completion time: 2008-06-08 15:39:55
ComboFix-quarantined-files.txt 2008-06-08 12:39:48
ComboFix2.txt 2008-06-07 13:28:40

Pre-Run: 18,770,153,472 tavua vapaana
Post-Run: 18,744,074,240 tavua vapaana

339 --- E O F --- 2008-06-02 16:22:57

--------------------------------------------------------------

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42, on 8.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 12098 bytes

yaht · Jun 8, 2008

Miltäs se kone nyt vaikuttaa?

Elchey · Jun 8, 2008

no kieltämättä hyvin pelittää, nopeammin mitä ennen koko virusta. sai koneen vissiin ihan hyvin puhtaaksi nyt. kiitos paljo avusta!

Log in or Sign up

Messenger virus pyyhkäisee työpöydän ja käynnistä palkin pois

tavinpera Member

yaht Regular member

tavinpera Member

yaht Regular member

Elchey Member

Elchey Member

yaht Regular member

Elchey Member

yaht Regular member

Elchey Member

tavinpera Member

Elchey Member

yaht Regular member

Elchey Member

yaht Regular member

Elchey Member

yaht Regular member

Elchey Member

yaht Regular member

Elchey Member

Share This Page

Log in or Sign up

Messenger virus pyyhkäisee työpöydän ja käynnistä palkin pois

tavinpera Member

yaht Regular member

tavinpera Member

yaht Regular member

Elchey Member

Elchey Member

yaht Regular member

Elchey Member

yaht Regular member

Elchey Member

tavinpera Member

Elchey Member

yaht Regular member

Elchey Member

yaht Regular member

Elchey Member

yaht Regular member

Elchey Member

yaht Regular member

Elchey Member

Share This Page

Useful Searches