Miten pääsen eroon CiD mainoksista? (kiire)

Niin miten pääsen eroon niistä?

 

-> Lataa Hijackthis: http://koti.mbnet.fi/pattaya1/HijackThis.exe
-> Tallenna hakemistoon C:\hjt
->Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin:
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.


2. Valitse Uudelleennineä/ Rename.


3. Kirjoita scanner.exe

-> Käynnistä HijackThis ja klikkaa: do a system scan and save a logfile.
-> Lähetä ilmestynyt logisi tähän ketjuun

 

Logfile of HijackThis v1.99.1
Scan saved at 10:49:27, on 24.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Ref Book Noun Logo] C:\Documents and Settings\All Users\Application Data\2jugsrefbook\BoltIntra.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/HistorySwatterFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

Moi taas, en voi luvata mitään nopeaa korjausohjetta, kone on melko pahasti saastunut, koneella on keylogger joka tallentaa näppäimistön painallukset

=====

Onko tietokoneella palomuuria? vai vaan f-securen antivirus?

======

Avaa ohjauspaneelin lisää/poista sovellus ja poista

Wildtanget

=====



Hijackthissillä muut ohjelmat suljettuna!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKLM\..\Run: [Ref Book Noun Logo] C:\Documents and Settings\All Users\Application Data\2jugsrefbook\BoltIntra.exe
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache...tup1.0.0.15.cab


Merkkaa nuo rivit ja paina FIX CHECKED


=========

Lataa ATF Cleaner
http://www.atribune.org/ccount/click.php?id=1

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

==========



Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin


Poista nämä kansiot/tiedostot

C:\Program Files\WildTangent\
C:\PROGRA~1\AQUATI~1\
C:\WINDOWS\system32\bpk.exe
C:\Documents and Settings\All Users\Application Data\2jugsrefbook\
C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\


=========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Myös uusi HIJACKTHISlogi

 

Öö siellä Lisää tai poista sovellus-ohjelmassa on 3 Wildtanget-ohjelmaa: WildTanget Channel manager, WildTanget Updater ja WildTanget Web Driver, poistanko kaikki? Ja kävin kirjautumassa ulos käyttäjältäni jotta saisin kuvan kahdesta virheilmoituksesta jotka tulevat kun kirjaudun käyttäjälleni niin joudunko tekemään sen scannauksen uudestaan:
http://img519.imageshack.us/img519/9315/virheilmoitusoq8.png

Ja:
http://img182.imageshack.us/img182/9032/virheilmoitus2kx7.png

Ja pallomuurina on Windowssin palomuuri ja viruksen torjujana F-secure antivirus.

 

En saa eneen ensimmäistä scannaustani takaisin HijackThissiin.

 

Tässä ohje miten merkataan, poista kaikki wtangetit, noi virheilmotukset poistuu kun tehdään nämä korjaukset:


en ymmärrä mitä ajoit takaa (laita sitten logit noista kun olet tehnyt ne)

 

Siis jouduin sulkemaan tuon HijackThis:in koska kirjauduin ulos että pystyin ottamaan kuvan noista virheilmoituksista niin nyt jotta saan takaisin tuon skannauksen tulokset minun pitää tehdä uusi skannaus että voin raksittaa niitä tuloksia.

 

juu, tee skannauksia vaan uudestaan ja uudestaan ei sill nii väliä, lopussa laitat kuitenkin "uuden" fresh login.

 

Joitakin tiedostoja saattoi jäädä poistamatta ja joitakin ei löytynyt, kerro jos jokin on jäänyt poistamatta.

ComboFix log:
"Juhani" - 2007-06-24 12:31:45 - ComboFix 07-06-23.5 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bpkwb.dll
C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))


2007-06-24 12:32 <KANSIO> d-------- C:\DOCUME~1\Juhani\APPLIC~1\Drive Comp Deaf
2007-06-24 12:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 11:45 <KANSIO> d-------- C:\!KillBox
2007-06-24 10:48 <KANSIO> d-------- C:\hjt
2007-06-24 10:26 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-24 10:25 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 18:51 <KANSIO> d-------- C:\NoLopBackups
2007-06-23 12:49 <KANSIO> d-------- C:\Program Files\Drive Comp Deaf
2007-06-17 15:42 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-13 15:46 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2007-06-13 15:46 <KANSIO> d-------- C:\Program Files\On2 Technologies
2007-06-13 15:45 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\InstallShield Installation Information
2007-06-13 15:43 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\Pan Vision
2007-06-13 15:43 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\InstallShield
2007-06-09 11:40 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-06-09 11:40 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-06-08 10:44 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-08 10:32 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-02 21:26 <KANSIO> d-------- C:\Program Files\Tilester
2007-06-02 10:15 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-06-02 10:15 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-06-02 10:15 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-06-02 10:15 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-05-27 17:25 <KANSIO> d-------- C:\DOCUME~1\Juhani\APPLIC~1\Mp3tag


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 10:23:56 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-06-24 10:01:00 1,344 ----a-w C:\WINDOWS\system32\bpk.bin
2007-06-24 09:57:23 -------- d-----w C:\Program Files\EurowordPro
2007-06-23 15:44:41 76,484 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-23 15:44:41 377,146 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-23 10:37:38 -------- d-----w C:\Program Files\LimeWire
2007-06-19 09:11:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 07:53:36 128,656 ----a-w C:\DOCUME~1\Juhani\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-15 09:55:50 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Canon
2007-05-23 11:02:52 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2007-05-18 17:46:26 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\dvdcss
2007-05-18 17:13:22 -------- d-----w C:\Program Files\Programming Editor
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 13:57:01 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\WinRAR
2007-05-10 16:00:53 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-10 14:03:31 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Nokia
2007-05-10 14:01:49 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\PC Suite
2007-05-09 16:23:05 -------- d-----w C:\Program Files\DIFX
2007-05-09 16:22:49 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-05-09 16:22:44 -------- d-----w C:\Program Files\Common Files\Nokia
2007-05-09 16:22:42 -------- d-----w C:\Program Files\Nokia
2007-05-09 16:22:24 -------- d-----w C:\Program Files\PC Connectivity Solution
2007-05-09 16:19:13 21,486,896 ----a-w C:\Nokia_PC_Suite_683_rel_14_1_fin_web.exe
2007-05-03 17:15:32 3,120 ----a-w C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2007-04-29 14:50:31 -------- d-----w C:\Program Files\Replay Converter
2007-04-29 14:45:24 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-29 14:05:00 -------- d-----w C:\Program Files\NCH Swift Sound
2007-04-29 13:59:13 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-29 13:58:13 -------- d-----w C:\Program Files\Microsoft Works
2007-04-29 13:58:11 -------- d-----w C:\Program Files\Messenger
2007-04-29 13:58:10 -------- d-----w C:\Program Files\GameSpy Arcade
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2005-03-29 13:18:52 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 02:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 12:32]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-19 23:56]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-27 16:30]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-10 23:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-12-05 16:24]
"MW1HelperStartUp"="C:\PROGRA~1\MAGICW~1\MW1HEL~1.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 01:12 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe" [2004-01-01 18:57]
"Start WingMan Profiler"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 16:30]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" []
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"first camp"="C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-06-20 18:14:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-24 10:16:03 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 12:42:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-24 12:43:09
C:\ComboFix-quarantined-files.txt ... 2007-06-24 12:43

--- E O F ---





HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:45:31, on 24.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

eli windowsin palomuuri yks turhan kanssa, lataa esim. zonealarm helppo ilmanen

======

Avaa hijackthis, merkkaa ja paina fix checked näille riveille

O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe

Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin

Poista nämä kansiot

C:\PROGRAM FILES\MAGICW~1\
C:\DOCUMENTS AND SETTING\Juhani\APPLICATION DATA\Drive Comp Deaf

"~1" merkki tarkottaa että se jatkuu sanoa esim. "MAGICW~1" on luultavammin magicwall.

=======

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Myös uusi hijackthislogi!

 

F-securen tarkistus:
Scanning Report
Sunday, June 24, 2007 13:30:10 - 19:47:20
Computer name: TAKALO
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 13 malware found
Adware.GAIN.Dashbar (spyware)
System (Disinfected)
CometSystems (spyware)
System (Disinfected)
GAIN (spyware)
System (Disinfected)
SpySpotter (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
Trojan.Win32.Inject.au (virus)
C:\!KillBox\2jugsrefbook\BoltIntra.exe (Renamed & Submitted)
Trojan.Win32.Obfuscated.en (virus)
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\LimeWire\Limewire Lime Wire Pro 4.12.3 asennus\limewire pro 4.12.14 Bitdownloader.exe (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 491345
System: 5708
Not scanned: 87
Actions:
Disinfected: 5
Renamed: 2
Deleted: 0
None: 6
Submitted: 2
Files not scanned:
H&#65533;&#65533;ALLKB828741$\CATSRV.DLL
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC100.MHT
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000006.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\1ROCK-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\2TORP-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\3SMAS-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\4LASE-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOLGT.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOML.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOMMX.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\AG-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\BL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\CA-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\FT-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\GB-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\LL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\SH-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX2\BOSSES\CONE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS1.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS2.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS3.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\FIGHTER.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\TURRET.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\ROBOCRAB.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SENTINEL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SHUTTLE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SKULL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\STUBBORN.CKY
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCA&#65533;

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 7.0.171, 2007-06-23
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0260-23-12
F-Secure Libra: 2.4.2, 2007-06-21
F-Secure Orion: 1.2.37, 2007-06-22
F-Secure Pegasus: 1.19.0, 2007-05-20
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 21:13:29, on 24.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Juhani\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\Juhani\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\internet explorer\iexplore.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

p.s. lähden noin viikoksi lomalle jotan en sitten vastaa viestiketjuun.

 

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
http://www.spywareedge.net/nolop/NoLop.exe1
http://www.spywaretimes.com/Tools/Download/Anti-malwareToolsLinkki
http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16

* Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
* Tuplaklikkaa NoLop.exe ajaaksesi sen

* Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
* Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
* Klikkaa "REBOOT"-painiketta.
* NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx http://www.boletrice.com/downloads/mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. --

===========

Hijackthissillä muut ohjelmat suljettuna!

O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe

Merkkaa nuo rivit ja paina FIX CHECKED


=========

Lataa ATF Cleaner
http://www.atribune.org/ccount/click.php?id=1

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

==========



Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin


Poista TÄMÄ KANSIO!!

C:\DOCUMENTS AND SETTING\Juhani\APPLICATION DATA\Drive Comp Deaf

=========

Lataa RootkitRevealer.zip
[*] Luo uusi kansio nimeltä RKR C asemallesi, C:\
[*] Pura koko RootkitRevealer.zip tiedoston sisältö C:\RKR kansioon.
[*] Avaa C:\RKR kansion ja tuplaklikkaa RootkitRevealer.exe tiedostoa
[*] Klikkaa Scan painiketta ja odota skannauksen päättymistä
[*] HUOM! Älä käytä konettasi skannauksen aikana.
[*] Kun skannaus on päättynyt, klikkaa File (ikkunan yläreunasta)
[*] Sitten klikkaa Save painiketta
[*] Tallenna sitten RootkitRevealer loki työpöydällesi
Lähetä RootkitRevealer:n loki viestiketjuusi.


======

'
Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Myös uusi HIJACKTHISlogi kaikkien edellisten lisäks

 

En voinut tallentaa RootkitRevealerin logia koska kun yritin tallentaa sitä niin tuli ilmoitus että ohjelma on havainnut virheen ja se suljetaan tai jotain sellaista. Ja en ole pääsyt eroon tästä ilmoituksesta vielä:



Jätin vielä F-securen tarkistuksen tekemättä koska se oli ohjeessasi viimeisenä, RootkitRevealerin jälkeen.


Nolop logi:
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat
[2.7.2007]
[16:09:23]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Canonbj
C:\Documents and Settings\All Users\Application Data\Creative
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Intervideo
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nch Swift Sound
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Pixelstorm
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbt
C:\Documents and Settings\All Users\Application Data\Scansoft
C:\Documents and Settings\All Users\Application Data\Srs Labs
C:\Documents and Settings\All Users\Application Data\Ssscanappdatadir
C:\Documents and Settings\All Users\Application Data\Ssscanwizard -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intervideo
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Hallinta\Application Data\Apple Computer
C:\Documents and Settings\Hallinta\Application Data\Identities
C:\Documents and Settings\Hallinta\Application Data\Intervideo
C:\Documents and Settings\Hallinta\Application Data\Macromedia
C:\Documents and Settings\Hallinta\Application Data\Microsoft
C:\Documents and Settings\Hallinta\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Hallinta\Application Data\Sun
C:\Documents and Settings\Hallinta\Application Data\Symantec
C:\Documents and Settings\Juhani\Application Data\Adobe
C:\Documents and Settings\Juhani\Application Data\Adobeum
C:\Documents and Settings\Juhani\Application Data\Apple Computer
C:\Documents and Settings\Juhani\Application Data\Canon
C:\Documents and Settings\Juhani\Application Data\Corel
C:\Documents and Settings\Juhani\Application Data\Creative
C:\Documents and Settings\Juhani\Application Data\Dvdcss
C:\Documents and Settings\Juhani\Application Data\Google
C:\Documents and Settings\Juhani\Application Data\Help
C:\Documents and Settings\Juhani\Application Data\Identities
C:\Documents and Settings\Juhani\Application Data\Intertrust
C:\Documents and Settings\Juhani\Application Data\Intervideo
C:\Documents and Settings\Juhani\Application Data\Leadertech
C:\Documents and Settings\Juhani\Application Data\Macromedia
C:\Documents and Settings\Juhani\Application Data\Microsoft
C:\Documents and Settings\Juhani\Application Data\Motive
C:\Documents and Settings\Juhani\Application Data\Mozilla
C:\Documents and Settings\Juhani\Application Data\Mp3tag
C:\Documents and Settings\Juhani\Application Data\Msn6
C:\Documents and Settings\Juhani\Application Data\Nokia
C:\Documents and Settings\Juhani\Application Data\Pc Suite
C:\Documents and Settings\Juhani\Application Data\Pdfcreator
C:\Documents and Settings\Juhani\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Juhani\Application Data\Scansoft
C:\Documents and Settings\Juhani\Application Data\Sonic
C:\Documents and Settings\Juhani\Application Data\Sun
C:\Documents and Settings\Juhani\Application Data\Symantec
C:\Documents and Settings\Juhani\Application Data\Ubi.com
C:\Documents and Settings\Juhani\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Adobe
C:\Documents and Settings\Lapset\Application Data\Apple Computer
C:\Documents and Settings\Lapset\Application Data\Corel
C:\Documents and Settings\Lapset\Application Data\Creative
C:\Documents and Settings\Lapset\Application Data\Google
C:\Documents and Settings\Lapset\Application Data\Hbtools
C:\Documents and Settings\Lapset\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Identities
C:\Documents and Settings\Lapset\Application Data\Installshield
C:\Documents and Settings\Lapset\Application Data\Installshield Installation Information
C:\Documents and Settings\Lapset\Application Data\Intervideo
C:\Documents and Settings\Lapset\Application Data\Macromedia
C:\Documents and Settings\Lapset\Application Data\Microsoft
C:\Documents and Settings\Lapset\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Pan Vision
C:\Documents and Settings\Lapset\Application Data\Pc Suite
C:\Documents and Settings\Lapset\Application Data\Pdfcreator
C:\Documents and Settings\Lapset\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Shopperreports
C:\Documents and Settings\Lapset\Application Data\Sonic
C:\Documents and Settings\Lapset\Application Data\Sun
C:\Documents and Settings\Lapset\Application Data\Symantec
C:\Documents and Settings\Localservice\Application Data\Adobe
C:\Documents and Settings\Localservice\Application Data\Adobeum
C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Pdfcreator
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Pdfcreator
C:\Documents and Settings\Vieras\Application Data\Apple Computer
C:\Documents and Settings\Vieras\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Vieras\Application Data\Identities
C:\Documents and Settings\Vieras\Application Data\Intervideo
C:\Documents and Settings\Vieras\Application Data\Macromedia
C:\Documents and Settings\Vieras\Application Data\Microsoft
C:\Documents and Settings\Vieras\Application Data\Pc Suite
C:\Documents and Settings\Vieras\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Vieras\Application Data\Sun
C:\Documents and Settings\Vieras\Application Data\Symantec

HijackThis logi:
Logfile of HijackThis v1.99.1
Scan saved at 17:16:18, on 2.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\RKR\RootkitRevealer.exe
C:\RKR\RootkitRevealer.exe
C:\RKR\RootkitRevealer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: AQ - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\AQ.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FDOJOWCVQLE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\FDOJOWCVQLE.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NHBAKB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\NHBAKB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

En voinut tallentaa RootkitRevealerin logia koska kun yritin tallentaa sitä niin tuli ilmoitus että ohjelma on havainnut virheen ja se suljetaan tai jotain sellaista. Ja en ole pääsyt eroon tästä ilmoituksesta vielä:



Jätin vielä F-securen tarkistuksen tekemättä koska se oli ohjeessasi viimeisenä, RootkitRevealerin jälkeen.


Nolop logi:
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat
[2.7.2007]
[16:09:23]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Canonbj
C:\Documents and Settings\All Users\Application Data\Creative
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Intervideo
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nch Swift Sound
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Pixelstorm
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbt
C:\Documents and Settings\All Users\Application Data\Scansoft
C:\Documents and Settings\All Users\Application Data\Srs Labs
C:\Documents and Settings\All Users\Application Data\Ssscanappdatadir
C:\Documents and Settings\All Users\Application Data\Ssscanwizard -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intervideo
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Hallinta\Application Data\Apple Computer
C:\Documents and Settings\Hallinta\Application Data\Identities
C:\Documents and Settings\Hallinta\Application Data\Intervideo
C:\Documents and Settings\Hallinta\Application Data\Macromedia
C:\Documents and Settings\Hallinta\Application Data\Microsoft
C:\Documents and Settings\Hallinta\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Hallinta\Application Data\Sun
C:\Documents and Settings\Hallinta\Application Data\Symantec
C:\Documents and Settings\Juhani\Application Data\Adobe
C:\Documents and Settings\Juhani\Application Data\Adobeum
C:\Documents and Settings\Juhani\Application Data\Apple Computer
C:\Documents and Settings\Juhani\Application Data\Canon
C:\Documents and Settings\Juhani\Application Data\Corel
C:\Documents and Settings\Juhani\Application Data\Creative
C:\Documents and Settings\Juhani\Application Data\Dvdcss
C:\Documents and Settings\Juhani\Application Data\Google
C:\Documents and Settings\Juhani\Application Data\Help
C:\Documents and Settings\Juhani\Application Data\Identities
C:\Documents and Settings\Juhani\Application Data\Intertrust
C:\Documents and Settings\Juhani\Application Data\Intervideo
C:\Documents and Settings\Juhani\Application Data\Leadertech
C:\Documents and Settings\Juhani\Application Data\Macromedia
C:\Documents and Settings\Juhani\Application Data\Microsoft
C:\Documents and Settings\Juhani\Application Data\Motive
C:\Documents and Settings\Juhani\Application Data\Mozilla
C:\Documents and Settings\Juhani\Application Data\Mp3tag
C:\Documents and Settings\Juhani\Application Data\Msn6
C:\Documents and Settings\Juhani\Application Data\Nokia
C:\Documents and Settings\Juhani\Application Data\Pc Suite
C:\Documents and Settings\Juhani\Application Data\Pdfcreator
C:\Documents and Settings\Juhani\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Juhani\Application Data\Scansoft
C:\Documents and Settings\Juhani\Application Data\Sonic
C:\Documents and Settings\Juhani\Application Data\Sun
C:\Documents and Settings\Juhani\Application Data\Symantec
C:\Documents and Settings\Juhani\Application Data\Ubi.com
C:\Documents and Settings\Juhani\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Adobe
C:\Documents and Settings\Lapset\Application Data\Apple Computer
C:\Documents and Settings\Lapset\Application Data\Corel
C:\Documents and Settings\Lapset\Application Data\Creative
C:\Documents and Settings\Lapset\Application Data\Google
C:\Documents and Settings\Lapset\Application Data\Hbtools
C:\Documents and Settings\Lapset\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Identities
C:\Documents and Settings\Lapset\Application Data\Installshield
C:\Documents and Settings\Lapset\Application Data\Installshield Installation Information
C:\Documents and Settings\Lapset\Application Data\Intervideo
C:\Documents and Settings\Lapset\Application Data\Macromedia
C:\Documents and Settings\Lapset\Application Data\Microsoft
C:\Documents and Settings\Lapset\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Pan Vision
C:\Documents and Settings\Lapset\Application Data\Pc Suite
C:\Documents and Settings\Lapset\Application Data\Pdfcreator
C:\Documents and Settings\Lapset\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Lapset\Application Data\Shopperreports
C:\Documents and Settings\Lapset\Application Data\Sonic
C:\Documents and Settings\Lapset\Application Data\Sun
C:\Documents and Settings\Lapset\Application Data\Symantec
C:\Documents and Settings\Localservice\Application Data\Adobe
C:\Documents and Settings\Localservice\Application Data\Adobeum
C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Pdfcreator
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Pdfcreator
C:\Documents and Settings\Vieras\Application Data\Apple Computer
C:\Documents and Settings\Vieras\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Vieras\Application Data\Identities
C:\Documents and Settings\Vieras\Application Data\Intervideo
C:\Documents and Settings\Vieras\Application Data\Macromedia
C:\Documents and Settings\Vieras\Application Data\Microsoft
C:\Documents and Settings\Vieras\Application Data\Pc Suite
C:\Documents and Settings\Vieras\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Vieras\Application Data\Sun
C:\Documents and Settings\Vieras\Application Data\Symantec

HijackThis logi:
Logfile of HijackThis v1.99.1
Scan saved at 17:16:18, on 2.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\RKR\RootkitRevealer.exe
C:\RKR\RootkitRevealer.exe
C:\RKR\RootkitRevealer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: AQ - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\AQ.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FDOJOWCVQLE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\FDOJOWCVQLE.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NHBAKB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\NHBAKB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

Se ilmoitus oli tämä http://img182.imageshack.us/img182/9032/virheilmoitus2kx7.png

 

C:\Documents and Settings\All Users\Application Data\Ssscanappdatadir
C:\Documents and Settings\All Users\Application Data\Ssscanwizard -- EMPTY Directory

Ok noi kansiot voi poistaa

Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin


=========


Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O23 - Service: AQ - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\AQ.exe (file missing)
O23 - Service: FDOJOWCVQLE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\FDOJOWCVQLE.exe
Unknown
O23 - Service: NHBAKB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\NHBAKB.exe


Tässä ohje miten merkataan:


========

Nyt voit ajaa sen F-securen, laita sitten myös uusi hijackthislogi

 

Tämä ilmoitus tulee vieläkin kirjautuessa:
http://img182.imageshack.us/img182/9032/virheilmoitus2kx7.png

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 16:00:41, on 3.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\internet explorer\iexplore.exe
C:\hjt\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/525687
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe








F-secure log:

Scanning Report
Tuesday, July 03, 2007 09:09:47 - 15:44:53
Computer name: TAKALO
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 9 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
Trojan.Win32.Inject.au (virus)
C:\!KillBox\2jugsrefbook\BoltIntra.0xe (Submitted)
Trojan.Win32.Obfuscated.en (virus)
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\LimeWire\Limewire Lime Wire Pro 4.12.3 asennus\limewire pro 4.12.14 Bitdownloader.0xe (Submitted)
W32/KeyLogger.MJ (virus)
C:\WINDOWS\system32\bpkr.exe (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 490302
System: 5559
Not scanned: 91
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 8
Submitted: 3
Files not scanned:
xp? ???IBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\FXSTMP\FXS4CC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{B2176228-E350-43B0-9F9C-71F725752EC4}.BIN
bios1.rom
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC100.MHT
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000006.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\T2DEE0B4
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\1ROCK-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\2TORP-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\3SMAS-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\4LASE-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOLGT.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOML.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOMMX.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\AG-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\BL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\CA-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\FT-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\GB-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\LL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\SH-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX2\BOSSES\CONE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS1.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS2.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS3.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\FIGHTER.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\TURRET.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\ROBOCRAB.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SENTINEL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SHUTTLE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SKULL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\STUBBORN.CKY
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCL
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LS?
?
?


C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\FXSTMP\FXS4CC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\SOFTWARED?IU
x
????TCACHE\{B2176228-E350-43B0-9F9C-71F725752EC4}.BIN
bios1.rom
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC100.MHT
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000006.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\T2DEE0B4
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\1ROCK-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\2TORP-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\3SMAS-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\4LASE-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOLGT.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOML.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOMMX.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\AG-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\BL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\CA-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\FT-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\GB-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\LL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\SH-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX2\BOSSES\CONE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS1.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS2.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS3.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\FIGHTER.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\TURRET.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\ROBOCRAB.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SENTINEL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SHUTTLE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SKULL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\STUBBORN.CKY
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCL
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCU?
?
?


C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\FXSTMP\FXS4CC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{B2176228-E350-43B0-9F9C-71F725752EC4}.BIN
bios1.rom
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC100.MHT
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000006.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\T2DEE0B4
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\1ROCK-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\2TORP-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\3SMAS-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\4LASE-A.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOLGT.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOML.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\LOGOMMX.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\AG-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\BL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\CA-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\FT-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\GB-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\LL-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\MENU\HELP\SH-A.RAW
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX2\BOSSES\CONE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS1.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS2.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\CLASS3.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\FIGHTER.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\TURRET.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\ROBOCRAB.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SENTINEL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SHUTTLE.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\SKULL.CKY
C:\PROGRAM FILES\EGAMES\NEBULA FIGHTER SPECIAL EDITION\GFX\BOSSES\STUBBORN.CKY
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCL
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LAPTS AND ??IG
x
????APPLICATION DATA\SONIC\RECORDNOW!\RN!57A.TMP (1_0).GI
C:\DOCUMENTS AND SETTINGS\JUHANI\APPLICATION DATA\SONIC\RECORDNOW!\RN!59D.TMP (1_0).GI
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\DR WATSON\USER.DMP
C:\15E7F8E42B6EDB7A806EB52E09CA\WUDFPF.SYS
C:\15E7F8E42B6EDB7A806EB52E09CA\WUDFRD.SYS
C:\15E7F8E42B6EDB7A806EB52E09CA\WUDF_UPDATE.INF
C:\15E7F8E42B6EDB7A806EB52E09CA\UPDATE\EULA.TXT
C:\15E7F8E42B6EDB7A806EB52E09CA\UPDATE\UPDATE.INF


--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-06-30
F-Secure AVP: 7.0.171, 2007-07-03
F-Secure Orion: 1.2.37, 2007-07-03
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0260-23-12
F-Secure Pegasus: 1.19.0, 2007-05-29
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

http://keskustelu.afterdawn.com/thread_view.cfm/417362

http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&cc=us&dlc=&product=62776&docname=c00575481

tuossa tohon virhe ilmotukseen

=========

Vakavampi asia, koneellasi on keylogger joka tallentaa kirjoittamasi

Avaa Notepad ja kopioi/liitä allaoleva teksti sinne:

Tallenna se nimellä ComboFix-Do.txt

Sitten raahaa ComboFix-Do.txt ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

"Juhani" - 2007-07-03 18:30:30 - ComboFix 07-06-23.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Juhani\Ty”p”yt„\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\LimeWire\Limewire Lime Wire Pro 4.12.3 asennus\limewire pro 4.12.14 Bitdownloader.0xe
C:\WINDOWS\system32\bpkr.exe


((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))


2007-07-03 18:12 <KANSIO> d-------- C:\WINDOWS\pss
2007-07-03 17:57 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2007-07-02 13:38 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Omat tiedostot
2007-07-01 15:08 <KANSIO> d-------- C:\RKR
2007-07-01 14:59 424 --a------ C:\delete.bat
2007-06-24 12:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 11:45 <KANSIO> d-------- C:\!KillBox
2007-06-24 10:48 <KANSIO> d-------- C:\hjt
2007-06-24 10:26 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-24 10:25 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 18:51 <KANSIO> d-------- C:\NoLopBackups
2007-06-23 12:49 <KANSIO> d-------- C:\Program Files\Drive Comp Deaf
2007-06-17 15:42 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-13 15:46 446,464 --a------ C:\WINDOWS\system32\vp31vfw.dll
2007-06-13 15:46 <KANSIO> d-------- C:\Program Files\On2 Technologies
2007-06-13 15:45 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\InstallShield Installation Information
2007-06-13 15:43 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\Pan Vision
2007-06-13 15:43 <KANSIO> d-------- C:\DOCUME~1\Lapset\APPLIC~1\InstallShield
2007-06-09 11:40 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-06-09 11:40 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-06-08 10:44 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-08 10:32 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-03 16:20:43 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-07-03 16:20:11 -------- d-----w C:\Program Files\EurowordPro
2007-06-30 11:36:25 76,484 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-30 11:36:25 377,146 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-24 10:01:00 1,344 ----a-w C:\WINDOWS\system32\bpk.bin
2007-06-23 10:37:38 -------- d-----w C:\Program Files\LimeWire
2007-06-19 09:11:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 07:53:36 128,656 ----a-w C:\DOCUME~1\Juhani\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-15 09:55:50 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Canon
2007-06-02 19:26:21 -------- d-----w C:\Program Files\Tilester
2007-05-27 15:34:46 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Mp3tag
2007-05-23 11:02:52 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2007-05-18 17:46:26 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\dvdcss
2007-05-18 17:13:22 -------- d-----w C:\Program Files\Programming Editor
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 13:57:01 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\WinRAR
2007-05-10 16:00:53 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-10 14:03:31 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\Nokia
2007-05-10 14:01:49 -------- d-----w C:\DOCUME~1\Juhani\APPLIC~1\PC Suite
2007-05-09 16:23:05 -------- d-----w C:\Program Files\DIFX
2007-05-09 16:22:49 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-05-09 16:22:44 -------- d-----w C:\Program Files\Common Files\Nokia
2007-05-09 16:22:42 -------- d-----w C:\Program Files\Nokia
2007-05-09 16:22:24 -------- d-----w C:\Program Files\PC Connectivity Solution
2007-05-09 16:19:13 21,486,896 ----a-w C:\Nokia_PC_Suite_683_rel_14_1_fin_web.exe
2007-05-03 17:15:32 3,120 ----a-w C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2007-04-29 14:45:24 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2005-03-29 13:18:52 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 02:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 12:32]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-19 23:56]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-27 16:30]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-10 23:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-12-05 16:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 01:12 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 16:30]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" []
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-06-20 18:14:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-03 16:16:27 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 18:38:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-07-03 18:38:46
C:\ComboFix-quarantined-files.txt ... 2007-07-03 18:38
C:\ComboFix2.txt ... 2007-06-24 12:43

--- E O F ---