Paha Troijalainen

Kun käynnistää koneen heittää tälläsiä virheilmotuksia

p-07-0100 irql: 1f SYSVER )xff00024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLE"

A potential problem has been detected and Windows has been shutdown
buggy application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000).

The instruction at "0x01d62739" referenced memory at "0x02354e50". The memory could not be "read

Ensimmäinen ilmotus tulee heti kun Xp:n käynnistää ja noita satelee sitten myöhemmin C:llä on post1A1a.tmp tiedostoja missä numerot kasvaa ja niitä on paljon. Tässä Vielä Logi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:20, on 23.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMA32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMB32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.EXE
C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe
C:\Ohjelmat\WinKey\WinKey.exe
C:\Ohjelmat\ObjectDock\ObjectDock.exe
C:\Program Files\Vista Virtual Desktops\Virtual Desktops.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AAWTray] C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe
O4 - HKLM\..\Run: [40ea2220] rundll32.exe "C:\WINDOWS\system32\egcdxprc.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Ohjelmat\DAEMON Tools Pro ADVANCED v4.10.Build218.0\DAEMON Tools Pro v4.10.218.0\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Ohjelmat\ObjectDock\ObjectDock.exe
O4 - Startup: Vista Virtual Desktops.lnk = ?
O4 - Global Startup: WinKey.lnk = C:\Ohjelmat\WinKey\WinKey.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?0212358a0c1a4486a23ecf6735480d51
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?0212358a0c1a4486a23ecf6735480d51
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165772673373
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155997914906
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: NBService - Nero AG - C:\Ohjelmat\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12862 bytes

 

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Kun käynnistin XP:n työpöydällä ei näkynyt mitään, mutta pääsis tehtävienhallinnan avulla nettiin ja suorittamaan ohjelman. C:lle oli myös ilmestynyt outu Dat tiedosto, lieneekä se sitten estänyt käynnistymisen.

Skannasin vissiin kahteen kertaan. Siinä luki, että valmistelee raporttia, mutta koitin mennä C:lle vähän ajan päästä niin ikkunä hävisi samalla. En löytänyt lokia, joten ajoin ohjelman uudestaan. Tässä molemmat lokit(Ensimmäinen taisi sitten ilmestyä sinne) Ainakin nyt suoritin ei mene 100% eikä tule näitä virheilmotuksii.

ComboFix 08-02-25 - ape 2008-02-25 23:45:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1551 [GMT 2:00]
Running from: C:\Documents and Settings\ape\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\axwgmose.dll
C:\WINDOWS\system32\bujnjjjc.dll
C:\WINDOWS\system32\cocdcijn.dll
C:\WINDOWS\system32\crpxdcge.ini
C:\WINDOWS\system32\crpxdcge.ini2
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\digxdusn.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\efljtnyh.ini
C:\WINDOWS\system32\egcdxprc.dll
C:\WINDOWS\system32\hpdjfaqi.dll
C:\WINDOWS\system32\iifdbba.dll
C:\WINDOWS\system32\iqafjdph.ini
C:\WINDOWS\system32\iraqwfya.ini
C:\WINDOWS\system32\jmnmpioh.ini
C:\WINDOWS\system32\kaqibisf.dll
C:\WINDOWS\system32\kcdfbjfv.ini
C:\WINDOWS\system32\ljjgdde.dll
C:\WINDOWS\system32\njicdcoc.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pmnlihf.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\qommjgh.dll
C:\WINDOWS\system32\rrwmctxp.ini
C:\WINDOWS\system32\rrvoaxpv.dll
C:\WINDOWS\system32\ssqopqn.dll
C:\WINDOWS\system32\supsytqt.ini
C:\WINDOWS\system32\thpapaca.ini
C:\WINDOWS\system32\tqtyspus.dll
C:\WINDOWS\system32\tsxwtwuu.dll
C:\WINDOWS\system32\uuoloxvg.dll
C:\WINDOWS\system32\uuoloxvg.dllbox
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\yyadd.ini
C:\WINDOWS\system32\yyadd.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF




((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-25 to 2008-02-25 )))))))))))))))))
.

2008-02-23 21:17 . 2008-02-23 21:17 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-22 14:54 . 2008-02-22 14:55 3,949 --a------ C:\WINDOWS\system32\dqlvykjx.dll
2008-02-22 14:46 . 2008-02-22 14:46 3,949 --a------ C:\WINDOWS\system32\jwlsiwtw.dll
2008-02-15 09:56 . 2008-02-15 09:56 1,243,734 ---hs---- C:\WINDOWS\system32\lflcordx.tmp
2008-02-15 09:56 . 2008-02-15 09:56 534 ---hs---- C:\WINDOWS\system32\lflcordx.ini
2008-02-14 20:02 . 2008-02-14 20:03 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-14 19:37 . 2008-02-15 09:53 474 ---hs---- C:\WINDOWS\system32\ehtuvint.ini
2008-02-14 19:18 . 2008-02-22 21:26 318 --ahs---- C:\WINDOWS\system32\ghkmp.ini
2008-02-14 18:38 . 2008-02-14 18:38 <KANSIO> d-------- C:\Program Files\Ajurit
2008-02-14 18:20 . 2008-02-14 18:20 <KANSIO> d-------- C:\Program Files\GameSpy
2008-02-14 18:19 . 2008-02-14 18:19 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-14 18:19 . 2008-02-14 18:19 22,328 --a------ C:\Documents and Settings\ape\Application Data\PnkBstrK.sys
2008-02-14 18:17 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-14 18:17 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-14 18:17 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-11 17:46 . 2008-02-14 18:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-11 17:46 . 2008-02-11 17:46 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-11 17:46 . 2008-02-14 18:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-08 17:43 . 2008-02-08 17:43 <KANSIO> d-------- C:\Program Files\Program
2008-02-08 17:34 . 2008-02-08 17:42 <KANSIO> d-------- C:\Program Files\Näytönojain
2008-02-08 16:46 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-08 16:46 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-08 16:46 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-08 16:46 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-02-08 16:46 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-02-08 16:46 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-02-08 16:46 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-02-08 16:44 . 2008-02-11 17:29 299 --a------ C:\WINDOWS\game.ini
2008-02-08 16:15 . 2008-02-08 16:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-02-08 16:14 . 2008-02-08 16:15 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\DAEMON Tools Pro
2008-02-08 15:52 . 2008-02-08 15:52 <KANSIO> d-------- C:\DAEMON Tools
2008-02-08 15:50 . 2008-02-08 15:50 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\DAEMON Tools
2008-02-06 18:23 . 2008-02-11 17:37 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\F-Secure
2008-02-06 18:11 . 2007-05-25 15:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-02-06 18:11 . 2007-05-25 15:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-02-06 18:10 . 2008-02-06 18:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-02-06 18:09 . 2008-02-06 18:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-02-05 20:05 . 2008-02-05 20:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}
2008-02-05 20:04 . 2008-02-05 20:04 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\Seven Zip
2008-02-03 19:57 . 2008-02-03 19:57 3,692 --a------ C:\WINDOWS\system32\lnsfsrgu.dll
2008-01-30 15:06 . 2008-01-30 15:07 <KANSIO> d-------- C:\Program Files\WinAmp Control
2008-01-30 15:06 . 2008-01-30 15:06 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\WinAmp Control
2008-01-29 15:31 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-29 15:31 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 11:15 . 2008-01-28 11:15 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-01-28 08:55 . 2008-02-08 13:12 319 --ahs---- C:\WINDOWS\system32\oqtss.ini
2008-01-27 02:20 . 2008-01-27 02:20 <KANSIO> d-------- C:\dvp5980_12_fus_eng
2008-01-27 01:49 . 2007-08-31 16:39 1,527,136 --a------ C:\DVP5980_12.bin
2008-01-27 01:49 . 2007-06-24 14:49 150,021 --a------ C:\dvp5980_12_fur_eng.pdf
2008-01-27 01:48 . 2008-01-27 01:47 1,093,065 --a------ C:\DVP5980_12_tech25.rar

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 19:15 --------- d-----w C:\Documents and Settings\ape\Application Data\uTorrent
2008-02-13 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 14:07 --------- d-----w C:\Program Files\uTorrent
2008-02-08 15:49 --------- d-----w C:\Program Files\ATI Technologies
2008-02-08 14:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 13:42 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-06 15:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-29 13:29 --------- d-----w C:\Program Files\Google
2008-01-25 17:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-25 17:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-24 11:12 --------- d-----w C:\Program Files\Winamp
2008-01-22 14:56 --------- d-----w C:\Documents and Settings\ape\Application Data\Yahoo!
2008-01-22 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-22 14:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-22 13:14 --------- d-----w C:\Program Files\Vista Virtual Desktops
2008-01-22 11:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 10:41 --------- d-----w C:\Program Files\DivX
2008-01-22 10:27 --------- d-----w C:\Documents and Settings\ape\Application Data\Launchy
2008-01-11 17:16 --------- d-----w C:\Documents and Settings\ape\Application Data\dvdcss
2008-01-08 23:46 --------- d-----w C:\Documents and Settings\ape\Application Data\Apple Computer
2008-01-08 23:37 --------- d-----w C:\Program Files\QuickTime
2008-01-08 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-08 23:35 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-06 14:18 --------- d-----w C:\Program Files\Samsung kovelevy
2007-12-13 18:06 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 05:37 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-12-08 05:14 3,592,192 ----a-w C:\WINDOWS\system32\SET2AD.tmp
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\SET2A2.tmp
2007-12-07 02:14 6,066,176 ----a-w C:\WINDOWS\system32\SET2B5.tmp
2007-12-07 02:14 52,224 ----a-w C:\WINDOWS\system32\SET2AE.tmp
2007-12-07 02:14 459,264 ----a-w C:\WINDOWS\system32\SET2AF.tmp
2007-12-07 02:14 27,648 ----a-w C:\WINDOWS\system32\SET2B0.tmp
2007-12-07 02:14 267,776 ----a-w C:\WINDOWS\system32\SET2B3.tmp
2007-12-07 02:14 233,472 ----a-w C:\WINDOWS\system32\SET2A5.tmp
2007-12-07 02:14 105,984 ----a-w C:\WINDOWS\system32\SET2A7.tmp
2007-12-07 02:14 1,159,680 ----a-w C:\WINDOWS\system32\SET2A6.tmp
2007-12-07 02:13 63,488 ----a-w C:\WINDOWS\system32\SET2BC.tmp
2007-12-07 02:13 383,488 ----a-w C:\WINDOWS\system32\SET2B7.tmp
2007-12-07 02:13 124,928 ----a-w C:\WINDOWS\system32\SET2BF.tmp
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-09-18 17:05 25,304 ----a-w C:\Documents and Settings\ape\Application Data\GDIPFONTCACHEV1.DAT
2007-01-30 12:23 81,920 ----a-w C:\Documents and Settings\ape\Application Data\ezpinst.exe
2007-01-30 12:23 47,360 ----a-w C:\Documents and Settings\ape\Application Data\pcouffin.sys
2005-05-11 20:36 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
2007-04-28 07:45 573,904 --sh--w C:\WINDOWS\system32\hjkmp.bak1
2007-04-28 08:29 576,752 --sh--w C:\WINDOWS\system32\hjkmp.ini2
2007-05-03 10:18 574,168 --sh--w C:\WINDOWS\system32\ilnmp.bak1
2007-05-03 10:18 574,380 --sh--w C:\WINDOWS\system32\ilnmp.bak2
2007-05-03 11:13 574,987 --sh--w C:\WINDOWS\system32\ilnmp.ini2
2007-04-13 12:39 952 --sh--w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-22 14:10 219952]
"PeerGuardian"="C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe" [2005-09-18 18:44 1382400]
"DAEMON Tools Pro Agent"="C:\Ohjelmat\DAEMON Tools Pro ADVANCED v4.10.Build218.0\DAEMON Tools Pro v4.10.218.0\DAEMON Tools Pro\DTProAgent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 20:01 40960 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-04 00:00 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 15:29 29744]
"F-Secure Manager"="C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12 183208]
"F-Secure TNB"="C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]
"AAWTray"="C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe" [2007-08-08 14:53 88024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

C:\Documents and Settings\ape\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OneNote 2007 -n„ytt”leikkeet ja Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
Stardock ObjectDock.lnk - C:\Ohjelmat\ObjectDock\ObjectDock.exe [2007-04-17 00:28:13 2746104]
Vista Virtual Desktops.lnk - C:\Documents and Settings\ape\Application Data\Microsoft\Installer\{F13B53A4-4207-465D-8DA5-64FB7FFCA43B}\MainIcon.ico [2008-01-22 15:14:39 106023]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
WinKey.lnk - C:\Ohjelmat\WinKey\WinKey.exe [2007-04-28 18:43:54 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Ohjelmat\\Microsoft Visual Basic 6\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20078:TCP"= 20078:TCP:BitComet 20078 TCP
"20078:UDP"= 20078:UDP:BitComet 20078 UDP
"16644:TCP"= 16644:TCP:BitComet 16644 TCP
"16644:UDP"= 16644:UDP:BitComet 16644 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 15:09]
R1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys [2006-02-23 11:18]
R1 F-Secure HIPS;F-Secure HIPS;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
S2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 15:29]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-10-02 16:47]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 05:38]
S4 F-Secure Filter;F-Secure File System Filter;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-02-22 15:16:05 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Ohjelmat\Tune up utillies\SystemOptimizer.exe
"2008-02-09 12:35:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-22 22:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-02-25 21:30:06 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 23:48:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-25 23:50:08
ComboFix-quarantined-files.txt 2008-02-25 21:49:32
.
2008-02-22 17:56:20 --- E O F ---



ComboFix 08-02-25 - ape 2008-02-25 23:45:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1551 [GMT 2:00]
Running from: C:\Documents and Settings\ape\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\axwgmose.dll
C:\WINDOWS\system32\bujnjjjc.dll
C:\WINDOWS\system32\cocdcijn.dll
C:\WINDOWS\system32\crpxdcge.ini
C:\WINDOWS\system32\crpxdcge.ini2
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\digxdusn.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\efljtnyh.ini
C:\WINDOWS\system32\egcdxprc.dll
C:\WINDOWS\system32\hpdjfaqi.dll
C:\WINDOWS\system32\iifdbba.dll
C:\WINDOWS\system32\iqafjdph.ini
C:\WINDOWS\system32\iraqwfya.ini
C:\WINDOWS\system32\jmnmpioh.ini
C:\WINDOWS\system32\kaqibisf.dll
C:\WINDOWS\system32\kcdfbjfv.ini
C:\WINDOWS\system32\ljjgdde.dll
C:\WINDOWS\system32\njicdcoc.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pmnlihf.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\qommjgh.dll
C:\WINDOWS\system32\rrwmctxp.ini
C:\WINDOWS\system32\rrvoaxpv.dll
C:\WINDOWS\system32\ssqopqn.dll
C:\WINDOWS\system32\supsytqt.ini
C:\WINDOWS\system32\thpapaca.ini
C:\WINDOWS\system32\tqtyspus.dll
C:\WINDOWS\system32\tsxwtwuu.dll
C:\WINDOWS\system32\uuoloxvg.dll
C:\WINDOWS\system32\uuoloxvg.dllbox
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\yyadd.ini
C:\WINDOWS\system32\yyadd.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF




((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-25 to 2008-02-25 )))))))))))))))))
.

2008-02-23 21:17 . 2008-02-23 21:17 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-22 14:54 . 2008-02-22 14:55 3,949 --a------ C:\WINDOWS\system32\dqlvykjx.dll
2008-02-22 14:46 . 2008-02-22 14:46 3,949 --a------ C:\WINDOWS\system32\jwlsiwtw.dll
2008-02-15 09:56 . 2008-02-15 09:56 1,243,734 ---hs---- C:\WINDOWS\system32\lflcordx.tmp
2008-02-15 09:56 . 2008-02-15 09:56 534 ---hs---- C:\WINDOWS\system32\lflcordx.ini
2008-02-14 20:02 . 2008-02-14 20:03 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-14 19:37 . 2008-02-15 09:53 474 ---hs---- C:\WINDOWS\system32\ehtuvint.ini
2008-02-14 19:18 . 2008-02-22 21:26 318 --ahs---- C:\WINDOWS\system32\ghkmp.ini
2008-02-14 18:38 . 2008-02-14 18:38 <KANSIO> d-------- C:\Program Files\Ajurit
2008-02-14 18:20 . 2008-02-14 18:20 <KANSIO> d-------- C:\Program Files\GameSpy
2008-02-14 18:19 . 2008-02-14 18:19 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-14 18:19 . 2008-02-14 18:19 22,328 --a------ C:\Documents and Settings\ape\Application Data\PnkBstrK.sys
2008-02-14 18:17 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-14 18:17 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-14 18:17 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-11 17:46 . 2008-02-14 18:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-11 17:46 . 2008-02-11 17:46 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-11 17:46 . 2008-02-14 18:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-08 17:43 . 2008-02-08 17:43 <KANSIO> d-------- C:\Program Files\Program
2008-02-08 17:34 . 2008-02-08 17:42 <KANSIO> d-------- C:\Program Files\Näytönojain
2008-02-08 16:46 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-08 16:46 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-08 16:46 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-08 16:46 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-02-08 16:46 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-02-08 16:46 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-02-08 16:46 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-02-08 16:44 . 2008-02-11 17:29 299 --a------ C:\WINDOWS\game.ini
2008-02-08 16:15 . 2008-02-08 16:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-02-08 16:14 . 2008-02-08 16:15 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\DAEMON Tools Pro
2008-02-08 15:52 . 2008-02-08 15:52 <KANSIO> d-------- C:\DAEMON Tools
2008-02-08 15:50 . 2008-02-08 15:50 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\DAEMON Tools
2008-02-06 18:23 . 2008-02-11 17:37 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\F-Secure
2008-02-06 18:11 . 2007-05-25 15:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-02-06 18:11 . 2007-05-25 15:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-02-06 18:10 . 2008-02-06 18:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-02-06 18:09 . 2008-02-06 18:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-02-05 20:05 . 2008-02-05 20:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}
2008-02-05 20:04 . 2008-02-05 20:04 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\Seven Zip
2008-02-03 19:57 . 2008-02-03 19:57 3,692 --a------ C:\WINDOWS\system32\lnsfsrgu.dll
2008-01-30 15:06 . 2008-01-30 15:07 <KANSIO> d-------- C:\Program Files\WinAmp Control
2008-01-30 15:06 . 2008-01-30 15:06 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\WinAmp Control
2008-01-29 15:31 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-29 15:31 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 11:15 . 2008-01-28 11:15 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-01-28 08:55 . 2008-02-08 13:12 319 --ahs---- C:\WINDOWS\system32\oqtss.ini
2008-01-27 02:20 . 2008-01-27 02:20 <KANSIO> d-------- C:\dvp5980_12_fus_eng
2008-01-27 01:49 . 2007-08-31 16:39 1,527,136 --a------ C:\DVP5980_12.bin
2008-01-27 01:49 . 2007-06-24 14:49 150,021 --a------ C:\dvp5980_12_fur_eng.pdf
2008-01-27 01:48 . 2008-01-27 01:47 1,093,065 --a------ C:\DVP5980_12_tech25.rar

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 19:15 --------- d-----w C:\Documents and Settings\ape\Application Data\uTorrent
2008-02-13 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 14:07 --------- d-----w C:\Program Files\uTorrent
2008-02-08 15:49 --------- d-----w C:\Program Files\ATI Technologies
2008-02-08 14:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 13:42 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-06 15:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-29 13:29 --------- d-----w C:\Program Files\Google
2008-01-25 17:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-25 17:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-24 11:12 --------- d-----w C:\Program Files\Winamp
2008-01-22 14:56 --------- d-----w C:\Documents and Settings\ape\Application Data\Yahoo!
2008-01-22 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-22 14:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-22 13:14 --------- d-----w C:\Program Files\Vista Virtual Desktops
2008-01-22 11:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 10:41 --------- d-----w C:\Program Files\DivX
2008-01-22 10:27 --------- d-----w C:\Documents and Settings\ape\Application Data\Launchy
2008-01-11 17:16 --------- d-----w C:\Documents and Settings\ape\Application Data\dvdcss
2008-01-08 23:46 --------- d-----w C:\Documents and Settings\ape\Application Data\Apple Computer
2008-01-08 23:37 --------- d-----w C:\Program Files\QuickTime
2008-01-08 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-08 23:35 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-06 14:18 --------- d-----w C:\Program Files\Samsung kovelevy
2007-12-13 18:06 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 05:37 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-12-08 05:14 3,592,192 ----a-w C:\WINDOWS\system32\SET2AD.tmp
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\SET2A2.tmp
2007-12-07 02:14 6,066,176 ----a-w C:\WINDOWS\system32\SET2B5.tmp
2007-12-07 02:14 52,224 ----a-w C:\WINDOWS\system32\SET2AE.tmp
2007-12-07 02:14 459,264 ----a-w C:\WINDOWS\system32\SET2AF.tmp
2007-12-07 02:14 27,648 ----a-w C:\WINDOWS\system32\SET2B0.tmp
2007-12-07 02:14 267,776 ----a-w C:\WINDOWS\system32\SET2B3.tmp
2007-12-07 02:14 233,472 ----a-w C:\WINDOWS\system32\SET2A5.tmp
2007-12-07 02:14 105,984 ----a-w C:\WINDOWS\system32\SET2A7.tmp
2007-12-07 02:14 1,159,680 ----a-w C:\WINDOWS\system32\SET2A6.tmp
2007-12-07 02:13 63,488 ----a-w C:\WINDOWS\system32\SET2BC.tmp
2007-12-07 02:13 383,488 ----a-w C:\WINDOWS\system32\SET2B7.tmp
2007-12-07 02:13 124,928 ----a-w C:\WINDOWS\system32\SET2BF.tmp
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-09-18 17:05 25,304 ----a-w C:\Documents and Settings\ape\Application Data\GDIPFONTCACHEV1.DAT
2007-01-30 12:23 81,920 ----a-w C:\Documents and Settings\ape\Application Data\ezpinst.exe
2007-01-30 12:23 47,360 ----a-w C:\Documents and Settings\ape\Application Data\pcouffin.sys
2005-05-11 20:36 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
2007-04-28 07:45 573,904 --sh--w C:\WINDOWS\system32\hjkmp.bak1
2007-04-28 08:29 576,752 --sh--w C:\WINDOWS\system32\hjkmp.ini2
2007-05-03 10:18 574,168 --sh--w C:\WINDOWS\system32\ilnmp.bak1
2007-05-03 10:18 574,380 --sh--w C:\WINDOWS\system32\ilnmp.bak2
2007-05-03 11:13 574,987 --sh--w C:\WINDOWS\system32\ilnmp.ini2
2007-04-13 12:39 952 --sh--w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-22 14:10 219952]
"PeerGuardian"="C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe" [2005-09-18 18:44 1382400]
"DAEMON Tools Pro Agent"="C:\Ohjelmat\DAEMON Tools Pro ADVANCED v4.10.Build218.0\DAEMON Tools Pro v4.10.218.0\DAEMON Tools Pro\DTProAgent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 20:01 40960 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-04 00:00 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 15:29 29744]
"F-Secure Manager"="C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12 183208]
"F-Secure TNB"="C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]
"AAWTray"="C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe" [2007-08-08 14:53 88024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

C:\Documents and Settings\ape\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OneNote 2007 -n„ytt”leikkeet ja Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
Stardock ObjectDock.lnk - C:\Ohjelmat\ObjectDock\ObjectDock.exe [2007-04-17 00:28:13 2746104]
Vista Virtual Desktops.lnk - C:\Documents and Settings\ape\Application Data\Microsoft\Installer\{F13B53A4-4207-465D-8DA5-64FB7FFCA43B}\MainIcon.ico [2008-01-22 15:14:39 106023]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
WinKey.lnk - C:\Ohjelmat\WinKey\WinKey.exe [2007-04-28 18:43:54 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Ohjelmat\\Microsoft Visual Basic 6\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20078:TCP"= 20078:TCP:BitComet 20078 TCP
"20078:UDP"= 20078:UDP:BitComet 20078 UDP
"16644:TCP"= 16644:TCP:BitComet 16644 TCP
"16644:UDP"= 16644:UDP:BitComet 16644 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 15:09]
R1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys [2006-02-23 11:18]
R1 F-Secure HIPS;F-Secure HIPS;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
S2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 15:29]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-10-02 16:47]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 05:38]
S4 F-Secure Filter;F-Secure File System Filter;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-02-22 15:16:05 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Ohjelmat\Tune up utillies\SystemOptimizer.exe
"2008-02-09 12:35:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-22 22:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-02-25 21:30:06 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 23:48:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-25 23:50:08
ComboFix-quarantined-files.txt 2008-02-25 21:49:32
.
2008-02-22 17:56:20 --- E O F ---

 

#1.Kopioi/liitä seuraava tummennetut rivit tyhjään
muistiofiluun. Varmista että tiedostotyyppi on "All Files" ja
tallenna se Poista.bat nimisenä työpöydällesi.


@echo off
sc stop MSControlService
sc delete MSControlService

Tuplaklikkaa poista.bat-tiedostoa työpöydällä. Komentoikkuna välähtää, se on normaalia.


#2.Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows



3#.Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.

• Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
• Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
• Käynnistä AVG Anti-Spyware.
• Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
  • Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
• Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
• Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
• Sitten "Reports" valikon alta:
  • Laita täppi kohtaan "Do not Automatically generate report"
  • Ota täppi pois kohdasta"Only if threats were found"
• Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
• "Resident shield is", muuta tila active:sta inactive:ksi
• Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan, Ohje!

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.

• Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
• Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
• AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
  
  Kun skannaus on valmis:
  TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
• Varmistu, että Set all elements to: näyttää Quarantine[/color] (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
• Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
  
• Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
• Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
• Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestikejuusi.

#4.Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.


lähetä:
avg:n as raportti
combofix raportti
uusi hjt-loki

 

Oli pieniä ongelmia saada XP käyntiin vikasietotilassa, kun on vista samalla koneella, mutta nyt on uusimmat lokit.

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 0:08:38 2.3.2008

+ Scan result:



G:\System Volume Information\_restore{3A00256E-C576-44D2-A0AF-7D1FFA06CDE7}\RP333\A0069341.exe -> Backdoor.PoisonIvy.j : Cleaned with backup (quarantined).
C:\Documents and Settings\ape\Cookies\ape@CA2YCUW8.txt -> TrackingCookie.2o7 : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\kone@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Windows.old\Users\Jeto\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeto@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Windows.old\Users\Jeto\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeto@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.73:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.35:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@ehg-nokiafin.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@ehg-reed.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@ehg-sanomadata.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.84:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@ssl-hints.netflame[3].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@ssl-hints.netflame[4].txt -> TrackingCookie.Netflame : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@CAFL2TY5.txt -> TrackingCookie.Revsci : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@CAKX6YDD.txt -> TrackingCookie.Statcounter : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.6:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@CAHXHURY.txt -> TrackingCookie.Statistik-gallup : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.39:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.40:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.41:C:\Documents and Settings\ape\Application Data\Mozilla\Firefox\Profiles\2jgqedr5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
D:\Windows.old\Users\Jeto\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeto@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\ape\Cookies\ape@CAPWOOI6.txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Users\kone\AppData\Roaming\Microsoft\Windows\Cookies\Low\kone@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{3A00256E-C576-44D2-A0AF-7D1FFA06CDE7}\RP348\A0071829.0xe -> Trojan.Delf.zw : Cleaned with backup (quarantined).
C:\WINDOWS\winvideo32.0xe -> Trojan.Delf.zw : Cleaned with backup (quarantined).


::Report end

Combofix

ComboFix 08-02-25 - ape 2008-03-02 0:22:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1304 [GMT 2:00]
Running from: C:\Documents and Settings\ape\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\ape\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\dqlvykjx.dll
C:\WINDOWS\system32\ehtuvint.ini
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini2
C:\WINDOWS\system32\jwlsiwtw.dll
C:\WINDOWS\system32\lflcordx.ini
C:\WINDOWS\system32\lflcordx.tmp
C:\WINDOWS\system32\lnsfsrgu.dll
C:\WINDOWS\system32\oqtss.ini
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dqlvykjx.dll
C:\WINDOWS\system32\ehtuvint.ini
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini2
C:\WINDOWS\system32\jwlsiwtw.dll
C:\WINDOWS\system32\lflcordx.ini
C:\WINDOWS\system32\lflcordx.tmp
C:\WINDOWS\system32\lnsfsrgu.dll
C:\WINDOWS\system32\oqtss.ini

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-01 to 2008-03-01 )))))))))))))))))
.

2008-03-01 22:06 . 2008-03-01 22:06 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Grisoft
2008-02-27 18:33 . 2008-02-27 18:33 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\Grisoft
2008-02-27 18:33 . 2008-02-27 18:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-27 18:33 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-23 21:17 . 2008-02-23 21:17 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-14 18:38 . 2008-02-14 18:38 <KANSIO> d-------- C:\Program Files\Ajurit
2008-02-14 18:20 . 2008-02-14 18:20 <KANSIO> d-------- C:\Program Files\GameSpy
2008-02-14 18:19 . 2008-02-14 18:19 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-02-14 18:19 . 2008-02-14 18:19 22,328 --a------ C:\Documents and Settings\ape\Application Data\PnkBstrK.sys
2008-02-14 18:17 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-14 18:17 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-14 18:17 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-11 17:46 . 2008-02-26 14:05 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-11 17:46 . 2008-02-11 17:46 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-11 17:46 . 2008-02-14 18:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-08 17:43 . 2008-02-08 17:43 <KANSIO> d-------- C:\Program Files\Program
2008-02-08 17:34 . 2008-02-08 17:42 <KANSIO> d-------- C:\Program Files\Näytönojain
2008-02-08 16:46 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-02-08 16:46 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-02-08 16:46 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-02-08 16:46 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-02-08 16:46 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-02-08 16:46 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-02-08 16:46 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-02-08 16:44 . 2008-02-11 17:29 299 --a------ C:\WINDOWS\game.ini
2008-02-08 16:15 . 2008-02-08 16:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-02-08 16:14 . 2008-02-08 16:15 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\DAEMON Tools Pro
2008-02-08 15:52 . 2008-02-08 15:52 <KANSIO> d-------- C:\DAEMON Tools
2008-02-08 15:50 . 2008-02-08 15:50 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\DAEMON Tools
2008-02-06 18:23 . 2008-02-11 17:37 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\F-Secure
2008-02-06 18:11 . 2007-05-25 15:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-02-06 18:11 . 2007-05-25 15:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-02-06 18:10 . 2008-02-06 18:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-02-06 18:09 . 2008-02-06 18:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-02-05 20:05 . 2008-02-05 20:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}
2008-02-05 20:04 . 2008-02-05 20:04 <KANSIO> d-------- C:\Documents and Settings\ape\Application Data\Seven Zip

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 22:22 --------- d-----w C:\Documents and Settings\ape\Application Data\uTorrent
2008-02-13 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 14:07 --------- d-----w C:\Program Files\uTorrent
2008-02-08 15:49 --------- d-----w C:\Program Files\ATI Technologies
2008-02-08 14:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 13:42 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-06 15:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-30 13:07 --------- d-----w C:\Program Files\WinAmp Control
2008-01-30 13:06 --------- d-----w C:\Documents and Settings\ape\Application Data\WinAmp Control
2008-01-29 13:29 --------- d-----w C:\Program Files\Google
2008-01-28 09:15 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-01-27 12:37 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-01-25 17:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-25 17:28 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-24 11:12 --------- d-----w C:\Program Files\Winamp
2008-01-22 14:56 --------- d-----w C:\Documents and Settings\ape\Application Data\Yahoo!
2008-01-22 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-22 14:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-22 13:14 --------- d-----w C:\Program Files\Vista Virtual Desktops
2008-01-22 11:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 10:41 --------- d-----w C:\Program Files\DivX
2008-01-22 10:27 --------- d-----w C:\Documents and Settings\ape\Application Data\Launchy
2008-01-11 17:16 --------- d-----w C:\Documents and Settings\ape\Application Data\dvdcss
2008-01-08 23:46 --------- d-----w C:\Documents and Settings\ape\Application Data\Apple Computer
2008-01-08 23:37 --------- d-----w C:\Program Files\QuickTime
2008-01-08 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-08 23:35 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-06 14:18 --------- d-----w C:\Program Files\Samsung kovelevy
2007-12-13 18:06 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 05:37 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-12-08 05:14 3,592,192 ----a-w C:\WINDOWS\system32\SET2AD.tmp
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\SET2A2.tmp
2007-12-07 02:14 6,066,176 ----a-w C:\WINDOWS\system32\SET2B5.tmp
2007-12-07 02:14 52,224 ----a-w C:\WINDOWS\system32\SET2AE.tmp
2007-12-07 02:14 459,264 ----a-w C:\WINDOWS\system32\SET2AF.tmp
2007-12-07 02:14 27,648 ----a-w C:\WINDOWS\system32\SET2B0.tmp
2007-12-07 02:14 267,776 ----a-w C:\WINDOWS\system32\SET2B3.tmp
2007-12-07 02:14 233,472 ----a-w C:\WINDOWS\system32\SET2A5.tmp
2007-12-07 02:14 105,984 ----a-w C:\WINDOWS\system32\SET2A7.tmp
2007-12-07 02:14 1,159,680 ----a-w C:\WINDOWS\system32\SET2A6.tmp
2007-12-07 02:13 63,488 ----a-w C:\WINDOWS\system32\SET2BC.tmp
2007-12-07 02:13 383,488 ----a-w C:\WINDOWS\system32\SET2B7.tmp
2007-12-07 02:13 124,928 ----a-w C:\WINDOWS\system32\SET2BF.tmp
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-09-18 17:05 25,304 ----a-w C:\Documents and Settings\ape\Application Data\GDIPFONTCACHEV1.DAT
2007-01-30 12:23 81,920 ----a-w C:\Documents and Settings\ape\Application Data\ezpinst.exe
2007-01-30 12:23 47,360 ----a-w C:\Documents and Settings\ape\Application Data\pcouffin.sys
2005-05-11 20:36 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
2007-04-13 12:39 952 --sh--w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-22 14:10 219952]
"PeerGuardian"="C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe" [2005-09-18 18:44 1382400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 20:01 40960 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-04 00:00 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"Sonera"="C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2007-08-19 11:47 197880]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 15:29 29744]
"F-Secure Manager"="C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 15:12 183208]
"F-Secure TNB"="C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]
"AAWTray"="C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe" [2007-08-08 14:53 88024]
"!AVG Anti-Spyware"="C:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

C:\Documents and Settings\ape\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OneNote 2007 -n„ytt”leikkeet ja Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
Stardock ObjectDock.lnk - C:\Ohjelmat\ObjectDock\ObjectDock.exe [2007-04-17 00:28:13 2746104]
Vista Virtual Desktops.lnk - C:\Documents and Settings\ape\Application Data\Microsoft\Installer\{F13B53A4-4207-465D-8DA5-64FB7FFCA43B}\MainIcon.ico [2008-01-22 15:14:39 106023]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
WinKey.lnk - C:\Ohjelmat\WinKey\WinKey.exe [2007-04-28 18:43:54 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Ohjelmat\\Microsoft Visual Basic 6\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20078:TCP"= 20078:TCP:BitComet 20078 TCP
"20078:UDP"= 20078:UDP:BitComet 20078 UDP
"16644:TCP"= 16644:TCP:BitComet 16644 TCP
"16644:UDP"= 16644:UDP:BitComet 16644 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 15:09]
R1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys [2006-02-23 11:18]
R1 F-Secure HIPS;F-Secure HIPS;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
S2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 15:29]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-10-02 16:47]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 05:38]
S4 F-Secure Filter;F-Secure File System Filter;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-02-29 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Ohjelmat\Tune up utillies\SystemOptimizer.exe
"2008-02-09 12:35:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 18:00:01 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-02-29 18:30:03 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 00:27:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-02 0:28:37
ComboFix-quarantined-files.txt 2008-03-01 22:28:02
ComboFix2.txt 2008-02-25 21:50:09
.
2008-02-22 17:56:20 --- E O F ---


Hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:49:08, on 2.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMA32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMB32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.EXE
C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe
C:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Ohjelmat\WinKey\WinKey.exe
C:\Ohjelmat\ObjectDock\ObjectDock.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Vista Virtual Desktops\Virtual Desktops.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AAWTray] C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Ohjelmat\ObjectDock\ObjectDock.exe
O4 - Startup: Vista Virtual Desktops.lnk = ?
O4 - Global Startup: WinKey.lnk = C:\Ohjelmat\WinKey\WinKey.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?0212358a0c1a4486a23ecf6735480d51
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?0212358a0c1a4486a23ecf6735480d51
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165772673373
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155997914906
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Ohjelmat\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13413 bytes

 

Viittiskö joku vilkasta tota lokia?

 

mee ohjauspaneeli, lisää poista sovellus, poista yahoo toolbar(jos ei tahdo lähteä mene vikasietotilaan ja yritä uudestaan,) poista sitten kansio vikasietotilassa(toi C:\programfiles\yahoo!
--
nuo fix checked hjt:lla sammuta käynnistä uudestaan=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
poista myös tämä kansio vikasiedossa: C:\Program Files\Symantec\
---
sitten
SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

SDFix: Version 1.160

Run by ape on ma 24.03.2008 at 23:23

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\ape\TYPYT~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOW~3.EXE - Deleted
C:\WINDOW~4.EXE - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 23:54:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:0e08ea0f
"s2"=dword:d36c3797
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:3a,08,f5,e3,cb,e6,0e,73,5a,a8,ba,c5,92,db,c1,49,c1,44,d9,46,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ef,4a,26,0a,20,87,93,b1,50,f4,c5,2c,3e,5a,67,f7,c2,b8,dc,5f,7f,..
"p0"="C:\Ohjelmat\daemon410-x86\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ce,fb,52,a8,27,30,24,22,ba,b4,c7,e0,6e,30,06,c8,20,..
"khjeh"=hex:50,1c,85,45,99,3c,88,f5,00,c1,2d,3b,28,1a,44,cc,e2,8f,54,f4,63,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,81,8b,a6,8e,09,d4,c1,6c,48,47,0a,ed,04,90,8b,de,fb,46,07,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:79,4b,73,e8,2c,28,5b,80,ae,9a,a9,0c,2a,fe,22,11,2f,d7,84,fd,60,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:3a,08,f5,e3,cb,e6,0e,73,5a,a8,ba,c5,92,db,c1,49,c1,44,d9,46,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ef,4a,26,0a,20,87,93,b1,50,f4,c5,2c,3e,5a,67,f7,c2,b8,dc,5f,7f,..
"p0"="C:\Ohjelmat\daemon410-x86\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ce,fb,52,a8,27,30,24,22,ba,b4,c7,e0,6e,30,06,c8,20,..
"khjeh"=hex:50,1c,85,45,99,3c,88,f5,00,c1,2d,3b,28,1a,44,cc,e2,8f,54,f4,63,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,81,8b,a6,8e,09,d4,c1,6c,48,47,0a,ed,04,90,8b,de,fb,46,07,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:79,4b,73,e8,2c,28,5b,80,ae,9a,a9,0c,2a,fe,22,11,2f,d7,84,fd,60,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Etätuki - Windows Messenger ja ääniyhteys"
"C:\\Ohjelmat\\Microsoft Visual Basic 6\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"="C:\\Ohjelmat\\Microsoft Visual Basic 6\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"G:\\pelit\\Assassins.Creed-RELOADED\\assassin greed\\AssassinsCreed_Dx9.exe"="G:\\pelit\\Assassins.Creed-RELOADED\\assassin greed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"G:\\pelit\\Assassins.Creed-RELOADED\\assassin greed\\AssassinsCreed_Dx10.exe"="G:\\pelit\\Assassins.Creed-RELOADED\\assassin greed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"G:\\pelit\\Assassins.Creed-RELOADED\\assassin greed\\AssassinsCreed_Launcher.exe"="G:\\pelit\\Assassins.Creed-RELOADED\\assassin greed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\ape\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 15 Jan 2008 385 ...H. --- "C:\Boot.BAK"
Sat 6 Oct 2007 72 ..SH. --- "C:\WINDOWS\SCA1B7949.tmp"
Mon 16 Apr 2007 510,120 ..SH. --- "C:\WINDOWS\system32\hjkmp.tmp"
Sat 28 Apr 2007 583,190 ..SH. --- "C:\WINDOWS\system32\ilnmp.tmp"
Fri 13 Apr 2007 952 ..SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 30 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 27 Feb 2004 233,472 ...H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Mon 25 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 3 Oct 2006 50,280 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sat 23 Sep 2006 152,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7b58ee1ce7d8bacc8780cf5a95511ee0\BIT9.tmp"
Thu 21 Sep 2006 151,370 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9530ac594d26bb7e93a8c9ea916b33f\BIT8.tmp"

Finished!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:43:40, on 25.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMA32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMB32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.EXE
C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe
C:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe
C:\Ohjelmat\daemon410-x86\DAEMON Tools\daemon.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Ohjelmat\WinKey\WinKey.exe
C:\Ohjelmat\ObjectDock\ObjectDock.exe
C:\Program Files\Vista Virtual Desktops\Virtual Desktops.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Ohjelmat\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\licmgr.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsus.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AAWTray] C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Ohjelmat\daemon410-x86\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Ohjelmat\ObjectDock\ObjectDock.exe
O4 - Startup: Vista Virtual Desktops.lnk = ?
O4 - Global Startup: WinKey.lnk = C:\Ohjelmat\WinKey\WinKey.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?0212358a0c1a4486a23ecf6735480d51
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?0212358a0c1a4486a23ecf6735480d51
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165772673373
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155997914906
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Ohjelmat\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13183 bytes

 

Tuplat

 

merkkaa paina fix checked:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
-----------
ajas viel loppuun nuilla:
Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt ((tai vistassa C:\Users\Omistaja\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs )))
8. Lähetä lokin sisältö seuraavassa viestissäsi.
------------'Lataa tuolta
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Rekisteri > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi
----------------
miten kone jaksaa? onko ongelmia vielä?

 

Malwarebytes' Anti-Malware 1.09
Tietokantaversio: 542

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|G:\|)
Tarkistetut kohteet: 358058
Kulunut aika: 1 hour(s), 36 minute(s), 44 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir (Trojan.Zapchast) -> Quarantined and deleted successfully.
C:\Documents and Settings\ape\Työpöytä\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.

Kyllähän tää kone on pelannut paljon paremmin(tai ylipäätänsä toiminut) jo tuon ekan puhdistuksen jälkeen.

F-secure löysi vielä tälläset virukset, mitä ei suostus poistamaan.

Tulos: 4 haittaohjelmaa löytyi
AdWare.Win32.Virtumonde.ixd (adware)
C:\QooBox\Quarantine\catchme2008-02-25_233440.82.zip\ddayy.dll
AdWare.Win32.Virtumonde.dyi (adware)
C:\QooBox\Quarantine\catchme2008-02-25_233440.82.zip\pmnlihf.dll
AdWare.Win32.Virtumonde.gen (adware)
C:\QooBox\Quarantine\catchme2008-02-25_233440.82.zip\uuoloxvg.dll
Trojan-Dropper.Win32.Agent.bif (virus)
C:\Ohjelmat\Norton.Antivirus.2008-Full.Cracked.INCL.KEYGEN\Norton.Antivirus.2008-Full.Cracked.INCL.KEYGEN.rar\Norton.Antivirus.2008-Full.Cracked.READY.1.0.0.exe

Ja tossa tiedostoja mitä f-secure ei onnistunu avaamaa. Poimin sieltä ne "Epäilyttävän" näköiset tiedostot.

Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\HIBERFIL.SYS
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\PAGEFILE.SYS
Kohteen C:\WindowsXP-KB936929-SP3-x86-DEU.exe tarkistus on keskeytetty. [F-Secure AVP]
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\TEMPFILE
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
Kohteen C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab\MSACCESS.DEV.HXS_1033 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0044-040B-0000-0000000FF1CE}-C\InfLR.cab\IPVSTA12.HXS_1035 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0044-040B-0000-0000000FF1CE}-C\InfLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab\IPVSTA12.HXS_1033 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-001B-040B-0000-0000000FF1CE}-C\WordLR.cab\WINWORD.DEV.HXS_1035 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-001B-040B-0000-0000000FF1CE}-C\WordLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab\WINWORD.DEV.HXS_1033 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-001A-040B-0000-0000000FF1CE}-C\OutlkLR.cab\OUTLOOK.DEV.HXS_1035 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-001A-040B-0000-0000000FF1CE}-C\OutlkLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab\OUTLOOK.DEV.HXS_1033 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0017-040B-0000-0000000FF1CE}-C\SPDLR.cab\SPD.DEV.HXS_1035 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0017-040B-0000-0000000FF1CE}-C\SPDLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0016-040B-0000-0000000FF1CE}-C\ExcelLR.cab\EXCEL.DEV.HXS_1035 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0016-040B-0000-0000000FF1CE}-C\ExcelLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab\EXCEL.DEV.HXS_1033 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0015-040B-0000-0000000FF1CE}-C\AccLR.cab\MSACCESS.DEV.HXS_1035 tarkistus on keskeytetty. [F-Secure AVP]
Kohteen C:\MSOCache\All Users\{90120000-0015-040B-0000-0000000FF1CE}-C\AccLR.cab tarkistus on keskeytetty. [F-Secure AVP]

Jos joku viittis viel noi kattoo nii oisin kiitollinen.

 

jep jep. ajeles toi:
Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
-----------
toi norton alimmainen luultavasti on merkattu virukseksi ton keygenin takia. poista se kansio ja sit ei saat warettaa

 

VundoFix V7.0.3

Scan started at 19:38:56 1.4.2008

Listing files found while scanning....

No infected files were found.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:28, on 1.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMA32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMB32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.EXE
C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe
C:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Ohjelmat\WinKey\WinKey.exe
C:\Ohjelmat\ObjectDock\ObjectDock.exe
C:\Program Files\Vista Virtual Desktops\Virtual Desktops.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AAWTray] C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Ohjelmat\PeerGuardian\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Ohjelmat\daemon410-x86\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Ohjelmat\ObjectDock\ObjectDock.exe
O4 - Startup: Vista Virtual Desktops.lnk = ?
O4 - Global Startup: WinKey.lnk = C:\Ohjelmat\WinKey\WinKey.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?0212358a0c1a4486a23ecf6735480d51
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?0212358a0c1a4486a23ecf6735480d51
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165772673373
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155997914906
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Ohjelmat\Ad-Aware 2007 Professional Edition v7.0.2.1\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Ohjelmat\F-SECURE.INTERNET.SECURITY.V2008-MAGNiTUDE\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Ohjelmat\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13134 bytes

Eiköhän se nyt kunnossa ole. Kiitos avusta!!!