TOIMENPITEET SUORITETTU Ihmeellinen troijalainen jota en saa pois

VilpuriS · Jul 1, 2008

tässä olisi logini, voisiko joku tsekata sen`?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:22, on 1.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {002E0843-7CB4-4347-8230-40FC81B7F5FC} - C:\WINDOWS\system32\rqRIyYRk.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
O2 - BHO: {9ac6e975-0ea4-7eab-55f4-2a11b962083b} - {b380269b-11a2-4f55-bae7-4ae0579e6ca9} - C:\WINDOWS\system32\eurtbo.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [BMeb437cbf] Rundll32.exe "C:\WINDOWS\system32\cagfgaim.dll",s
O4 - HKLM\..\Run: [e8704f23] rundll32.exe "C:\WINDOWS\system32\ansxfjtg.dll",b
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205852872954
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mlJAqqRi - mlJAqqRi.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9443 bytes

lisäksi kone ilmoittää käynnistyessään harmaassa ikkunassa

c:\windows/system32/cagfgaim.dll
Määriteltyä osaa ei löydy

mitäs tää meinaa

kalminen · Jul 1, 2008

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

------------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\system32\rqRIyYRk.dll
C:\WINDOWS\system32\eurtbo.dll
C:\WINDOWS\system32\cagfgaim.dll
C:\WINDOWS\system32\ansxfjtg.dll
C:\WINDOWS\system32\mlJAqqRi.dll

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

-----------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {002E0843-7CB4-4347-8230-40FC81B7F5FC} - C:\WINDOWS\system32\rqRIyYRk.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
O2 - BHO: {9ac6e975-0ea4-7eab-55f4-2a11b962083b} - {b380269b-11a2-4f55-bae7-4ae0579e6ca9} - C:\WINDOWS\system32\eurtbo.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BMeb437cbf] Rundll32.exe "C:\WINDOWS\system32\cagfgaim.dll",s
O4 - HKLM\..\Run: [e8704f23] rundll32.exe "C:\WINDOWS\system32\ansxfjtg.dll",b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O20 - Winlogon Notify: mlJAqqRi - mlJAqqRi.dll (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
*

VilpuriS · Jul 2, 2008

Toimenpiteet tehty

HiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:24, on 2.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\licmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205852872954
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8630 bytes

Malware

Malwarebytes' Anti-Malware 1.19
Tietokantaversio: 912
Windows 5.1.2600 Service Pack 2

23:02:48 1.7.2008
mbam-log-7-1-2008 (23-02-48).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 105812
Kulunut aika: 59 minute(s), 24 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\System Volume Information\_restore{EA674E5A-77FB-4251-9FB7-34C9B5421D9F}\RP270\A0045217.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ansxfjtg.0ll (Trojan.Vundo) -> Delete on reboot.

ComboFix

omboFix 08-07-01.3 - Mikko 2008-07-02 17:14:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1465 [GMT 3:00]
Running from: C:\Program Files\Työpöytä\ComboFix.exe
Command switches used :: C:\Program Files\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ansxfjtg.dll
C:\WINDOWS\system32\cagfgaim.dll
C:\WINDOWS\system32\eurtbo.dll
C:\WINDOWS\system32\mlJAqqRi.dll
C:\WINDOWS\system32\rqRIyYRk.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gklxtwfu.ini
C:\WINDOWS\system32\gtjfxsna.ini
C:\WINDOWS\system32\imtqxrjo.ini
C:\WINDOWS\system32\kRYyIRqr.ini
C:\WINDOWS\system32\kRYyIRqr.ini2
C:\WINDOWS\system32\mcrh.tmp

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-06-02 to 2008-07-02 )))))))))))))))))
.

2008-07-01 22:28 . 2008-07-01 22:28 <KANSIO> d-------- C:\regseeker
2008-07-01 22:02 . 2008-07-01 22:02 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 22:02 . 2008-07-01 22:02 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Malwarebytes
2008-07-01 22:02 . 2008-07-01 22:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 22:02 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 22:02 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 17:00 . 2008-07-01 17:00 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-01 16:55 . 2008-07-01 16:55 103,424 --a------ C:\WINDOWS\system32\btqxcwmh.dll
2008-07-01 16:54 . 2008-07-01 16:55 90,624 --a------ C:\WINDOWS\system32\tphwedii.dll
2008-06-30 21:19 . 2008-07-02 17:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\F-Secure
2008-06-30 21:13 . 2008-06-30 21:22 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-06-30 21:13 . 2008-06-30 21:22 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-06-30 21:11 . 2008-06-30 21:26 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
2008-06-30 21:11 . 2008-06-30 21:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-30 21:10 . 2008-06-30 21:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-30 20:55 . 2008-06-30 21:01 <KANSIO> d-------- C:\Program Files\Spyware Doctor
2008-06-30 20:55 . 2008-06-30 20:55 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\PC Tools
2008-06-30 20:55 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-30 20:55 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-30 20:55 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-30 20:55 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-30 16:11 . 2008-06-30 16:11 103,424 --a------ C:\WINDOWS\system32\eurtbo.0ll
2008-06-30 16:11 . 2008-06-30 16:11 103,424 --a------ C:\WINDOWS\system32\dpddgdoa.0ll
2008-06-30 16:10 . 2008-07-01 16:12 110,419 --a------ C:\WINDOWS\BMeb437cbf.xml
2008-06-30 16:10 . 2008-06-30 16:10 91,136 --a------ C:\WINDOWS\system32\cagfgaim.0ll
2008-06-28 09:51 . 2008-06-28 09:51 319,488 --a------ C:\WINDOWS\system32\rqRIyYRk.0ll
2008-06-27 20:03 . 2008-06-27 20:03 24,576 --a------ C:\WINDOWS\system32\mlJAqqRi.0ll
2008-06-25 19:01 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-25 19:01 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-25 09:14 . 2008-06-25 09:14 <KANSIO> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-06-25 09:14 . 2008-06-25 09:14 <KANSIO> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-06-24 21:16 . 2008-06-24 21:16 <KANSIO> d-------- C:\Documents and Settings\Mikko\Ty”p”yt„
2008-06-24 20:51 . 2008-06-24 21:22 <KANSIO> d-------- C:\Program Files\Ontrack
2008-06-24 20:51 . 2001-03-02 11:41 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
2008-06-24 20:47 . 2008-06-24 21:18 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-06-24 20:17 . 2008-06-25 09:16 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\DivX
2008-06-24 20:16 . 2008-05-23 01:22 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-06-24 20:16 . 2008-05-23 01:22 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-06-24 12:41 . 2008-06-24 12:41 <KANSIO> d-------- C:\Program Files\Transcribe!
2008-06-11 13:30 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 15:41 . 2008-06-09 15:41 <KANSIO> d-------- C:\Program Files\Power Tab Software

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 14:19 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Skype
2008-07-02 14:14 --------- d-----w C:\Program Files\Työpöytä
2008-07-02 11:31 --------- d-----w C:\Documents and Settings\Mikko\Application Data\skypePM
2008-07-01 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-30 18:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 17:49 --------- d-----w C:\Documents and Settings\Mikko\Application Data\BitTorrent
2008-06-30 13:31 --------- d-----w C:\Program Files\XoftSpySE
2008-06-29 13:12 --------- d-----w C:\Program Files\GmRek2K
2008-06-25 16:02 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-25 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-25 12:58 --------- d-----w C:\Documents and Settings\Mikko\Application Data\DVD Profiler
2008-06-25 12:41 --------- d-----w C:\Program Files\DVD Profiler
2008-06-24 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 17:16 --------- d-----w C:\Program Files\DivX
2008-06-24 16:35 --------- d-----w C:\Documents and Settings\Mikko\Application Data\PC Suite
2008-06-24 09:37 --------- d-----w C:\Program Files\DC++
2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 06:21 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Nokia
2008-06-09 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-09 06:11 --------- d-----w C:\Program Files\Nokia
2008-06-01 13:37 --------- d-----w C:\Program Files\browser - logitech
2008-05-28 08:27 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-28 08:27 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-28 08:27 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-28 08:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-05-28 08:00 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-28 08:00 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-28 08:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-28 07:58 --------- d-----w C:\Program Files\DIFX
2008-05-25 12:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-25 12:26 --------- d-----w C:\Documents and Settings\Mikko\Application Data\SystemRequirementsLab
2008-05-24 07:00 --------- d-----w C:\Program Files\Java
2008-05-24 05:58 --------- d-----w C:\Program Files\Line6
2008-05-24 05:30 --------- d-----w C:\Program Files\Common Files\Java
2008-05-24 05:20 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Line 6
2008-05-17 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-05-17 13:53 --------- d-----w C:\Program Files\Pinnacle
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 17:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-18 15:42 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-07-04 13:52 253000]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-07-26 12:28 105544]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 21:15 271672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2007-05-25 16:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 16:11 740208]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 15:59 57344 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-30 21:22]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-06-30 21:20]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 16:08]
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-09-17 22:25]
S3 Ltn_stk7070P;PCTV based TV tuner device;C:\WINDOWS\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41]
S3 Ltn_stkrc;PCTV Infrared Receiver;C:\WINDOWS\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 16:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ca8f40-42c3-11dd-8a80-000d61b6171e}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L"

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-26 11:21:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-02 14:18:48 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-22 17:25:05 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{002E0843-7CB4-4347-8230-40FC81B7F5FC} - C:\WINDOWS\system32\rqRIyYRk.dll
BHO-{ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
BHO-{b380269b-11a2-4f55-bae7-4ae0579e6ca9} - C:\WINDOWS\system32\eurtbo.dll
HKLM-Run-BMeb437cbf - C:\WINDOWS\system32\cagfgaim.dll
HKLM-Run-e8704f23 - C:\WINDOWS\system32\ansxfjtg.dll
ShellExecuteHooks-{ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
Notify-mlJAqqRi - mlJAqqRi.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 17:19:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-02 17:22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 14:22:32

Pre-Run: 59,777,122,304 tavua vapaana
Post-Run: 62,170,464,256 tavua vapaana

229 --- E O F --- 2008-06-20 09:00:48

kalminen · Jul 2, 2008

Uusi raahaus vielä:

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\system32\btqxcwmh.dll
C:\WINDOWS\system32\tphwedii.dll
C:\WINDOWS\system32\eurtbo.0ll
C:\WINDOWS\system32\dpddgdoa.0ll
C:\WINDOWS\BMeb437cbf.xml
C:\WINDOWS\system32\cagfgaim.0ll
C:\WINDOWS\system32\rqRIyYRk.0ll
C:\WINDOWS\system32\mlJAqqRi.0ll
C:\WINDOWS\system32\btqxcwmh.dll

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Lähetä => (C:\ComboFix.txt)

Miltä kone nyt tuntuu ???
.

VilpuriS · Jul 2, 2008

ComboFix 08-07-01.3 - Mikko 2008-07-02 18:52:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1471 [GMT 3:00]
Running from: C:\Program Files\Työpöytä\ComboFix.exe
Command switches used :: C:\Program Files\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMeb437cbf.xml
C:\WINDOWS\system32\btqxcwmh.dll
C:\WINDOWS\system32\cagfgaim.0ll
C:\WINDOWS\system32\dpddgdoa.0ll
C:\WINDOWS\system32\eurtbo.0ll
C:\WINDOWS\system32\mlJAqqRi.0ll
C:\WINDOWS\system32\rqRIyYRk.0ll
C:\WINDOWS\system32\tphwedii.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMeb437cbf.xml
C:\WINDOWS\system32\btqxcwmh.dll
C:\WINDOWS\system32\cagfgaim.0ll
C:\WINDOWS\system32\dpddgdoa.0ll
C:\WINDOWS\system32\eurtbo.0ll
C:\WINDOWS\system32\mlJAqqRi.0ll
C:\WINDOWS\system32\rqRIyYRk.0ll
C:\WINDOWS\system32\tphwedii.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-02 to 2008-07-02 )))))))))))))))))
.

2008-07-01 22:28 . 2008-07-01 22:28 <KANSIO> d-------- C:\regseeker
2008-07-01 22:02 . 2008-07-01 22:02 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 22:02 . 2008-07-01 22:02 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\Malwarebytes
2008-07-01 22:02 . 2008-07-01 22:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 22:02 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 22:02 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 17:00 . 2008-07-01 17:00 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-30 21:19 . 2008-07-02 17:17 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\F-Secure
2008-06-30 21:13 . 2008-06-30 21:22 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-06-30 21:13 . 2008-06-30 21:22 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-06-30 21:11 . 2008-06-30 21:26 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
2008-06-30 21:11 . 2008-06-30 21:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-30 21:10 . 2008-06-30 21:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-30 20:55 . 2008-06-30 21:01 <KANSIO> d-------- C:\Program Files\Spyware Doctor
2008-06-30 20:55 . 2008-06-30 20:55 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\PC Tools
2008-06-30 20:55 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-30 20:55 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-30 20:55 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-30 20:55 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-25 19:01 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-25 19:01 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-25 09:14 . 2008-06-25 09:14 <KANSIO> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-06-25 09:14 . 2008-06-25 09:14 <KANSIO> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-06-24 21:16 . 2008-06-24 21:16 <KANSIO> d-------- C:\Documents and Settings\Mikko\Työpöytä
2008-06-24 20:51 . 2008-06-24 21:22 <KANSIO> d-------- C:\Program Files\Ontrack
2008-06-24 20:51 . 2001-03-02 11:41 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
2008-06-24 20:47 . 2008-06-24 21:18 <KANSIO> d-------- C:\Program Files\Yahoo!
2008-06-24 20:17 . 2008-06-25 09:16 <KANSIO> d-------- C:\Documents and Settings\Mikko\Application Data\DivX
2008-06-24 20:16 . 2008-05-23 01:22 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-06-24 20:16 . 2008-05-23 01:22 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-06-24 12:41 . 2008-06-24 12:41 <KANSIO> d-------- C:\Program Files\Transcribe!
2008-06-11 13:30 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 15:41 . 2008-06-09 15:41 <KANSIO> d-------- C:\Program Files\Power Tab Software

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 15:52 --------- d-----w C:\Program Files\Työpöytä
2008-07-02 15:51 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Skype
2008-07-02 14:19 --------- d-----w C:\Documents and Settings\Mikko\Application Data\skypePM
2008-07-01 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-30 18:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 17:49 --------- d-----w C:\Documents and Settings\Mikko\Application Data\BitTorrent
2008-06-30 13:31 --------- d-----w C:\Program Files\XoftSpySE
2008-06-29 13:12 --------- d-----w C:\Program Files\GmRek2K
2008-06-25 16:02 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-25 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-25 12:58 --------- d-----w C:\Documents and Settings\Mikko\Application Data\DVD Profiler
2008-06-25 12:41 --------- d-----w C:\Program Files\DVD Profiler
2008-06-24 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 17:16 --------- d-----w C:\Program Files\DivX
2008-06-24 16:35 --------- d-----w C:\Documents and Settings\Mikko\Application Data\PC Suite
2008-06-24 09:37 --------- d-----w C:\Program Files\DC++
2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 06:21 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Nokia
2008-06-09 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-09 06:11 --------- d-----w C:\Program Files\Nokia
2008-06-01 13:37 --------- d-----w C:\Program Files\browser - logitech
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-28 08:27 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-28 08:27 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-28 08:27 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-28 08:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-05-28 08:00 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-28 08:00 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-28 08:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-28 07:58 --------- d-----w C:\Program Files\DIFX
2008-05-25 12:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-25 12:26 --------- d-----w C:\Documents and Settings\Mikko\Application Data\SystemRequirementsLab
2008-05-24 07:00 --------- d-----w C:\Program Files\Java
2008-05-24 05:58 --------- d-----w C:\Program Files\Line6
2008-05-24 05:30 --------- d-----w C:\Program Files\Common Files\Java
2008-05-24 05:20 --------- d-----w C:\Documents and Settings\Mikko\Application Data\Line 6
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-17 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-05-17 13:53 --------- d-----w C:\Program Files\Pinnacle
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 17:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-02 17:28 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-18 15:42 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-02_17.22.08.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-02 14:18:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-02 15:16:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-02 15:16:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_940.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-07-04 13:52 253000]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-07-26 12:28 105544]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 21:15 271672]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2007-05-25 16:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 16:11 740208]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 15:59 57344 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-03-18 19:25:00 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-30 21:22]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-06-30 21:20]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 16:08]
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-09-17 22:25]
S3 Ltn_stk7070P;PCTV based TV tuner device;C:\WINDOWS\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41]
S3 Ltn_stkrc;PCTV Infrared Receiver;C:\WINDOWS\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 16:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ca8f40-42c3-11dd-8a80-000d61b6171e}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L"

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-26 11:21:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-02 15:16:19 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-22 17:25:05 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 18:56:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-02 18:57:55
ComboFix-quarantined-files.txt 2008-07-02 15:57:33
ComboFix2.txt 2008-07-02 14:22:46

Pre-Run: 61,877,051,392 tavua vapaana
Post-Run: 62,143,651,840 tavua vapaana

212 --- E O F --- 2008-06-20 09:00:48

kalminen · Jul 2, 2008

Puhdasta on !!!
Roskat vain pois.
******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
*************************************************************
******************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
**********************************************************

Log in or Sign up

TOIMENPITEET SUORITETTU Ihmeellinen troijalainen jota en saa pois

VilpuriS Member

kalminen Regular member

VilpuriS Member

kalminen Regular member

VilpuriS Member

kalminen Regular member

Share This Page

Log in or Sign up

TOIMENPITEET SUORITETTU Ihmeellinen troijalainen jota en saa pois

VilpuriS Member

kalminen Regular member

VilpuriS Member

kalminen Regular member

VilpuriS Member

kalminen Regular member

Share This Page

Useful Searches