Troijan virus(ko) koneessa. koneen tietosuojaus muuttuu itsestään alimmalla tasolle ja pop ikkunoita avaantuu... työpöytä kuvakkeet hävii välillä ...

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by sammy72, Jun 30, 2008.

  1. sammy72

    sammy72 Member

    Joined:
    Mar 23, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Moi, Voisiko joku auttaa tässä on koneen logi. miten saan koneen kuntoon "pop"ikkunoita avaantuu kokoajan. ja suojaukset muuttu... ei hyvä ;)
    *******************************
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:49:26, on 30.6.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {65B91F1E-44A4-4EFC-AFCF-F43E72641E16} - C:\WINDOWS\system32\cbXOGYOf.dll (file missing)
    O2 - BHO: {48d26bd8-5fa2-18eb-97e4-c7af67b23296} - {69232b76-fa7c-4e79-be81-2af58db62d84} - C:\WINDOWS\system32\xacxox.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {8DFEE09B-33B5-4F70-822C-6B7B128A8A05} - C:\WINDOWS\system32\yayyXRJC.dll
    O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - C:\WINDOWS\system32\khfFYstS.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [68d5e533] rundll32.exe "C:\WINDOWS\system32\kfamifct.dll",b
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
    O4 - HKLM\..\Run: [BM6be6d6af] Rundll32.exe "C:\WINDOWS\system32\dxgsdpcp.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212549411380
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://siirtotie.fi/Common/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F86713C-8038-41EF-B72B-2D8C124BEDB6}: NameServer = 193.229.0.40,193.229.0.42
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: khfFYstS - C:\WINDOWS\SYSTEM32\khfFYstS.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 8111 bytes
     
    sammy72, Jun 30, 2008
    #1
  2. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    1. Käynnistä Spybot-S&D Edistyneessä tilassa
    2. Jos se ei ole Edistyneessä tilassa, mene Tila-valikkoon ja valitse Edistynyt tila
    3. Klikkaa vasemmalla Työkalut
    4. Klikkaa listassa Pysyvä suojaus
    5. Ota rasti pois kohdasta "Pysyvä TeaTimer" ja paina OK.
    6. Käynnistä kone uudelleen.

    -----------------------------------

    Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
    Vistassa Ohjelmat ja toiminnot
    Etsi ja poista ohjelma jonka nimessä on:

    AskTBar tai
    Ask Toolbar

    -------------------------------

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
    * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    * Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    * Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
    täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

    ------------------------------------------------------------------

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix.exe
    combofix.exe


    Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

    [​IMG]

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    -----------------------------------------------------------------

    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: (no name) - {65B91F1E-44A4-4EFC-AFCF-F43E72641E16} - C:\WINDOWS\system32\cbXOGYOf.dll (file missing)
    O2 - BHO: {48d26bd8-5fa2-18eb-97e4-c7af67b23296} - {69232b76-fa7c-4e79-be81-2af58db62d84} - C:\WINDOWS\system32\xacxox.dll
    O2 - BHO: (no name) - {8DFEE09B-33B5-4F70-822C-6B7B128A8A05} - C:\WINDOWS\system32\yayyXRJC.dll
    O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - C:\WINDOWS\system32\khfFYstS.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [68d5e533] rundll32.exe "C:\WINDOWS\system32\kfamifct.dll",b
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [BM6be6d6af] Rundll32.exe "C:\WINDOWS\system32\dxgsdpcp.dll",s
    O20 - Winlogon Notify: khfFYstS - C:\WINDOWS\SYSTEM32\khfFYstS.dll

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * (C:\ComboFix.txt) raportti
    * Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    *
     
    kalminen, Jul 2, 2008
    #2
  3. sammy72

    sammy72 Member

    Joined:
    Mar 23, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    No niin tässä olisi Combofix

    ComboFix 08-07-02.5 - Sami Hilden 2008-07-03 16:58:59.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.556 [GMT 3:00]
    Running from: C:\Documents and Settings\Sami Hilden\Työpöytä\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Sami Hilden\Työpöytä\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\cbXOGYOf.dll
    C:\WINDOWS\system32\dxgsdpcp.dll
    C:\WINDOWS\system32\kfamifct.dll
    C:\WINDOWS\system32\khfFYstS.dll
    C:\WINDOWS\system32\xacxox.dll
    C:\WINDOWS\system32\yayyXRJC.dll
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\AskTBar
    C:\Program Files\AskTBar\bar\History\search2
    C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    C:\WINDOWS\system32\CJRXyyay.ini
    C:\WINDOWS\system32\CJRXyyay.ini2
    C:\WINDOWS\system32\fOYGOXbc.ini
    C:\WINDOWS\system32\fOYGOXbc.ini2
    C:\WINDOWS\system32\ifcdshat.dll
    C:\WINDOWS\system32\moxhnhhr.ini
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\msvrc20.dll
    C:\WINDOWS\pskt.ini

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-06-03 to 2008-07-03 )))))))))))))))))
    .

    2008-07-03 16:38 . 2008-07-03 16:38 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-03 16:38 . 2008-07-03 16:38 <KANSIO> d-------- C:\Documents and Settings\Sami Hilden\Application Data\Malwarebytes
    2008-07-03 16:38 . 2008-07-03 16:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-03 16:38 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-03 16:38 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-01 16:43 . 2008-06-27 12:14 245,760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
    2008-06-30 18:20 . 2008-07-01 17:19 153 --a------ C:\WINDOWS\wininit.ini
    2008-06-30 17:40 . 2008-06-30 17:40 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-30 17:40 . 2008-06-30 17:42 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-30 17:31 . 2008-06-30 17:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Arovax
    2008-06-30 17:08 . 2008-06-30 17:08 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
    2008-06-30 17:08 . 2008-06-30 17:08 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
    2008-06-30 16:54 . 2008-07-01 21:07 <KANSIO> d-------- C:\VundoFix Backups
    2008-06-29 20:52 . 2008-06-29 20:52 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-06-28 22:29 . 2008-06-29 09:34 <KANSIO> d-------- C:\Program Files\IObit
    2008-06-28 22:29 . 2008-06-29 09:38 <KANSIO> d-------- C:\Documents and Settings\Sami Hilden\Application Data\IObit
    2008-06-28 22:29 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
    2008-06-28 22:10 . 2008-06-28 22:10 <KANSIO> d-------- C:\Program Files\Lavasoft
    2008-06-28 22:10 . 2008-06-28 22:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-28 22:09 . 2008-06-30 16:53 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-28 20:31 . 2008-07-03 16:28 110,415 --a------ C:\WINDOWS\BM6be6d6af.xml
    2008-06-28 19:14 . 2008-06-30 17:35 <KANSIO> d-------- C:\Documents and Settings\Emilia\WINDOWS
    2008-06-27 13:33 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-06-27 13:01 . 2008-06-27 13:34 <KANSIO> d-------- C:\Program Files\Ahead
    2008-06-27 12:46 . 2008-06-27 13:33 <KANSIO> d-------- C:\Program Files\Nero
    2008-06-27 12:46 . 2008-06-27 12:46 <KANSIO> d-------- C:\Program Files\Common Files\Nero
    2008-06-27 12:46 . 2008-06-27 13:02 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
    2008-06-27 12:46 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-06-27 12:46 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-06-27 12:46 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-06-27 12:46 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-06-27 11:25 . 2008-06-27 11:25 <KANSIO> d-------- C:\Program Files\CD-LabelPrint
    2008-06-27 11:25 . 2008-06-27 11:25 <KANSIO> d-------- C:\Documents and Settings\Sami Hilden\Application Data\CD-LabelPrint
    2008-06-25 10:53 . 2008-06-25 10:53 <KANSIO> d-------- C:\Program Files\MSXML 4.0
    2008-06-24 11:04 . 2008-06-28 23:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
    2008-06-24 11:00 . 2008-06-24 11:00 <KANSIO> d-------- C:\Program Files\IVT Corporation
    2008-06-24 10:55 . 2008-06-30 17:36 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
    2008-06-24 10:55 . 2008-06-24 11:05 <KANSIO> d-------- C:\Program Files\FRWD Replayer
    2008-06-13 21:09 . 2008-06-13 21:09 <KANSIO> d-------- C:\Documents and Settings\Sami Hilden\Application Data\CyberLink
    2008-06-13 21:09 . 2008-06-13 21:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-06-13 21:08 . 2008-06-13 21:07 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-06-12 16:26 . 2008-06-14 20:34 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-12 16:26 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-06-11 21:12 . 2008-06-28 22:07 <KANSIO> d-------- C:\Program Files\Google
    2008-06-11 21:12 . 2008-06-11 21:12 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
    2008-06-11 21:10 . 2008-06-11 21:10 <KANSIO> d-------- C:\Program Files\Gabest
    2008-06-11 20:44 . 2008-06-11 20:44 <KANSIO> d-------- C:\Documents and Settings\Pia\Application Data\vlc
    2008-06-11 20:24 . 2008-06-11 20:24 <KANSIO> d-------- C:\Program Files\VideoLAN
    2008-06-11 20:24 . 2008-06-11 20:24 <KANSIO> d-------- C:\Documents and Settings\Sami Hilden\Application Data\vlc
    2008-06-11 20:19 . 2008-06-26 20:25 <KANSIO> d-------- C:\Documents and Settings\Sami Hilden\Application Data\Vso
    2008-06-11 20:18 . 2008-06-11 20:18 <KANSIO> d-------- C:\Program Files\vso
    2008-06-11 20:18 . 2008-06-11 20:18 47,360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
    2008-06-11 20:10 . 2008-06-13 21:06 <KANSIO> d-------- C:\Program Files\Yahoo!
    2008-06-11 19:54 . 2008-06-11 19:54 <KANSIO> d-------- C:\Program Files\SlySoft
    2008-06-08 10:40 . 2008-06-27 16:47 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-06-07 12:06 . 2008-06-27 16:44 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-06-07 12:05 . 2008-06-07 12:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-06-07 09:29 . 2008-06-07 09:53 <KANSIO> d-------- C:\Program Files\Winamp Remote
    2008-06-07 09:28 . 2008-06-07 09:30 <KANSIO> d-------- C:\Program Files\Winamp
    2008-06-07 09:28 . 2008-06-07 09:31 <KANSIO> d-------- C:\Documents and Settings\Sami Hilden\Application Data\Winamp
    2008-06-07 08:55 . 2008-06-07 09:54 152 --a------ C:\WINDOWS\ULead32.ini
    2008-06-07 08:55 . 2008-06-07 08:55 24 --a------ C:\WINDOWS\system32\DKRNL.JAX
    2008-06-07 08:54 . 2008-06-30 17:37 <KANSIO> d-------- C:\WINDOWS\Ulead.dat
    2008-06-07 08:54 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-06-06 20:26 . 2008-06-30 17:36 <KANSIO> d-------- C:\WINDOWS\system32\Adobe
    2008-06-06 17:50 . 2008-06-06 17:50 <KANSIO> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-06-06 17:50 . 2005-08-26 12:00 140,288 --a------ C:\WINDOWS\system32\CNMLM78.DLL
    2008-06-06 17:50 . 2005-08-26 12:00 8,704 --a------ C:\WINDOWS\system32\CNMVS78.DLL
    2008-06-06 17:49 . 2008-04-13 21:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-06-06 17:49 . 2008-04-13 21:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-06-05 22:01 . 2008-06-04 00:51 <KANSIO> d--h----- C:\Documents and Settings\Jenni\Verkkoympäristö
    2008-06-05 22:01 . 2008-06-30 17:35 <KANSIO> d-------- C:\Documents and Settings\Jenni\Työpöytä
    2008-06-05 22:01 . 2008-06-04 00:51 <KANSIO> d--h----- C:\Documents and Settings\Jenni\Tulostinympäristö
    2008-06-05 22:01 . 2008-06-05 22:01 <KANSIO> dr------- C:\Documents and Settings\Jenni\Suosikit
    2008-06-05 22:01 . 2008-06-28 22:59 <KANSIO> dr------- C:\Documents and Settings\Jenni\Omat tiedostot
    2008-06-05 22:01 . 2008-06-03 22:23 <KANSIO> d--h----- C:\Documents and Settings\Jenni\Mallit
    2008-06-05 22:01 . 2008-06-04 00:51 <KANSIO> dr------- C:\Documents and Settings\Jenni\Käynnistä-valikko
    2008-06-05 22:01 . 2008-07-01 22:09 <KANSIO> d-------- C:\Documents and Settings\Jenni
    2008-06-05 21:51 . 2008-06-04 00:51 <KANSIO> d--h----- C:\Documents and Settings\Emilia\Verkkoympäristö
    2008-06-05 21:51 . 2008-06-30 17:35 <KANSIO> d-------- C:\Documents and Settings\Emilia\Työpöytä
    2008-06-05 21:51 . 2008-06-04 00:51 <KANSIO> d--h----- C:\Documents and Settings\Emilia\Tulostinympäristö
    2008-06-05 21:51 . 2008-06-05 21:51 <KANSIO> dr------- C:\Documents and Settings\Emilia\Suosikit
    2008-06-05 21:51 . 2008-06-28 19:11 <KANSIO> dr------- C:\Documents and Settings\Emilia\Omat tiedostot
    2008-06-05 21:51 . 2008-06-03 22:23 <KANSIO> d--h----- C:\Documents and Settings\Emilia\Mallit
    2008-06-05 21:51 . 2008-06-04 00:51 <KANSIO> dr------- C:\Documents and Settings\Emilia\Käynnistä-valikko
    2008-06-05 21:51 . 2008-07-01 22:21 <KANSIO> d-------- C:\Documents and Settings\Emilia
    2008-06-05 21:33 . 2008-06-26 21:22 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-06-05 21:00 . 2008-06-04 00:51 <KANSIO> d--h----- C:\Documents and Settings\Pia\Verkkoympäristö
    2008-06-05 21:00 . 2008-06-30 17:35 <KANSIO> d-------- C:\Documents and Settings\Pia\Työpöytä
    2008-06-05 21:00 . 2008-06-04 00:51 <KANSIO> d--h----- C:\Documents and Settings\Pia\Tulostinympäristö
    2008-06-05 21:00 . 2008-06-05 21:01 <KANSIO> dr------- C:\Documents and Settings\Pia\Suosikit
    2008-06-05 21:00 . 2008-06-24 17:43 <KANSIO> dr------- C:\Documents and Settings\Pia\Omat tiedostot
    2008-06-05 21:00 . 2008-06-03 22:23 <KANSIO> d--h----- C:\Documents and Settings\Pia\Mallit
    2008-06-05 21:00 . 2008-06-04 00:51 <KANSIO> dr------- C:\Documents and Settings\Pia\Käynnistä-valikko
    2008-06-05 21:00 . 2008-07-01 22:17 <KANSIO> d-------- C:\Documents and Settings\Pia
    2008-06-05 20:09 . 2008-06-05 20:09 1,409 --a------ C:\WINDOWS\system32\tmp4CDFE.FOT
    2008-06-05 19:59 . 2008-06-05 19:59 <KANSIO> d-------- C:\Program Files\Polar
    2008-06-05 19:49 . 2008-04-14 19:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-06-05 19:49 . 2008-04-14 19:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-06-05 19:49 . 2008-04-14 18:46 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-06-05 19:49 . 2008-04-14 18:46 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-06-05 19:43 . 2008-04-13 21:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-06-05 19:43 . 2008-04-13 21:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-06-05 18:59 . 2008-06-05 18:59 <KANSIO> d-------- C:\Program Files\AC3Filter
    2008-06-05 18:59 . 2007-08-09 14:27 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
    2008-06-05 18:58 . 2008-06-05 18:58 <KANSIO> d-------- C:\Program Files\ffdshow
    2008-06-05 18:58 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
    2008-06-05 18:58 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-06-05 18:58 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-06-05 18:55 . 2008-06-30 17:36 <KANSIO> d-------- C:\WINDOWS\system32\Lang
    2008-06-05 18:36 . 2004-11-17 16:11 9,319,936 --a------ C:\WINDOWS\system32\RTLCPL.EXE
    2008-06-05 18:36 . 2004-11-17 19:05 2,297,664 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2008-06-05 18:36 . 2004-09-07 14:23 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
    2008-06-05 18:36 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
    2008-06-05 18:06 . 2008-06-05 18:06 <KANSIO> d-------- C:\Program Files\Realtek
    2008-06-05 18:05 . 2008-03-05 18:07 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
    2008-06-05 18:05 . 2008-06-05 18:05 315,392 --a------ C:\WINDOWS\HideWin.exe
    2008-06-05 18:01 . 2008-06-05 18:01 <KANSIO> d-------- C:\Program Files\Microsoft Silverlight
    2008-06-05 17:55 . 2008-06-27 12:42 <KANSIO> d-------- C:\Documents and Settings\Sami Hilden\Application Data\Azureus
    2008-06-05 17:55 . 2008-06-05 17:55 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-06-05 17:52 . 2008-06-05 17:52 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-06-05 17:31 . 2008-06-05 17:31 <KANSIO> d-------- C:\Documents and Settings\Sami Hilden\Application Data\Nero
    2008-06-05 17:26 . 2008-06-05 17:26 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-06-05 17:20 . 2008-06-30 17:36 <KANSIO> d-------- C:\WINDOWS\Sun
    2008-06-05 17:20 . 2008-06-18 20:51 <KANSIO> d-------- C:\Program Files\Azureus

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-26 17:25 --------- d-----w C:\Documents and Settings\Sami Hilden\Application Data\Vso
    2008-06-14 17:34 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 17:44 --------- d-----w C:\Documents and Settings\Pia\Application Data\vlc
    2008-06-11 17:24 --------- d-----w C:\Documents and Settings\Sami Hilden\Application Data\vlc
    2008-06-03 19:27 --------- d-----w C:\Program Files\microsoft frontpage
    2008-05-20 14:53 4,800,000 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2008-05-16 11:39 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:12 1,288,704 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-14 16:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-14 16:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-14 16:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
    2008-04-14 16:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
    2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
    2008-04-14 16:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
    2008-04-14 16:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
    2008-04-14 16:09 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
    2008-04-14 16:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
    2008-04-14 15:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-14 15:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-14 15:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-14 15:46 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
    2008-04-14 15:45 80,384 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-14 15:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-14 15:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-14 15:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-14 15:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-14 15:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
    2008-04-14 06:12 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
    2008-04-14 06:11 992,256 ----a-w C:\WINDOWS\system32\setupapi.dll
    2008-04-14 06:11 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
    2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
    2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
    2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
    2008-04-13 18:40 440,832 ----a-w C:\WINDOWS\system32\xpob2res.dll
    2008-04-13 18:36 2,921,984 ----a-w C:\WINDOWS\system32\xpsp2res.dll
    2008-04-13 18:35 186,368 ----a-w C:\WINDOWS\system32\xpsp1res.dll
    2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
    2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
    2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
    2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
    2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
    2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
    2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
    2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
    2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
    2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 12:39 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-13 20:44 95848]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-10-14 06:02 134856]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
    "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
    "SoundMan"="SOUNDMAN.EXE" [2006-07-21 16:14 86016 C:\WINDOWS\SoundMan.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 19:12 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:12 15360]

    C:\Documents and Settings\Emilia\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    OneNote 2007 -n„ytt”leikkeet ja Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

    C:\Documents and Settings\Sami Hilden\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    OneNote 2007 -n„ytt”leikkeet ja Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"=
    "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "D:\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12ab0e8-31b5-11dd-bc3f-806d6172696f}]
    \Shell\AutoRun\command - D:\setup.exe

    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{5734C3B8-F225-4C5D-9DCD-CACE520D32F1} - C:\WINDOWS\system32\yayyXRJC.dll
    HKCU-Run-Polar Sync - (no file)


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-03 17:00:09
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
    .
    Completion time: 2008-07-03 17:00:31
    ComboFix-quarantined-files.txt 2008-07-03 14:00:29

    Pre-Run: 88,344,563,712 tavua vapaana
    Post-Run: 88,578,981,888 tavua vapaana

    283 --- E O F --- 2008-06-25 07:53:30

    *****************
    ja tässä Malwarebytes

    Malwarebytes' Anti-Malware 1.19
    Tietokantaversio: 918
    Windows 5.1.2600 Service Pack 3

    16:44:37 3.7.2008
    mbam-log-7-3-2008 (16-44-37).txt

    Tarkistustyyppi: Pikatarkistus
    Tarkistetut kohteet: 50325
    Kulunut aika: 3 minute(s), 41 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 4
    Saastuneita rekisteriarvoja: 2
    Saastuneita rekisterikohteita: 0
    Saastuneita hakemistoja: 0
    Saastuneita tiedostoja: 9

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d554a583-d4cf-4a6f-b07a-cb25f60fa743} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6be6d6af (Trojan.Agent) -> Quarantined and deleted successfully.

    Saastuneita rekisterikohteita:
    (Haitallisia kohteita ei löydetty)

    Saastuneita hakemistoja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita tiedostoja:
    C:\WINDOWS\system32\kfamifct.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tcfimafk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXQKebC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfETnli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfFYstS.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqOExvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUomllK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Emilia\Local Settings\Temp\axixjsdr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dxgsdpcp.dll (Trojan.Agent) -> Delete on reboot.

    *********************
    ja tuorein hjt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:16:13, on 3.7.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212549411380
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://siirtotie.fi/Common/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F86713C-8038-41EF-B72B-2D8C124BEDB6}: NameServer = 193.229.0.40,193.229.0.42
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 6223 bytes



     
    sammy72, Jul 3, 2008
    #3
  4. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Tämähän tuli puhtaaksi !!!

    Roskat vain pois:
    ******************************************
    Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
    *************************************************************
    ******************************************
    Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
    **********************************************************
    :D
     
    kalminen, Jul 3, 2008
    #4
  5. sammy72

    sammy72 Member

    Joined:
    Mar 23, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Kiitos oikein paljon avusta ;)
     
    sammy72, Jul 3, 2008
    #5

Share This Page