Trojan.Virtumonde / Lowzones ? Auttakaa

OmenaOlli · Jun 16, 2008

Joo elikkäs kone on heittänyt yhtäkkiä niin samperin hitaaks ja joo on tullut yritettyä kaikenmaailman spydoctoreja / botteja sun muita , mutta mikään ei näytä tepsivän.

Tässä ois tuo hijackin logfile :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:33, on 16.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\Spy Doc\Spyware Doctor\pctsAuxs.exe
D:\Spy Doc\Spyware Doctor\pctsSvc.exe
D:\Spy Doc\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {869585C1-7246-46F6-A6C9-1A7444387949} - C:\WINDOWS\system32\mlJBQiIb.dll (file missing)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7ab57fe7-71bb-c8d9-f084-7056e930f04c} - {c40f039e-6507-480f-9d8c-bb177ef75ba7} - C:\WINDOWS\system32\hsgvsscj.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISTray] "D:\Spy Doc\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM4bb9a0f4] Rundll32.exe "C:\WINDOWS\system32\ngmoxmcp.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Spy Doc\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Spy Doc\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10561 bytes

-------------------------- A-u-t-t-a-k-a-a =) -------------------

kalminen · Jun 16, 2008

Täällä on viruksia joita vanha Java on vuotanut koneelle.

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
(Windows Vista: Käynnistä -> [kirjoita hakukenttään] Ohjelmat ja toiminnot ja Enter)

2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 6

Paina Download

Laita Platform -kohtaan Windows

Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue

Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:

* Applications and Applets

* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically

Valitse Never check

11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

------------------------------------------------------------------------------

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

------------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\system32\mlJBQiIb.dll
C:\WINDOWS\system32\hsgvsscj.dll
C:\WINDOWS\system32\ngmoxmcp.dll

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

-----------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {869585C1-7246-46F6-A6C9-1A7444387949} - C:\WINDOWS\system32\mlJBQiIb.dll (file missing)
O2 - BHO: {7ab57fe7-71bb-c8d9-f084-7056e930f04c} - {c40f039e-6507-480f-9d8c-bb177ef75ba7} - C:\WINDOWS\system32\hsgvsscj.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BM4bb9a0f4] Rundll32.exe "C:\WINDOWS\system32\ngmoxmcp.dll",s

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
*

OmenaOlli · Jun 17, 2008

Kaikki menivät aivan nappiin (luultavasti )=) Ainoa kohta joka poikkesia ohjeista oli se etten löytäny HiJackillä kahta listaamaasi judanssia joten ne jäivät poistamatta. ( 1. : O2 - BHO: {7ab57fe7-71bb-c8d9-f084-7056e930f04c} - {c40f039e-6507-480f-9d8c-bb177ef75ba7} - C:\WINDOWS\system32\hsgvsscj.dll ja toinen oli 2. : O4 - HKLM\..\Run: [BM4bb9a0f4] Rundll32.exe "C:\WINDOWS\system32\ngmoxmcp.dll",s )

Kone tuntuu mielestäni todella paljon nopeammalta ja siitä iso kiitos =)

Tässä olisi vielä nämä logit oikeassa järjestyksessä :

HijackLogi :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:28, on 17.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Spy Doc\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Spy Doc\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9440 bytes

--------------------------------------------------------------------

ComboLogi :

ComboFix 08-06-15.4 - Sikamies 2008-06-17 17:03:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.553 [GMT 3:00]
Running from: C:\Documents and Settings\Sikamies\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sikamies\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\hsgvsscj.dll
C:\WINDOWS\system32\mlJBQiIb.dll
C:\WINDOWS\system32\ngmoxmcp.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aterjnno.dll
C:\WINDOWS\system32\bhasmqlo.ini
C:\WINDOWS\system32\bIiQBJlm.ini
C:\WINDOWS\system32\bIiQBJlm.ini2
C:\WINDOWS\system32\dcbddfii.ini
C:\WINDOWS\system32\dcbddfii.ini2
C:\WINDOWS\system32\djqwvnyb.dll
C:\WINDOWS\system32\dylpyelu.ini
C:\WINDOWS\system32\esjdtuiw.ini
C:\WINDOWS\system32\gfkiubpr.ini
C:\WINDOWS\system32\hljwgweq.dll
C:\WINDOWS\system32\hmcvhyfu.ini
C:\WINDOWS\system32\hsgvsscj.dll
C:\WINDOWS\system32\kxqndwjr.dll
C:\WINDOWS\system32\lxoqkeom.dll
C:\WINDOWS\system32\mlhqiufq.ini
C:\WINDOWS\system32\nxssdkwk.dll
C:\WINDOWS\system32\oambrowx.dll
C:\WINDOWS\system32\ptggovem.dll
C:\WINDOWS\system32\ptiwyooq.dll
C:\WINDOWS\system32\qhsacsgs.ini
C:\WINDOWS\system32\rjxfwwmk.dll
C:\WINDOWS\system32\rqykdnra.ini
C:\WINDOWS\system32\slakjurh.ini
C:\WINDOWS\system32\ulcirmfc.dll
C:\WINDOWS\system32\wfsshckm.ini
C:\WINDOWS\system32\whbqkyau.dll
C:\WINDOWS\system32\wktnxcen.dll
C:\WINDOWS\system32\vpcaxvyb.ini
C:\WINDOWS\system32\vqbuinit.dll
C:\WINDOWS\system32\xngvekfk.ini
C:\WINDOWS\system32\yijnuhmm.ini

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-17 to 2008-06-17 )))))))))))))))))
.

2008-06-17 16:16 . 2008-06-17 16:16 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 16:16 . 2008-06-17 16:16 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\Malwarebytes
2008-06-17 16:16 . 2008-06-17 16:16 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-17 16:16 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 16:16 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 16:06 . 2008-06-17 16:06 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-17 16:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 19:54 . 2008-06-16 19:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-16 19:31 . 2008-06-16 19:31 <KANSIO> d-------- C:\Program Files\Enigma Software Group
2008-06-14 22:58 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 22:58 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 20:24 . 2008-06-13 20:24 <KANSIO> d-------- C:\VundoFix Backups
2008-06-13 20:16 . 2008-06-13 20:36 <KANSIO> d-------- C:\Documents and Settings\LocalService\Ty”p”yt„
2008-06-13 19:38 . 2008-06-13 19:38 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\PC Tools
2008-06-13 19:38 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-13 19:38 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-13 19:38 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-13 19:38 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-10 15:44 . 2008-06-10 15:44 <KANSIO> d-------- C:\WINDOWS\wb
2008-06-04 13:18 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-03 21:54 . 2008-06-03 21:54 <KANSIO> dr------- C:\Documents and Settings\LocalService\Suosikit
2008-06-03 21:44 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-03 21:44 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-03 21:44 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-03 21:44 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-03 21:34 . 2008-06-17 16:15 <KANSIO> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-03 12:10 . 2008-06-04 12:10 1,426 ---hs---- C:\WINDOWS\system32\ircdvcya.ini
2008-06-02 16:34 . 2008-06-03 12:08 1,186 ---hs---- C:\WINDOWS\system32\soiafflu.ini
2008-06-02 16:12 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-06-02 16:12 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-06-02 15:58 . 2008-06-02 15:58 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\InstallShield
2008-06-02 11:09 . 2008-06-02 11:09 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\Nokia Multimedia Player
2008-06-02 11:09 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-02 11:09 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-02 11:08 . 2008-06-02 11:08 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-02 11:08 . 2008-06-02 11:08 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-02 11:07 . 2008-06-02 11:09 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\PC Suite
2008-06-02 11:07 . 2008-06-02 11:09 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\Nokia
2008-06-02 11:07 . 2008-06-02 11:07 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\Nokia
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\DIFX
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-02 11:06 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-02 11:06 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-02 11:06 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-06-02 11:06 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-02 11:06 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-02 11:06 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-02 11:06 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-02 11:06 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-02 11:05 . 2008-06-02 11:05 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-05-31 17:22 . 2008-06-02 16:31 1,066 ---hs---- C:\WINDOWS\system32\qedfyuaj.ini
2008-05-30 17:15 . 2008-05-31 17:17 654 ---hs---- C:\WINDOWS\system32\shukgigy.ini
2008-05-29 17:19 . 2008-05-30 12:42 534 ---hs---- C:\WINDOWS\system32\jjvpufbp.ini
2008-05-28 17:20 . 2008-05-29 10:17 414 ---hs---- C:\WINDOWS\system32\xvnvagbp.ini
2008-05-27 13:24 . 2008-05-27 13:24 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-05-27 13:24 . 2008-05-27 13:24 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-27 13:24 . 2008-05-27 13:24 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-26 14:29 . 2008-05-26 14:29 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-05-26 14:28 . 2008-05-26 14:28 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-05-25 02:12 . 2008-06-15 21:02 48 --a------ C:\WINDOWS\BM4bb9a0f4.xml
2008-05-21 23:34 . 2008-05-21 23:34 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-20 22:45 . 2008-05-20 22:45 <KANSIO> d--h----- C:\WINDOWS\PIF
2008-05-19 21:25 . 2008-05-19 21:25 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\InstallShield Installation Information
2008-05-17 00:50 . 2008-05-17 00:50 <KANSIO> d-------- C:\Program Files\directx

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 13:58 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\Skype
2008-06-17 13:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-17 13:06 --------- d-----w C:\Program Files\Java
2008-06-17 12:14 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\skypePM
2008-06-16 18:50 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\uTorrent
2008-06-13 21:03 --------- d-----w C:\Program Files\Webteh
2008-06-13 16:07 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-09 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 14:05 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\Apple Computer
2008-06-03 21:55 --------- d-----w C:\Program Files\mIRC
2008-05-30 18:33 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\mIRC
2008-05-27 13:58 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-27 13:58 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-27 05:14 --------- d-----w C:\Program Files\AdVantage
2008-05-26 11:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 20:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-14 19:49 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-14 19:48 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\Nero
2008-05-14 19:47 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-14 19:45 --------- d-----w C:\Program Files\Nero
2008-05-14 19:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-09 07:07 --------- d-----w C:\Program Files\RevConnect
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 12:04 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\Ventrilo
2008-05-03 12:03 --------- d-----w C:\Program Files\Ventrilo
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 12:11 --------- d-----w C:\Program Files\QuickTime
2008-04-27 12:11 --------- d-----w C:\Program Files\iTunes
2008-04-27 12:11 --------- d-----w C:\Program Files\iPod
2008-04-27 12:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-04-27 12:10 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-27 12:10 --------- d-----w C:\Program Files\Apple Software Update
2008-04-27 12:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-22 11:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Symantec
2008-04-17 15:34 --------- d-----w C:\Program Files\Canon
2008-04-17 15:30 --------- d-----w C:\Program Files\Common Files\Canon
2008-04-09 19:57 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
2008-04-08 16:22 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-08 12:40 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-04-08 08:19 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-08 08:19 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 16:52 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-03-24 08:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{869585C1-7246-46F6-A6C9-1A7444387949}]
C:\WINDOWS\system32\mlJBQiIb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:00 58728]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-08 16:55 100056]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 02:14 576320]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 12:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-06-12 17:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 17:00:31 C:\WINDOWS\Tasks\Norton AntiVirus - Tarkista tietokone - Sikamies.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exep/task:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 17:06:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-17 17:15:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 14:15:50

Pre-Run: 56,627,937,280 tavua vapaana
Post-Run: 58,027,679,744 tavua vapaana

283 --- E O F --- 2008-06-15 19:29:00

--------------------------------------------------------------------

MalwareLogi :

Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 863

16:47:06 17.6.2008
mbam-log-6-17-2008 (16-47-06).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 82598
Kulunut aika: 28 minute(s), 43 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 2
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 30

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM4bb9a0f4 (Trojan.Agent) -> Delete on reboot.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\WINDOWS\system32\rbpiahkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wkhaipbr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sikamies\Local Settings\Temporary Internet Files\Content.IE5\1TVE9EPM\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sikamies\Local Settings\Temporary Internet Files\Content.IE5\KNBIZ84U\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sikamies\Local Settings\Temporary Internet Files\Content.IE5\TLBDCGGN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP72\A0013813.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP74\A0014928.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP74\A0015025.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP74\A0015026.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP74\A0015027.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP74\A0015028.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP78\A0016526.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP81\A0017526.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP83\A0018553.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP83\A0018555.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP83\A0018557.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP83\A0018562.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP83\A0018563.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP85\A0021618.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP85\A0023682.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP87\A0026773.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP91\A0030435.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP92\A0031473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP92\A0034543.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP92\A0036578.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8C7762CA-B425-4D05-B04E-66EEE3C3347F}\RP93\A0040627.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJASjJd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plensxrp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ngmoxmcp.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

-------------------------------------------------------------------

No miltäs näyttää =)? ja vielä kerran iso kiitos valtavasta avunannosta !

kalminen · Jun 17, 2008

Hienosti toimittu !!!

Roskia vain pois:

******************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
*********************************************************************

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\system32\mlJBQiIb.dll
Folder::
C:\Program Files\AdVantage
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{869585C1-7246-46F6-A6C9-1A7444387949}]

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Lähetä (C:\ComboFix.txt) raportti varmuudeksi.
.

OmenaOlli · Jun 17, 2008

Hommat hoidettu , kaikki menivät nappiin.

Tässä olisi vielä tämä logi :

ComboFix 08-06-15.4 - Sikamies 2008-06-17 18:26:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.535 [GMT 3:00]
Running from: C:\Documents and Settings\Sikamies\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sikamies\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\mlJBQiIb.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AdVantage
C:\Program Files\AdVantage\user.db

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-17 to 2008-06-17 )))))))))))))))))
.

2008-06-17 16:16 . 2008-06-17 16:16 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 16:16 . 2008-06-17 16:16 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\Malwarebytes
2008-06-17 16:16 . 2008-06-17 16:16 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-17 16:16 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 16:16 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 16:06 . 2008-06-17 16:06 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-17 16:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 19:54 . 2008-06-16 19:54 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-16 19:31 . 2008-06-16 19:31 <KANSIO> d-------- C:\Program Files\Enigma Software Group
2008-06-14 22:58 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 22:58 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 20:24 . 2008-06-13 20:24 <KANSIO> d-------- C:\VundoFix Backups
2008-06-13 20:16 . 2008-06-13 20:36 <KANSIO> d-------- C:\Documents and Settings\LocalService\Työpöytä
2008-06-13 19:38 . 2008-06-13 19:38 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\PC Tools
2008-06-13 19:38 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-13 19:38 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-13 19:38 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-13 19:38 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-10 15:44 . 2008-06-10 15:44 <KANSIO> d-------- C:\WINDOWS\wb
2008-06-04 13:18 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-03 21:54 . 2008-06-03 21:54 <KANSIO> dr------- C:\Documents and Settings\LocalService\Suosikit
2008-06-03 21:44 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-03 21:44 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-03 21:44 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-03 21:44 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-03 21:34 . 2008-06-17 16:15 <KANSIO> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-03 12:10 . 2008-06-04 12:10 1,426 ---hs---- C:\WINDOWS\system32\ircdvcya.ini
2008-06-02 16:34 . 2008-06-03 12:08 1,186 ---hs---- C:\WINDOWS\system32\soiafflu.ini
2008-06-02 16:12 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-06-02 16:12 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-06-02 15:58 . 2008-06-02 15:58 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\InstallShield
2008-06-02 11:09 . 2008-06-02 11:09 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\Nokia Multimedia Player
2008-06-02 11:09 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-02 11:09 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-02 11:08 . 2008-06-02 11:08 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-02 11:08 . 2008-06-02 11:08 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-02 11:07 . 2008-06-02 11:09 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\PC Suite
2008-06-02 11:07 . 2008-06-02 11:09 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\Nokia
2008-06-02 11:07 . 2008-06-02 11:07 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\Nokia
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\DIFX
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-06-02 11:06 . 2008-06-02 11:06 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-06-02 11:06 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-02 11:06 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-02 11:06 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-06-02 11:06 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-02 11:06 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-02 11:06 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-02 11:06 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-02 11:06 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-02 11:05 . 2008-06-02 11:05 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-05-31 17:22 . 2008-06-02 16:31 1,066 ---hs---- C:\WINDOWS\system32\qedfyuaj.ini
2008-05-30 17:15 . 2008-05-31 17:17 654 ---hs---- C:\WINDOWS\system32\shukgigy.ini
2008-05-29 17:19 . 2008-05-30 12:42 534 ---hs---- C:\WINDOWS\system32\jjvpufbp.ini
2008-05-28 17:20 . 2008-05-29 10:17 414 ---hs---- C:\WINDOWS\system32\xvnvagbp.ini
2008-05-27 13:24 . 2008-05-27 13:24 <KANSIO> d-------- C:\WINDOWS\system32\Lang
2008-05-27 13:24 . 2008-05-27 13:24 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-27 13:24 . 2008-05-27 13:24 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-26 14:29 . 2008-05-26 14:29 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-05-26 14:28 . 2008-05-26 14:28 <KANSIO> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-05-25 02:12 . 2008-06-15 21:02 48 --a------ C:\WINDOWS\BM4bb9a0f4.xml
2008-05-21 23:34 . 2008-05-21 23:34 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-20 22:45 . 2008-05-20 22:45 <KANSIO> d--h----- C:\WINDOWS\PIF
2008-05-19 21:25 . 2008-05-19 21:25 <KANSIO> d-------- C:\Documents and Settings\Sikamies\Application Data\InstallShield Installation Information
2008-05-17 00:50 . 2008-05-17 00:50 <KANSIO> d-------- C:\Program Files\directx

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 15:22 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\Skype
2008-06-17 13:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-17 13:06 --------- d-----w C:\Program Files\Java
2008-06-17 12:14 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\skypePM
2008-06-16 18:50 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\uTorrent
2008-06-13 21:03 --------- d-----w C:\Program Files\Webteh
2008-06-13 16:07 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-09 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 14:05 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\Apple Computer
2008-06-03 21:55 --------- d-----w C:\Program Files\mIRC
2008-05-30 18:33 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\mIRC
2008-05-27 13:58 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-27 13:58 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-26 11:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 20:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-14 19:49 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-14 19:48 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\Nero
2008-05-14 19:47 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-14 19:45 --------- d-----w C:\Program Files\Nero
2008-05-14 19:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-09 07:07 --------- d-----w C:\Program Files\RevConnect
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 12:04 --------- d-----w C:\Documents and Settings\Sikamies\Application Data\Ventrilo
2008-05-03 12:03 --------- d-----w C:\Program Files\Ventrilo
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 12:11 --------- d-----w C:\Program Files\QuickTime
2008-04-27 12:11 --------- d-----w C:\Program Files\iTunes
2008-04-27 12:11 --------- d-----w C:\Program Files\iPod
2008-04-27 12:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-04-27 12:10 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-27 12:10 --------- d-----w C:\Program Files\Apple Software Update
2008-04-27 12:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-22 11:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Symantec
2008-04-17 15:34 --------- d-----w C:\Program Files\Canon
2008-04-17 15:30 --------- d-----w C:\Program Files\Common Files\Canon
2008-04-09 19:57 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
2008-04-08 16:22 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-08 12:40 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-04-08 08:19 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-08 08:19 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 16:52 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-03-24 08:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-17_17.10.28.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 14:06:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 14:25:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:00 58728]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-08 16:55 100056]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 02:14 576320]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 12:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\All Users.WINDOWS\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-10 20:46:12 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-12 17:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 17:00:31 C:\WINDOWS\Tasks\Norton AntiVirus - Tarkista tietokone - Sikamies.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exep/task:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 18:27:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 18:28:21
ComboFix-quarantined-files.txt 2008-06-17 15:28:14
ComboFix2.txt 2008-06-17 14:16:00

Pre-Run: 58,003,619,840 tavua vapaana
Post-Run: 57,994,076,160 tavua vapaana

209 --- E O F --- 2008-06-15 19:29:00

---------------------------------------------------------------------

Kiitos aivan jumalattomasti vaivannäöstä !

kalminen · Jun 17, 2008

Puhdasta tuli !!!

******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
***************************************************************************

Puhdasta kesää sinne

OmenaOlli · Jun 17, 2008

Mahtavaa !

Kiitos kiios ja vielä kerran kiitos , Hyviä kesiä vaan sinnekkin =)

Log in or Sign up

Trojan.Virtumonde / Lowzones ? Auttakaa

OmenaOlli Member

kalminen Regular member

OmenaOlli Member

kalminen Regular member

OmenaOlli Member

kalminen Regular member

OmenaOlli Member

Share This Page

Log in or Sign up

Trojan.Virtumonde / Lowzones ? Auttakaa

OmenaOlli Member

kalminen Regular member

OmenaOlli Member

kalminen Regular member

OmenaOlli Member

kalminen Regular member

OmenaOlli Member

Share This Page

Useful Searches