Työpöydällä kaksi outoa pikakuvaketta ja oikeassa alakulmassa varoituskolmio

Joo sama sonta minunkin koneella kuin täällä:

http://keskustelu.afterdawn.com/thread_view.cfm/376088

Mutta pistän Hijackin ja Smithfraudin tähän nii jos joku "viisaampi" katsoo, jos voisi samaa ohjetta käyttää

-------------------------------------------------------

SmitFraudFix v2.254

Scan done at 12:03:01,04, su 25.11.2007
Run from C:\Documents and Settings\Juuso\Ty”p”yt„\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\ymjjtphr.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Juuso


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Juuso\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Juuso\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{74F6E567-7F8B-4EAB-B797-057907B22EC6}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{74F6E567-7F8B-4EAB-B797-057907B22EC6}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{74F6E567-7F8B-4EAB-B797-057907B22EC6}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

-----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:34, on 25.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\ymjjtphr.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mjopdrjh.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [f4a1972b] rundll32.exe "C:\WINDOWS\system32\qkxbkuxf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ymjjtphr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7766 bytes

 

moi

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


Lähetä C:\ComboFix.txt ja uusi hjt-loki

 

Tässä molemmat:

-----------------------------------

ComboFix 07-11-19.3 - Juuso 2007-11-25 20:24:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.651 [GMT 2:00]
Running from: C:\Documents and Settings\Juuso\Työpöytä\ComboFix.exe
* Created a new restore point
.

Systeemioikeuksien saaminen epäonnistui

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Käynnistä-valikko\Live Safety Center.lnk
C:\Documents and Settings\All Users\Käynnistä-valikko\Online Security Guide.lnk
C:\Documents and Settings\Juuso\Suosikit\Online Security Guide.lnk
C:\Documents and Settings\Juuso\Työpöytä\Live Safety Center.lnk
C:\Documents and Settings\Juuso\Työpöytä\Online Security Guide.lnk
C:\WINDOWS\SYSTEM32\jjjlm.ini
C:\WINDOWS\SYSTEM32\jjjlm.ini2
C:\WINDOWS\system32\mjopdrjh.dllbox
C:\WINDOWS\system32\mljjj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-10-25 to 2007-11-25 )))))))))))))))))
.

2007-11-25 20:42 20,608 ---hs---- C:\WINDOWS\SYSTEM32\mjopdrjh.dllbox
2007-11-25 12:06 <KANSIO> d-------- C:\hjt
2007-11-25 11:37 775,952 ---hs---- C:\WINDOWS\SYSTEM32\fxukbxkq.ini
2007-11-25 11:37 85,056 --a------ C:\WINDOWS\SYSTEM32\qkxbkuxf.dll
2007-11-25 11:31 79,936 --a------ C:\WINDOWS\SYSTEM32\hpdjxaea.dll
2007-11-25 11:28 145,984 --a------ C:\WINDOWS\SYSTEM32\mjopdrjh.dll
2007-11-25 11:28 145,984 --a------ C:\WINDOWS\SYSTEM32\jobhiqsk.dll
2007-11-23 08:49 71,232 --a------ C:\WINDOWS\SYSTEM32\bmttvqcb.exe
2007-11-22 16:44 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-22 16:43 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-22 16:37 35,840 --a------ C:\WINDOWS\SYSTEM32\rqrrpqp.dll
2007-11-10 19:19 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\PC Suite
2007-10-28 20:52 <KANSIO> d-------- C:\Program Files\SiSoftware
2007-10-26 17:20 <KANSIO> d-------- C:\Documents and Settings\Juuso\Application Data\Nokia

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 09:25 71,232 ----a-w C:\WINDOWS\SYSTEM32\ymjjtphr.exe
2007-11-23 07:01 --------- d-----w C:\Program Files\RegClean
2007-11-23 06:52 83,520 ----a-w C:\WINDOWS\SYSTEM32\wqnepdyf.dll
2007-11-23 06:47 145,984 ----a-w C:\WINDOWS\SYSTEM32\wlblwdps.dll
2007-11-22 15:16 --------- d-----w C:\Program Files\DC++
2007-11-22 14:46 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-23 06:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-17 14:25 --------- d-----w C:\Program Files\Opera
2007-10-10 16:56 --------- d-----w C:\Documents and Settings\Juuso\Application Data\CyberLink
2007-10-09 14:09 98,304 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-10-05 18:48 --------- d-----w C:\Program Files\Belkin_Bluetooth
2007-10-04 18:58 --------- d-----w C:\Program Files\TeleWell
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2004-11-08 16:38 56 -csh--r C:\WINDOWS\SYSTEM32\53EF8AD43D.sys
.

(((((((((((((((((((((((((((((( Rekisterin k&#8222;ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji&#8222; arvoja ja laillisia oletusarvoja ei n&#8222;ytet&#8222;

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E00092-5539-4661-9B61-3A66FC0D772E}]
2007-11-22 16:37 35840 --a------ C:\WINDOWS\system32\rqrrpqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93347E49-534E-402A-9870-C158DB2669D8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-25 11:28 145984 --a------ C:\WINDOWS\system32\mjopdrjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f7b032da-8f71-4e44-acd4-43c8ba153452}]
2007-11-25 11:31 79936 --a------ C:\WINDOWS\system32\hpdjxaea.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\mjopdrjh.dll [2007-11-25 11:28 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\mjopdrjh.dll [2007-11-25 11:28 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 17:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 17:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 17:10]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-02-01 17:47]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-15 01:12 C:\WINDOWS\SYSTEM32\rundll32.exe]
"f4a1972b"="C:\WINDOWS\system32\qkxbkuxf.dll" [2007-11-25 11:37]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{73E00092-5539-4661-9B61-3A66FC0D772E}"= C:\WINDOWS\system32\rqrrpqp.dll [2007-11-22 16:37 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ipitehib]
ipitehib.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mjopdrjh]
mjopdrjh.dll 2007-11-25 11:28 145984 C:\WINDOWS\SYSTEM32\mjopdrjh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrpqp]
rqrrpqp.dll 2007-11-22 16:37 35840 C:\WINDOWS\SYSTEM32\rqrrpqp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-03-14 11:38 335970 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe -osboot

S3 ldiskl;ldiskl;\??\C:\DOCUME~1\Juuso\LOCALS~1\Temp\ldiskl.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 20:42:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 20:48:18 - machine was rebooted
.
--- E O F ---


---------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:19, on 25.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mjopdrjh.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [f4a1972b] rundll32.exe "C:\WINDOWS\system32\qkxbkuxf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7494 bytes

 

ja sitten....

Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.


Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
*Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
*Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
*Käynnistä AVG Anti-Spyware.
*Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
*Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

*Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
*Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
*Sitten "Reports" valikon alta:
*Ota täppi pois kohdasta"Automatically generate report after every scan"
*Ota täppi pois kohdasta"Only if threats were found

*Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
*"Resident shield is", muuta tila active:sta inactive:ksi
*Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, Ohje!



HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
*Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
*Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
*AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
*Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
*Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

*Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
*Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
*Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

Lähetä combofix.txt ja avg-loki ja uusi hjt-loki

 

Jeps

<<------------------------------------------------------------------->>

ComboFix 07-11-19.3 - Juuso 2007-11-25 22:03:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.643 [GMT 2:00]
Running from: C:\Documents and Settings\Juuso\Työpöytä\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\bmttvqcb.exe
C:\WINDOWS\SYSTEM32\fxukbxkq.ini
C:\WINDOWS\SYSTEM32\hpdjxaea.dll
C:\WINDOWS\SYSTEM32\jobhiqsk.dll
C:\WINDOWS\SYSTEM32\mjopdrjh.dll
C:\WINDOWS\SYSTEM32\mjopdrjh.dllbox
C:\WINDOWS\SYSTEM32\qkxbkuxf.dll
C:\WINDOWS\SYSTEM32\rqrrpqp.dll
C:\WINDOWS\SYSTEM32\wlblwdps.dll
C:\WINDOWS\SYSTEM32\wqnepdyf.dll
C:\WINDOWS\SYSTEM32\ymjjtphr.exe
.

Systeemioikeuksien saaminen epäonnistui

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Käynnistä-valikko\Live Safety Center.lnk
C:\Documents and Settings\All Users\Käynnistä-valikko\Online Security Guide.lnk
C:\Documents and Settings\Juuso\Suosikit\Online Security Guide.lnk
C:\Documents and Settings\Juuso\Työpöytä\Live Safety Center.lnk
C:\Documents and Settings\Juuso\Työpöytä\Online Security Guide.lnk
C:\WINDOWS\SYSTEM32\bmttvqcb.exe
C:\WINDOWS\SYSTEM32\fxukbxkq.ini
C:\WINDOWS\SYSTEM32\hpdjxaea.dll
C:\WINDOWS\SYSTEM32\jobhiqsk.dll
C:\WINDOWS\SYSTEM32\mjopdrjh.dll
C:\WINDOWS\SYSTEM32\mjopdrjh.dllbox
C:\WINDOWS\SYSTEM32\pqtss.ini
C:\WINDOWS\SYSTEM32\pqtss.ini2
C:\WINDOWS\SYSTEM32\qkxbkuxf.dll
C:\WINDOWS\SYSTEM32\rqrrpqp.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\SYSTEM32\wlblwdps.dll
C:\WINDOWS\SYSTEM32\wqnepdyf.dll
C:\WINDOWS\SYSTEM32\ymjjtphr.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikav&#8222;lill&#8222;: 2007-10-25 to 2007-11-25 )))))))))))))))))
.

2007-11-25 21:53 87,191,372 --a------ C:\rekisteritietoja.reg
2007-11-25 12:06 <KANSIO> d-------- C:\hjt
2007-11-25 12:03 2,088 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-25 12:03 0 --a------ C:\WINDOWS\SYSTEM32\tmp.txt
2007-11-22 16:44 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-22 16:43 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-10 19:19 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\PC Suite
2007-10-28 20:52 <KANSIO> d-------- C:\Program Files\SiSoftware
2007-10-26 17:20 <KANSIO> d-------- C:\Documents and Settings\Juuso\Application Data\Nokia

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 07:01 --------- d-----w C:\Program Files\RegClean
2007-11-22 15:16 --------- d-----w C:\Program Files\DC++
2007-11-22 14:46 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-23 06:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-17 14:25 --------- d-----w C:\Program Files\Opera
2007-10-10 16:56 --------- d-----w C:\Documents and Settings\Juuso\Application Data\CyberLink
2007-10-05 18:48 --------- d-----w C:\Program Files\Belkin_Bluetooth
2007-10-04 18:58 --------- d-----w C:\Program Files\TeleWell
2004-11-08 16:38 56 -csh--r C:\WINDOWS\SYSTEM32\53EF8AD43D.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-25_20.44.43.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-25 20:18:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b4.dat
.
(((((((((((((((((((((((((((((( Rekisterin k&#8222;ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji&#8222; arvoja ja laillisia oletusarvoja ei n&#8222;ytet&#8222;

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93347E49-534E-402A-9870-C158DB2669D8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 17:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 17:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 17:10]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-02-01 17:47]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-15 01:12 C:\WINDOWS\SYSTEM32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-03-14 11:38 335970 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe -osboot

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 ldiskl;ldiskl;\??\C:\DOCUME~1\Juuso\LOCALS~1\Temp\ldiskl.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 22:19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 22:21:51 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-25 20:48
.
--- E O F ---

<<---------------------------------------------------------------------->>

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:11:45 26.11.2007

+ Scan result:



C:\Pelit\LucasArts\Monkey 4\monkey_crk.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Hanna\Cookies\hanna@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.7:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.8:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
C:\RECYCLER\NPROTECT\00100612.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00100613.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00100620.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00100621.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00100625.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00100626.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00100632.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00100633.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00100647.TXT -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\NPROTECT\00100648.TXT -> TrackingCookie.Adserver : Cleaned.
:mozilla.14:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\3w7qjfdy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\3w7qjfdy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\3w7qjfdy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\3w7qjfdy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Juuso\Cookies\juuso@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Juuso\Cookies\juuso@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00100396.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100397.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100405.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100582.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100583.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100584.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100604.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100605.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100606.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100609.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100610.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100611.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100622.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100623.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100624.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100634.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100635.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100636.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100644.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100645.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100646.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100670.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100671.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100672.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100681.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100682.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100683.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100693.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100694.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100695.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100698.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100699.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100700.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100704.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100705.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100706.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100710.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100711.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100712.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100717.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100718.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100719.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100723.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100724.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100725.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100740.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100741.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100742.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100752.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100753.TXT -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\NPROTECT\00100754.TXT -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.27:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.37:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Hanna\Cookies\hanna@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.27:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100398.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100401.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100402.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100403.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100404.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100503.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100504.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100517.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100518.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100528.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100529.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100530.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100531.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100532.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100533.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100535.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100536.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100538.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100539.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100541.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100542.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100547.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100548.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100549.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100550.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100555.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100556.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100557.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100558.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100560.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100561.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100565.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100566.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100568.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100569.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100571.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100572.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100587.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100588.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100591.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100592.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100593.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100594.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100602.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100603.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100608.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100615.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100616.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100628.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100629.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100638.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100639.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100650.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100651.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100661.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100662.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100663.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100664.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100665.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100666.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100668.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100669.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100686.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100687.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100691.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100692.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100702.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100703.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100715.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100716.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100727.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100728.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100744.TXT -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\NPROTECT\00100745.TXT -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.24:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.94:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.95:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.96:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\RECYCLER\NPROTECT\00100552.TXT -> TrackingCookie.Liveperson : Cleaned.
:mozilla.91:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.25:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.26:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.98:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.99:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.102:C:\Documents and Settings\Hanna\Application Data\Mozilla\Firefox\Profiles\78prd81f.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.55:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.6:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\3w7qjfdy.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Juuso\Cookies\juuso@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.10:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.11:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.12:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.13:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.8:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.9:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\NPROTECT\00100551.TXT -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.28:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.33:C:\Documents and Settings\Juuso\Application Data\Mozilla\Firefox\Profiles\9bxufjxv.Oletuskäyttäj\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Hanna\Cookies\hanna@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.27:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\3w7qjfdy.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Hanna\Cookies\hanna@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.


::Report end

<<------------------------------------------------------------------------->>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:03, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {93347E49-534E-402A-9870-C158DB2669D8} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8185 bytes

 

ja sitten...


Varmistu ensin, että piilotiedostot on näkyvillä.

Piilotiedostot näkyviin

Mene --> tänne

Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.

C:\WINDOWS\SYSTEM32\53EF8AD43D.sys

Lähetä skannin tulokset seuraavassa viestissäsi.

Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html



Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.


Lähetä C:\vundofix.txt + virustotal/jotii tulos + uusi hjt-loki

 

Tässä, eipä nuo mitään oikeen löytäny

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:52:04 26.11.2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

File: 53EF8AD43D.sys
Status: OK
MD5: 2497650dd227382aa587c2a68bc5a614
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 26 Nov 2007 09:40:27 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:42, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {93347E49-534E-402A-9870-C158DB2669D8} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8253 bytes

 

ja sitten...


Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {93347E49-534E-402A-9870-C158DB2669D8} - (no file)

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

päivitä java..

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u3

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

Applications and Applets

Trace and Log Files


Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

10. Klikkaa OK jättääksesi Java asetusikkunasi.



ja sitten vielää lopputarkistus...

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi


Lähetä combofix.txt + F-Secure raportti + uusi hjt-loki

 

ComboFix 07-11-19.3 - Juuso 2007-11-26 14:56:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.700 [GMT 2:00]
Running from: C:\Documents and Settings\Juuso\Työpöytä\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-10-26 to 2007-11-26 )))))))))))))))))
.

2007-11-26 11:52 <KANSIO> d-------- C:\VundoFix Backups
2007-11-25 22:28 <KANSIO> d-------- C:\Documents and Settings\Juuso\Application Data\Grisoft
2007-11-25 22:27 <KANSIO> d-------- C:\Program Files\AVG Anti-Spyware 7.5
2007-11-25 22:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-25 22:27 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-11-25 21:53 87,191,372 --a------ C:\rekisteritietoja.reg
2007-11-25 12:06 <KANSIO> d-------- C:\hjt
2007-11-25 12:03 2,088 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-25 12:03 0 --a------ C:\WINDOWS\SYSTEM32\tmp.txt
2007-11-22 16:44 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-22 16:43 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-10 19:19 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\PC Suite
2007-10-28 20:52 <KANSIO> d-------- C:\Program Files\SiSoftware
2007-10-26 17:20 <KANSIO> d-------- C:\Documents and Settings\Juuso\Application Data\Nokia

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 07:01 --------- d-----w C:\Program Files\RegClean
2007-11-22 15:16 --------- d-----w C:\Program Files\DC++
2007-11-22 14:46 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-23 06:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-17 14:25 --------- d-----w C:\Program Files\Opera
2007-10-10 16:56 --------- d-----w C:\Documents and Settings\Juuso\Application Data\CyberLink
2007-10-09 14:09 98,304 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-10-05 18:48 --------- d-----w C:\Program Files\Belkin_Bluetooth
2007-10-04 18:58 --------- d-----w C:\Program Files\TeleWell
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2004-11-08 16:38 56 -csh--r C:\WINDOWS\SYSTEM32\53EF8AD43D.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-25_20.44.43.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-26 12:45:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 17:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 17:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 17:10]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-02-01 17:47]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-15 01:12 C:\WINDOWS\SYSTEM32\rundll32.exe]
"!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-03-14 11:38 335970 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe -osboot

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 ldiskl;ldiskl;\??\C:\DOCUME~1\Juuso\LOCALS~1\Temp\ldiskl.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 15:00:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-26 15:02:09
C:\ComboFix2.txt ... 2007-11-25 22:21
C:\ComboFix3.txt ... 2007-11-25 20:48
.
--- E O F ---

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Scanning Report
Monday, November 26, 2007 15:21:53 - 19:29:34
Computer name: DELL
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ E:\


--------------------------------------------------------------------------------

Result: 17 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
Trojan.Win32.Obfuscated.kp (virus)
C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP4\A0000129.exe (Renamed & Submitted)
C:\qoobox\Quarantine\catchme2007-11-25_221832.89.zip\bmttvqcb.exe
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ymjjtphr.exe.vir (Renamed & Submitted)
Vundo.gen42 (virus)
C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP4\A0000135.dll (Submitted)
C:\qoobox\Quarantine\catchme2007-11-25_221832.89.zip\rqrrpqp.dll
Vundo.gen50 (virus)
C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000016.dll (Submitted)
C:\qoobox\Quarantine\catchme2007-11-25_204117.87.zip\mljjj.dll
Vundo.gen51 (virus)
C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP4\A0000126.dll (Submitted)
C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP4\A0000128.dll (Submitted)
C:\qoobox\Quarantine\catchme2007-11-25_221832.89.zip\wqnepdyf.dll
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\hpdjxaea.dll.vir (Submitted)
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\qkxbkuxf.dll.vir (Submitted)
W32/Stration.ICL (virus)
E:\Pelit\Giant\LEGO Star Wars Game\LegoStarwars.exe (Submitted)
Win32.Trojandownloader.Zlob (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 363922
System: 5054
Not scanned: 606
Actions:
Disinfected: 2
Renamed: 2
Deleted: 0
None: 13
Submitted: 9
Files not scanned:
&#65533;=H
&#65533;&#65533;AGEFILE.SYS
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_5B0.DAT
C:\WINDOWS\TEMP\_AVAST4_\WEBSHLOCK.TXT
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
C:\WINDOWS\$NTUNINSTALLQ329115$\REG00003
C:\ROM PELIT\YK-PKRB.SAV
C:\RECYCLER\NPROTECT\00099667.TXT
C:\RECYCLER\NPROTECT\00099670.WPL
C:\RECYCLER\NPROTECT\00099680.WPL
C:\RECYCLER\NPROTECT\00099685.WPL
C:\RECYCLER\NPROTECT\00099691.XML
C:\RECYCLER\NPROTECT\00099694.WPL
C:\RECYCLER\NPROTECT\00099703.TXT
C:\RECYCLER\NPROTECT\00099735.TXT
C:\RECYCLER\NPROTECT\00099737.WPL
C:\RECYCLER\NPROTECT\00099743.TXT
C:\RECYCLER\NPROTECT\00099796.TXT
C:\RECYCLER\NPROTECT\00101136.DAT
C:\RECYCLER\NPROTECT\00101157.SOL
C:\RECYCLER\NPROTECT\00101189.TXT
C:\RECYCLER\NPROTECT\00101199.TXT
C:\RECYCLER\NPROTECT\00101217.TXT
C:\RECYCLER\NPROTECT\00101224.XML
C:\RECYCLER\NPROTECT\00101232.XML
C:\RECYCLER\NPROTECT\00101239.TXT
C:\RECYCLER\NPROTECT\00101252.TXT
C:\RECYCLER\NPROTECT\00101255.TXT
C:\RECYCLER\NPROTECT\00101260.TXT
C:\RECYCLER\NPROTECT\00101421.LNK
C:\RECYCLER\NPROTECT\00101428.TXT
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BMTTVQCB.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WLBLWDPS.DLL.VIR
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.ILG
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{4F6DFDC8-7EAA-4B9B-AC3A-AE04F77D81CF}\SETUP.ILG
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\SETUP.ILG
C:\PELITVALVE\VALVE\STEAM\STEAMAPPS\BBFURY\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\BLITZ.MP3
C:\PELITVALVE\VALVE\STEAM\STEAMAPPS\BBFURY\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
C:\PELITVALVE\VALVE\STEAM\STEAMAPPS\BBFURY\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\NEIN.MP3
C:\PELITVALVE\VALVE\STEAM\STEAMAPPS\BBFURY\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
C:\PELITVALVE\VALVE\STEAM\STEAMAPPS\BBFURY\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\ACTIONS\KRIEGER.MP3
C:\PELIT\MAXIS\THE SIMS\USERDATA8\PHOTOALBUM\_
C:\PELIT\MAXIS\THE SIMS\USERDATA8\EXPORT\_
C:\PELIT\MAXIS\THE SIMS\USERDATA8\CHARACTERS\_
C:\PELIT\MAXIS\THE SIMS\USERDATA7\PHOTOALBUM\_
C:\PELIT\MAXIS\THE SIMS\USERDATA7\EXPORT\_
C:\PELIT\MAXIS\THE SIMS\USERDATA7\CHARACTERS\_
C:\PELIT\MAXIS\THE SIMS\USERDATA6\PHOTOALBUM\_
C:\PELIT\MAXIS\THE SIMS\USERDATA6\EXPORT\_
C:\PELIT\MAXIS\THE SIMS\USERDATA6\CHARACTERS\_
C:\PELIT\MAXIS\THE SIMS\USERDATA5\PHOTOALBUM\_
C:\PELIT\MAXIS\THE SIMS\USERDATA5\EXPORT\_
C:\PELIT\MAXIS\THE SIMS\USERDATA5\CHARACTERS\_
C:\PELIT\MAXIS\THE SIMS\USERDATA4\PHOTOALBUM\_
C:\PELIT\MAXIS\THE SIMS\USERDATA4\EXPORT\_
C:\PELIT\MAXIS\THE SIMS\USERDATA4\CHARACTERS\_
C:\PELIT\MAXIS\THE SIMS\USERDATA3\PHOTOALBUM\_
C:\PELIT\MAXIN&#65533;
&#65533;
&#65533;


C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_5B0.DAT
C:\WINDOWS\TEMP\_AVAST4_\WEBSHLOCK.TXT
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECUR

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-11-23
F-Secure AVP: 7.0.171, 2007-11-26
F-Secure Orion: 1.2.37, 2007-11-26
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0602-150-72
F-Secure Pegasus: 1.19.0, 2007-10-26
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:46, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8289 bytes

 

jep kunnossa ois

poista kansio
E:\Pelit\Giant\LEGO Star Wars Game
C:\qoobox
poista combofix


Lataa CCleaner tästä
*Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
*Asennuksen jälkeen aukaise CCleaner.
*Valitse vasemmalta pystyrivistä Options.
*Valitse viereisestä pystyrivistä Settings.
*Language kohtaan valitse Suomi.
Puhdistaja
*Valitse vasemmalta pystyrivistä Puhdistaja.
*Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
*Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
*Valitse vasemmalta pystyrivistä Virheet.
*Paina alhaalta Etsi rekisterin virheitä.
*Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
*Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
*Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
*Saat vielä varmistus kysymyksen, paina Ok.
*Kun virheet on korjattu, paina Sulje.
*Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

Vielä ongelmia ????

 

Ei ongelmia, ei enään availe IE:ia itsestään eikä vilku mitään pikakäynnistyksessäkään. Kiitän ja kumarran, olen erittäin kiitollinen saamastani avusta

Vielä kysyisin, että onkos siitä haittaa jos tuo avg anti-spyware ja avast on yhtä aikaa tuolla oikeassa alakulmassa pikakäynnistyksessä?

 

ei haittaa
avg on anti-spyware ja avast on anti-virus

tää viel...ja muutama lisä vinkki

Putsaa järjestelmän palautus:
1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
2. Valitse Properties/ominaisuudet
3. Valitse System Restore/järjestelmän palauttaminen välilehti
4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Apply/käytä
6. Paina OK
7. Käynnistä kone uudelleen
8. Palauta asetukset takaisin



Pysy Puhtaana !

Käytä Firefox
Firefox on nopeampi turvallisempi selain kuin Internet Explorer
Lataa Firefox

Asenna Hosts-tiedosto
Hosts-tiedosto estää haitalliset internet-osoitteet
Lataa Hosts-tiedosto
Opas!

Asenna AVG Anti-Spyware
AVG Anti-Spyware poistaa haittaohjelmia ja puhdistaa myös rekisteriä
Lataa AVG Anti-Spyware
Opas!

Asenna Ccleaner
Ccleaner puhdistaa väliaikaistiedostot ja rekisteriä
Lataa Ccleaner
Opas!

Asenna SpywareBlaster
SpywareBlaster estää haittaohjelmien asentumista koneelle
Lataa SpywareBlaster
Opas!

Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste.
Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
Opas!

Pidä järjestelmäsi ajantasalla
Windows Update

Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.


Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

Taistele vastaan!!--> Malware Complaints
Sivusto antaa haittaohjelmien uhreille mahdollisuuden kertoa tarinansa ja tehdä valituksen asiasta. Taistellaan yhdessä haittaohjelmien tekijöitä vastaan!