Eli antivir valittaa joka toinen sekunti näistä kahdesta troijalaisesta. yritin poistaa, tuloksetta... kone hidastelee jo aika pahasti. HJT-logi: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:40:59, on 14.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe I:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\UMStor\Res.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe I:\Program Files\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe I:\Ohjelmat\CursorsXP\CursorXP.exe I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe I:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe I:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79919086 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [BMf7543ce1] Rundll32.exe "C:\WINDOWS\system32\dbxnrouu.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] I:\Ohjelmat\CursorsXP\CursorXP.exe O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: lenxiy.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - I:\Program Files\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8966 bytes
Joo tein jotain harvinaista ja osoitin omaaloitteisuutta. ajoin Malwaren ja ComboFix:in ja niiden jälkeen otin vielä uuden HJT-login. Olisiko jotain, mitä pitäisi vielä tehdä? Malware:Malwarebytes' Anti-Malware 1.28 Tietokantaversio: 1268 Windows 5.1.2600 Service Pack 2 14.10.2008 22:01:37 mbam-log-2008-10-14 (22-01-37).txt Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|P:\|) Tarkistetut kohteet: 67040 Kulunut aika: 1 hour(s), 43 minute(s), 10 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 4 Saastuneita rekisteriavaimia: 7 Saastuneita rekisteriarvoja: 2 Saastuneita rekisterikohteita: 2 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 199 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: C:\WINDOWS\system32\ljJCuSMD.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dbxnrouu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\lenxiy.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\tuvSkHYo.dll (Trojan.Vundo.H) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1fded158-dbd2-48e4-b836-3e9bd4d9ded2} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1fded158-dbd2-48e4-b836-3e9bd4d9ded2} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cfa7c88-0e65-4ac6-af8d-2fd0941298fd} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{5cfa7c88-0e65-4ac6-af8d-2fd0941298fd} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cbe6300-759b-447a-b406-31b86293e390} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvskhyo (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{6cbe6300-759b-447a-b406-31b86293e390} (Trojan.Vundo.H) -> Delete on reboot. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf7543ce1 (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6cbe6300-759b-447a-b406-31b86293e390} (Trojan.Vundo.H) -> Delete on reboot. Saastuneita rekisterikohteita: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjcusmd -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjcusmd -> Delete on reboot. Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\lenxiy.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ljJCuSMD.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\DMSuCJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\DMSuCJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvSkHYo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fcywgxpa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\apxgwycf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ioxantri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\irtnaxoi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\irucrgrb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\brgrcuri.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pvobpfdi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\idfpbovp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tsektjdl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ldjtkest.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yvmdvikw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wkivdmvy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dbxnrouu.dll (Trojan.Vundo) -> Delete on reboot. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219932.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219933.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219934.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219935.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219936.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219937.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219938.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219939.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219940.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP510\A0219941.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP515\A0221683.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP515\A0221684.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF24652F-EE43-488D-87C2-4799747F3683}\RP515\A0221685.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\acacenxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aektgs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ajjhtm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\apuopwfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aqbujcng.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aqulnw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\astnoydx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awgleloa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aywxbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\beiprlsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bpxoluhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\buljfl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bxiomwvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbrkwnga.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbwxoues.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cdsdqqxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\chwbte.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cnslhj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\coumrmbd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cykhclmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dbcujmmi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dbfaculy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dkaqyics.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dkqcdaqj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dliebv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dmegmraa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dnltud.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpuyillr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dtwrxhvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dusoevww.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dyaqke.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dzsfco.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\edupitpg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eectmuso.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\egulvxen.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eonehwxn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\etpkbjxn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eulwbw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\faxqocfj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fhffwbdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frbcpoek.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frhchhma.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fspykp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fuprrfss.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fwfwlf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fwjhuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fxkoepia.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gbiffdus.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gppotr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gshrxkkd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hbimbswu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hoohyfen.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hpaqpwfl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hvshslbj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ihnjatim.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iiplcuwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\isqqitva.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\itspmjlf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iymrewqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jfsaclkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jgkniz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jknfmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jokyfr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kciwoaga.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kckjhoxk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kfbljwwx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\khfEXroo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\khqkruqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kmtbrwem.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kohedtqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kotusg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kouoptyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kuansdea.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kvsfmlug.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kwehpy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\levrfqts.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ligjjugt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\limoeboy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\loursevm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lskyky.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lyvqycak.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lzxxci.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\necftakf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nemvysuw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nfephkjx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nhblaehf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\niifvjdt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\njjlrx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nkkfupyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nmdmfymg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nttfiatj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\odbthv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ofppyaqm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oipyueku.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ojbsypxo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ornjdwab.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pdwvlq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pexpqimu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pnigpecl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\prcamtdq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\prjryokb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pssegdia.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qflygtle.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qrcacotl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qvamtisk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qvdvdxwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rajhrvtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rbdbrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\refwshej.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rtkxqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\scsekqem.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seyuuyie.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sizgqy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sqcaohyn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tbibbkva.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\teuwgikh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tfidsv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tfobwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tfpavdcu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tfpzlk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\topvtjks.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\trhprehk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\trvhmuss.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ucwnbjvg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\udisxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\udnxpipc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\udwoqiuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ufknjgfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ugikkujx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uhfucj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ukubplli.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ulxovdlr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uqwaflmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vembdskx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vgctqhrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vlshgjdg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vrtejjrf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vsvutoej.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vumkcvmg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vxohhm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vxyuahmx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wcmdzq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wgjdabci.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wndesxgs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpxqdnit.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wqcfteot.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wrnvpflt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wuxrxwjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wxjfeowi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wxuysz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xhorrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xhrroyvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmgvnm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xozbkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xrgwjcvn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xriqxujn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xrtbmlav.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xtuotjfs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xwltzz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xyjwby.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yabjghff.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ydaxhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yesecylt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yiddyqat.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ykbmyayg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yqqwrdsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zhsupo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zvnzsw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Kone piti sammuttaa ja sitten vasta pystyi poistamaan loput mömmöt. siitä loki: Malwarebytes' Anti-Malware 1.28 Tietokantaversio: 1268 Windows 5.1.2600 Service Pack 2 14.10.2008 22:17:14 mbam-log-2008-10-14 (22-17-14).txt Tarkistustyyppi: Pikatarkistus Tarkistetut kohteet: 46497 Kulunut aika: 5 minute(s), 5 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 7 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 4 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMf7543ce1.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMf7543ce1.txt (Trojan.Vundo) -> Quarantined and deleted successfully. ComboFix: ComboFix 08-10-14.03 - Omistaja 2008-10-14 22:22:20.1 - NTFSx86 Sijainti: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe * Uusi palautuspiste luotu VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Omistaja\Application Data\inst.exe C:\WINDOWS\system32\fwatnseu.ini C:\WINDOWS\system32\hbvwgcqo.ini C:\WINDOWS\system32\osrvvifr.ini C:\WINDOWS\system32\rvsxsmrs.ini C:\WINDOWS\system32\uhdbxsrx.ini C:\WINDOWS\system32\xybtaltt.ini . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-14 to 2008-10-14 ))))))))))))))))) . 2008-10-14 20:14 . 2008-10-14 20:14 <KANSIO> d----c--- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes 2008-10-14 20:13 . 2008-10-14 20:15 <KANSIO> d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 20:13 . 2008-10-14 20:13 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-14 20:13 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 20:13 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 00:33 . 2008-10-13 00:41 <KANSIO> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-12 22:00 . 2008-10-12 22:00 <KANSIO> d----c--- C:\VundoFix Backups 2008-10-12 02:08 . 2008-10-12 02:08 268 --ah-c--- C:\sqmdata14.sqm 2008-10-12 02:08 . 2008-10-12 02:08 244 --ah-c--- C:\sqmnoopt14.sqm 2008-10-11 14:09 . 2008-10-11 14:09 230 --a--c--- C:\WINDOWS\system32\spupdsvc.inf 2008-10-11 12:27 . 2008-10-11 12:27 121 ---hsc--- C:\WINDOWS\system32\fuvwnuap.ini 2008-10-11 11:24 . 2008-10-11 11:24 121 ---hsc--- C:\WINDOWS\system32\rlgctqbj.ini 2008-10-11 01:35 . 2008-10-11 01:35 121 ---hsc--- C:\WINDOWS\system32\ksakjtwa.ini 2008-10-11 00:32 . 2008-10-11 00:32 121 ---hsc--- C:\WINDOWS\system32\hergtpuv.ini 2008-10-10 23:29 . 2008-10-10 23:29 121 ---hsc--- C:\WINDOWS\system32\bcginqbh.ini 2008-10-10 22:29 . 2008-10-10 22:29 121 ---hsc--- C:\WINDOWS\system32\sxfgujrq.ini 2008-10-10 21:23 . 2008-10-10 21:23 121 ---hsc--- C:\WINDOWS\system32\ibfbsady.ini 2008-10-10 20:23 . 2008-10-10 20:23 121 ---hsc--- C:\WINDOWS\system32\wrkvjink.ini 2008-10-10 19:17 . 2008-10-10 19:17 121 ---hsc--- C:\WINDOWS\system32\sxnfrdsf.ini 2008-10-10 18:14 . 2008-10-10 18:14 121 ---hsc--- C:\WINDOWS\system32\gryhndux.ini 2008-10-10 17:14 . 2008-10-10 17:14 121 ---hsc--- C:\WINDOWS\system32\wsmsqcqj.ini 2008-10-10 16:11 . 2008-10-10 16:11 121 ---hsc--- C:\WINDOWS\system32\goktyxmu.ini 2008-10-10 07:19 . 2008-10-10 07:19 121 ---hsc--- C:\WINDOWS\system32\leauowno.ini 2008-10-09 23:35 . 2008-10-09 23:35 121 ---hsc--- C:\WINDOWS\system32\yfdwqlff.ini 2008-10-09 21:01 . 2008-10-09 21:01 121 ---hsc--- C:\WINDOWS\system32\tdpttied.ini 2008-10-09 20:01 . 2008-10-09 20:01 121 ---hsc--- C:\WINDOWS\system32\bpmgpvbi.ini 2008-10-09 19:04 . 2008-10-09 19:04 121 ---hsc--- C:\WINDOWS\system32\phcvleti.ini 2008-10-09 17:58 . 2008-10-09 17:58 121 ---hsc--- C:\WINDOWS\system32\rbklmfpk.ini 2008-10-09 16:58 . 2008-10-09 16:58 121 ---hsc--- C:\WINDOWS\system32\nrhotfau.ini 2008-10-09 15:55 . 2008-10-09 15:55 121 ---hsc--- C:\WINDOWS\system32\vskjqgan.ini 2008-10-08 23:16 . 2008-10-08 23:16 121 ---hsc--- C:\WINDOWS\system32\upvwritr.ini 2008-10-08 23:13 . 2008-10-08 23:13 121 ---hsc--- C:\WINDOWS\system32\cxkyfjae.ini 2008-10-08 22:13 . 2008-10-08 22:14 121 ---hsc--- C:\WINDOWS\system32\oupvkhwv.ini 2008-10-08 22:11 . 2008-10-08 22:11 121 ---hsc--- C:\WINDOWS\system32\xvkifgvh.ini 2008-10-08 21:13 . 2008-10-08 21:13 121 ---hsc--- C:\WINDOWS\system32\rpmamttr.ini 2008-10-08 20:10 . 2008-10-08 20:10 121 ---hsc--- C:\WINDOWS\system32\kjurrcyp.ini 2008-10-08 19:07 . 2008-10-08 19:07 121 ---hsc--- C:\WINDOWS\system32\hfbfwggn.ini 2008-10-08 18:04 . 2008-10-08 18:04 121 ---hsc--- C:\WINDOWS\system32\kksarspd.ini 2008-10-08 17:01 . 2008-10-08 17:01 121 ---hsc--- C:\WINDOWS\system32\eimytwud.ini 2008-10-08 16:00 . 2008-10-08 16:00 121 ---hsc--- C:\WINDOWS\system32\emwuytiy.ini 2008-10-07 23:14 . 2008-10-07 23:14 121 ---hsc--- C:\WINDOWS\system32\xdqnhluc.ini 2008-10-07 22:17 . 2008-10-07 22:17 121 ---hsc--- C:\WINDOWS\system32\lrcsqqdw.ini 2008-10-07 22:11 . 2008-10-07 22:11 121 ---hsc--- C:\WINDOWS\system32\mglsxpxt.ini 2008-10-07 21:08 . 2008-10-07 21:08 121 ---hsc--- C:\WINDOWS\system32\kkxwgaln.ini 2008-10-05 22:57 . 2008-10-05 22:57 121 ---hsc--- C:\WINDOWS\system32\ufkryygp.ini 2008-10-03 22:54 . 2008-10-03 22:54 121 ---hsc--- C:\WINDOWS\system32\dhdutiap.ini 2008-10-02 20:46 . 2008-10-02 20:46 121 ---hsc--- C:\WINDOWS\system32\agdfparj.ini 2008-09-30 20:45 . 2008-09-30 20:45 121 ---hsc--- C:\WINDOWS\system32\tjbwpykc.ini 2008-09-28 14:20 . 2008-10-14 22:26 13,215,776 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.dat 2008-09-28 14:20 . 2008-10-14 22:03 158,096 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.idx 2008-09-28 13:46 . 2008-07-09 09:05 75,248 --a--c--- C:\WINDOWS\zllsputility.exe 2008-09-28 13:43 . 2008-09-30 13:43 <KANSIO> d----c--- C:\WINDOWS\system32\ZoneLabs 2008-09-28 13:43 . 2008-07-09 09:05 1,086,952 --a--c--- C:\WINDOWS\system32\zpeng24.dll 2008-09-28 13:43 . 2008-10-14 22:05 352,917 --a--c--- C:\WINDOWS\system32\vsconfig.xml 2008-09-28 11:32 . 2008-09-28 13:51 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Norton 2008-09-28 11:28 . 2008-09-28 11:28 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2008-09-27 14:37 . 2008-09-27 14:37 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Application Data\Logitech 2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Verkkoympäristö 2008-09-27 14:36 . 2007-04-19 19:19 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Työpöytä 2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Tulostinympäristö 2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Suosikit 2008-09-27 14:36 . 2008-09-27 14:38 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Omat tiedostot 2008-09-27 14:36 . 2007-04-19 19:16 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Mallit 2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Käynnistä-valikko 2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Application Data\PC Suite 2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> d----c--- C:\Documents and Settings\Vieras 2008-09-27 00:23 . 2008-10-13 20:48 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn 2008-09-27 00:23 . 2008-09-27 00:23 1,409 --a--c--- C:\WINDOWS\QTFont.for 2008-09-26 21:00 . 2008-09-26 21:00 268 --ah-c--- C:\sqmdata13.sqm 2008-09-26 21:00 . 2008-09-26 21:00 244 --ah-c--- C:\sqmnoopt13.sqm 2008-09-26 00:04 . 2008-09-26 00:04 268 --ah-c--- C:\sqmdata12.sqm 2008-09-26 00:04 . 2008-09-26 00:04 244 --ah-c--- C:\sqmnoopt12.sqm 2008-09-22 15:07 . 2008-09-22 15:06 410,976 --a--c--- C:\WINDOWS\system32\deploytk.dll 2008-09-17 16:16 . 2008-09-17 16:16 549,159 -rahsc--- C:\Program Files\Norton2009Reset.exe . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-14 13:34 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Azureus 2008-10-13 17:46 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2 2008-10-12 17:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-11 23:10 2,190,620 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-10-11 22:14 --------- dc----w C:\Program Files\Common Files\Symantec Shared 2008-10-11 21:52 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-10-11 20:16 --------- dc----w C:\Program Files\MagicISO 2008-10-09 17:54 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Ahead 2008-10-05 16:17 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Vso 2008-10-05 16:11 --------- dc----w C:\Program Files\Mozilla Firefox 3 Beta 4 2008-09-30 10:40 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-22 12:06 --------- dc----w C:\Program Files\Java 2008-09-21 19:47 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\IMVU 2008-09-12 21:12 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Skype 2008-09-12 21:02 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\skypePM 2008-09-12 17:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\mIRC 2008-09-08 19:59 --------- dc-h--w C:\Program Files\Zero G Registry 2008-09-06 09:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\PC Suite 2008-09-05 13:33 --------- dc----w C:\Program Files\Common Files\Corel 2008-09-05 13:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-09-05 13:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Corel 2008-09-05 13:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Corel 2008-08-22 18:19 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Brainwave 2008-08-17 18:16 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Winamp 2008-08-17 14:06 --------- dc----w C:\Program Files\Winamp Toolbar 2008-08-17 14:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-07-18 19:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 19:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 19:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll 2008-07-18 19:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 19:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 19:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 19:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 19:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 19:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll 2008-05-04 06:54 1,940 -c--a-w C:\Documents and Settings\Omistaja\Application Data\lebendig.reg 2008-04-16 11:58 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-25 13:53 47,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360] "CursorXP"="I:\Ohjelmat\CursorsXP\CursorXP.exe" [2005-01-19 128000] "PC Suite Tray"="I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808] "Google Update"="C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016] "USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [2005-09-14 65536] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-22 144792] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480] "Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696] "ZoneAlarm Client"="I:\Program Files\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15360] "Nokia.PCSync"="I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Logitech SetPoint.lnk - I:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-10-08 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=lenxiy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a--c--- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-03-26 18:41 1232896 I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-04-16 12:53 1079808 I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --------- 2007-07-23 13:55 341232 I:\Program Files\Ulead Videostudio\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "I:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "i:\\Program Files\\xchat\\xchat.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "I:\\Program Files\\Azureus\\Azureus.exe"= "I:\\Program Files\\Valve\\Steam\\SteamApps\\jalok1ves\\counter-strike\\hl.exe"= "I:\\Program Files\\mIRC\\mirc.exe"= "I:\\Ohjelmat\\Dc++\\RevConnect\\DCPlusPlus.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-22 147456] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-15 14336] R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2007-10-10 34848] R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 820133] S1 AMTBDA_P861F;anysee Capture Service;C:\WINDOWS\system32\DRIVERS\anyseeTU.SYS [ ] S2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db15e3ef-ff56-11dc-a74d-000feacc5edd}] \Shell\AutoRun\command - N:\InstallTomTomHOME.exe *Newly Created Service* - MBAMSWISSARMY *Newly Created Service* - PROCEXP90 . 'Ajoitetut tehtävät'-kansion sisältö 2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job - I:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [] 2008-10-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-10-14 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:24] . . ------- Täydentävä tarkistus ------- . R0 -: HKCU-Main,Start Page = hxxp://www.ircdown.com/fi/index.php?rvs=hompag&d=79919086 O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk - O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-14 22:26:30 Windows 5.1.2600 Service Pack 2 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . Valmistumisajankohta: 2008-10-14 22:28:09 ComboFix-quarantined-files.txt 2008-10-14 19:28:05 Ennen ajoa: 3 052 769 280 tavua vapaana Ajon jälkeen: 3,020,845,056 tavua vapaana 264 --- E O F --- 2008-09-09 21:33:02 Ja lopuksi HJT-logi: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:31, on 14.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe I:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\UMStor\Res.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\WINDOWS\system32\nvsvc32.exe I:\Program Files\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\ctfmon.exe I:\Ohjelmat\CursorsXP\CursorXP.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe I:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\explorer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe I:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79919086 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] I:\Ohjelmat\CursorsXP\CursorXP.exe O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: lenxiy.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - I:\Program Files\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9168 bytes
1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä: Combofix.exe Combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti *
ComboFix: ComboFix 08-10-14.07 - Omistaja 2008-10-15 18:14:30.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.584 [GMT 3:00] Sijainti: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe Käytetyt komentorivivalitsimet :: C:\Documents and Settings\Omistaja\Työpöytä\CFScript.txt * Uusi palautuspiste luotu VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !! FILE :: C:\WINDOWS\system32\agdfparj.ini C:\WINDOWS\system32\bcginqbh.ini C:\WINDOWS\system32\bpmgpvbi.ini C:\WINDOWS\system32\cxkyfjae.ini C:\WINDOWS\system32\dhdutiap.ini C:\WINDOWS\system32\eimytwud.ini C:\WINDOWS\system32\emwuytiy.ini C:\WINDOWS\system32\fuvwnuap.ini C:\WINDOWS\system32\goktyxmu.ini C:\WINDOWS\system32\gryhndux.ini C:\WINDOWS\system32\hergtpuv.ini C:\WINDOWS\system32\hfbfwggn.ini C:\WINDOWS\system32\ibfbsady.ini C:\WINDOWS\system32\kjurrcyp.ini C:\WINDOWS\system32\kksarspd.ini C:\WINDOWS\system32\kkxwgaln.ini C:\WINDOWS\system32\ksakjtwa.ini C:\WINDOWS\system32\leauowno.ini C:\WINDOWS\system32\lrcsqqdw.ini C:\WINDOWS\system32\mglsxpxt.ini C:\WINDOWS\system32\nrhotfau.ini C:\WINDOWS\system32\oupvkhwv.ini C:\WINDOWS\system32\phcvleti.ini C:\WINDOWS\system32\rbklmfpk.ini C:\WINDOWS\system32\rlgctqbj.ini C:\WINDOWS\system32\rpmamttr.ini C:\WINDOWS\system32\spupdsvc.inf C:\WINDOWS\system32\sxfgujrq.ini C:\WINDOWS\system32\sxnfrdsf.ini C:\WINDOWS\system32\tdpttied.ini C:\WINDOWS\system32\tjbwpykc.ini C:\WINDOWS\system32\ufkryygp.ini C:\WINDOWS\system32\upvwritr.ini C:\WINDOWS\system32\wrkvjink.ini C:\WINDOWS\system32\vskjqgan.ini C:\WINDOWS\system32\wsmsqcqj.ini C:\WINDOWS\system32\xdqnhluc.ini C:\WINDOWS\system32\xvkifgvh.ini C:\WINDOWS\system32\yfdwqlff.ini . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\agdfparj.ini C:\WINDOWS\system32\bcginqbh.ini C:\WINDOWS\system32\bpmgpvbi.ini C:\WINDOWS\system32\cxkyfjae.ini C:\WINDOWS\system32\dhdutiap.ini C:\WINDOWS\system32\eimytwud.ini C:\WINDOWS\system32\emwuytiy.ini C:\WINDOWS\system32\fuvwnuap.ini C:\WINDOWS\system32\goktyxmu.ini C:\WINDOWS\system32\gryhndux.ini C:\WINDOWS\system32\hergtpuv.ini C:\WINDOWS\system32\hfbfwggn.ini C:\WINDOWS\system32\ibfbsady.ini C:\WINDOWS\system32\kjurrcyp.ini C:\WINDOWS\system32\kksarspd.ini C:\WINDOWS\system32\kkxwgaln.ini C:\WINDOWS\system32\ksakjtwa.ini C:\WINDOWS\system32\leauowno.ini C:\WINDOWS\system32\lrcsqqdw.ini C:\WINDOWS\system32\mglsxpxt.ini C:\WINDOWS\system32\nrhotfau.ini C:\WINDOWS\system32\oupvkhwv.ini C:\WINDOWS\system32\phcvleti.ini C:\WINDOWS\system32\rbklmfpk.ini C:\WINDOWS\system32\rlgctqbj.ini C:\WINDOWS\system32\rpmamttr.ini C:\WINDOWS\system32\spupdsvc.inf C:\WINDOWS\system32\sxfgujrq.ini C:\WINDOWS\system32\sxnfrdsf.ini C:\WINDOWS\system32\tdpttied.ini C:\WINDOWS\system32\tjbwpykc.ini C:\WINDOWS\system32\ufkryygp.ini C:\WINDOWS\system32\upvwritr.ini C:\WINDOWS\system32\wrkvjink.ini C:\WINDOWS\system32\vskjqgan.ini C:\WINDOWS\system32\wsmsqcqj.ini C:\WINDOWS\system32\xdqnhluc.ini C:\WINDOWS\system32\xvkifgvh.ini C:\WINDOWS\system32\yfdwqlff.ini . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-15 to 2008-10-15 ))))))))))))))))) . 2008-10-14 20:14 . 2008-10-14 20:14 <KANSIO> d----c--- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes 2008-10-14 20:13 . 2008-10-14 20:15 <KANSIO> d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 20:13 . 2008-10-14 20:13 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-14 20:13 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 20:13 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 00:33 . 2008-10-13 00:41 <KANSIO> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-12 22:00 . 2008-10-12 22:00 <KANSIO> d----c--- C:\VundoFix Backups 2008-10-12 02:08 . 2008-10-12 02:08 268 --ah-c--- C:\sqmdata14.sqm 2008-10-12 02:08 . 2008-10-12 02:08 244 --ah-c--- C:\sqmnoopt14.sqm 2008-09-28 14:20 . 2008-10-15 18:17 13,402,144 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.dat 2008-09-28 14:20 . 2008-10-14 23:51 160,112 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.idx 2008-09-28 13:46 . 2008-07-09 09:05 75,248 --a--c--- C:\WINDOWS\zllsputility.exe 2008-09-28 13:43 . 2008-09-30 13:43 <KANSIO> d----c--- C:\WINDOWS\system32\ZoneLabs 2008-09-28 13:43 . 2008-07-09 09:05 1,086,952 --a--c--- C:\WINDOWS\system32\zpeng24.dll 2008-09-28 13:43 . 2008-10-15 18:03 352,917 --a--c--- C:\WINDOWS\system32\vsconfig.xml 2008-09-28 11:32 . 2008-09-28 13:51 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Norton 2008-09-28 11:28 . 2008-09-28 11:28 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2008-09-27 14:37 . 2008-09-27 14:37 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Application Data\Logitech 2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Verkkoympäristö 2008-09-27 14:36 . 2007-04-19 19:19 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Työpöytä 2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Tulostinympäristö 2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Suosikit 2008-09-27 14:36 . 2008-09-27 14:38 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Omat tiedostot 2008-09-27 14:36 . 2007-04-19 19:16 <KANSIO> d--h-c--- C:\Documents and Settings\Vieras\Mallit 2008-09-27 14:36 . 2007-04-19 22:04 <KANSIO> dr---c--- C:\Documents and Settings\Vieras\Käynnistä-valikko 2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> d----c--- C:\Documents and Settings\Vieras\Application Data\PC Suite 2008-09-27 14:36 . 2008-09-27 14:36 <KANSIO> d----c--- C:\Documents and Settings\Vieras 2008-09-27 00:23 . 2008-10-13 20:48 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn 2008-09-27 00:23 . 2008-09-27 00:23 1,409 --a--c--- C:\WINDOWS\QTFont.for 2008-09-26 21:00 . 2008-09-26 21:00 268 --ah-c--- C:\sqmdata13.sqm 2008-09-26 21:00 . 2008-09-26 21:00 244 --ah-c--- C:\sqmnoopt13.sqm 2008-09-26 00:04 . 2008-09-26 00:04 268 --ah-c--- C:\sqmdata12.sqm 2008-09-26 00:04 . 2008-09-26 00:04 244 --ah-c--- C:\sqmnoopt12.sqm 2008-09-22 15:07 . 2008-09-22 15:06 410,976 --a--c--- C:\WINDOWS\system32\deploytk.dll 2008-09-17 16:16 . 2008-09-17 16:16 549,159 -rahsc--- C:\Program Files\Norton2009Reset.exe . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-14 13:34 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Azureus 2008-10-13 17:46 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2 2008-10-12 17:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-11 23:10 2,190,620 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-10-11 22:14 --------- dc----w C:\Program Files\Common Files\Symantec Shared 2008-10-11 21:52 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-10-11 20:16 --------- dc----w C:\Program Files\MagicISO 2008-10-09 17:54 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Ahead 2008-10-05 16:17 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Vso 2008-10-05 16:11 --------- dc----w C:\Program Files\Mozilla Firefox 3 Beta 4 2008-09-30 10:40 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-22 12:06 --------- dc----w C:\Program Files\Java 2008-09-21 19:47 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\IMVU 2008-09-12 21:12 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Skype 2008-09-12 21:02 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\skypePM 2008-09-12 17:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\mIRC 2008-09-08 19:59 --------- dc-h--w C:\Program Files\Zero G Registry 2008-09-06 09:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\PC Suite 2008-09-05 13:33 --------- dc----w C:\Program Files\Common Files\Corel 2008-09-05 13:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-09-05 13:03 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Corel 2008-09-05 13:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Corel 2008-08-22 18:19 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Brainwave 2008-08-17 18:16 --------- dc----w C:\Documents and Settings\Omistaja\Application Data\Winamp 2008-08-17 14:06 --------- dc----w C:\Program Files\Winamp Toolbar 2008-08-17 14:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-07-18 19:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 19:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 19:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll 2008-07-18 19:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 19:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 19:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 19:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 19:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 19:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll 2008-05-04 06:54 1,940 -c--a-w C:\Documents and Settings\Omistaja\Application Data\lebendig.reg 2008-04-16 11:58 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-25 13:53 47,360 -c--a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((( snapshot@2008-10-14_22.27.24,03 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-15 15:03:02 16,384 -c--atw C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360] "CursorXP"="I:\Ohjelmat\CursorsXP\CursorXP.exe" [2005-01-19 128000] "PC Suite Tray"="I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808] "Google Update"="C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016] "USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [2005-09-14 65536] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-22 144792] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480] "Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696] "ZoneAlarm Client"="I:\Program Files\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15360] "Nokia.PCSync"="I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Logitech SetPoint.lnk - I:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-10-08 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=lenxiy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a--c--- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-03-26 18:41 1232896 I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-04-16 12:53 1079808 I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --------- 2007-07-23 13:55 341232 I:\Program Files\Ulead Videostudio\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "I:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "i:\\Program Files\\xchat\\xchat.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "I:\\Program Files\\Azureus\\Azureus.exe"= "I:\\Program Files\\Valve\\Steam\\SteamApps\\jalok1ves\\counter-strike\\hl.exe"= "I:\\Program Files\\mIRC\\mirc.exe"= "I:\\Ohjelmat\\Dc++\\RevConnect\\DCPlusPlus.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-22 147456] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-15 14336] R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2007-10-10 34848] R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 820133] S1 AMTBDA_P861F;anysee Capture Service;C:\WINDOWS\system32\DRIVERS\anyseeTU.SYS [ ] S2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [ ] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db15e3ef-ff56-11dc-a74d-000feacc5edd}] \Shell\AutoRun\command - N:\InstallTomTomHOME.exe . 'Ajoitetut tehtävät'-kansion sisältö 2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job - I:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [] 2008-10-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-10-14 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:24] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-15 18:17:02 Windows 5.1.2600 Service Pack 2 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . Valmistumisajankohta: 2008-10-15 18:18:23 ComboFix-quarantined-files.txt 2008-10-15 15:18:19 ComboFix2.txt 2008-10-14 19:28:14 Ennen ajoa: 3 151 024 128 tavua vapaana Ajon jälkeen: 3,130,068,992 tavua vapaana 294 --- E O F --- 2008-09-09 21:33:02 HJT-loki: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:32:52, on 15.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe I:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\UMStor\Res.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe I:\Program Files\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe I:\Ohjelmat\CursorsXP\CursorXP.exe C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe I:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\explorer.exe I:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/fi/index.php?rvs=hompag&d=79919086 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - I:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] I:\Ohjelmat\CursorsXP\CursorXP.exe O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Omistaja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: lenxiy.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - I:\Program Files\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8476 bytes
