Winudspm.exe:n poistaminen mahdotonta?

Eli koneessani on virus. Nimeltään Winudspm.exe tiedän, että se on kansiossa/kohteessa C:/windows/Winudspm.exe. Juuri MSN photo removerillä olen löytänyt tämän kyseisen kiusaajan mutta se ei kykene poistamaan sitä vaan sanoo, että jotain unable remover. Taas Avas löytää kaikki muut virukset paitsi sen. Onko olemassa mitään ohjelmaa millä tämän viruksen voi poistaa vai onko ainut vaihtoehto Windowsin uudelleenasentaminen?

 

Ei ole mahdotonta, jos vaikka lukisit vähän noita muita postauksia..

 

Harvoin sitä viruksien takia konetta tarvii uudelleen asentaa

Alla ohjeita

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)




Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.


Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

Tuolla on aika paljon samasta asiasta:
http://keskustelu.afterdawn.com/thread_view.cfm/668111

 

Tehty. Miltä näyttää?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58, on 2008-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\winudmr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919387
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: {dd98d38f-00cc-79e9-33a4-8eb2f3ea4566} - {6654ae3f-2be8-4a33-9e97-cc00f83d89dd} - C:\WINDOWS\system32\wkcsbpse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C7B4574D-4482-49AF-9373-3D2EC0CF1656} - C:\WINDOWS\system32\ssqoliGX.dll (file missing)
O2 - BHO: (no name) - {D2ACD584-EEE7-474A-B7E8-48AB5AA345CA} - C:\WINDOWS\system32\hgGXpOhG.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe
O4 - HKLM\..\Run: [087c165a] rundll32.exe "C:\WINDOWS\system32\cowohiep.dll",b
O4 - HKLM\..\Run: [BM0b4f25c6] Rundll32.exe "C:\WINDOWS\system32\somognly.dll",s
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF12689.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98BFA01C-C71C-4063-9113-C866BD3F8EDF}: NameServer = 212.50.211.242 212.50.192.226
O20 - Winlogon Notify: ssqoliGX - ssqoliGX.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

--
End of file - 9435 bytes

 

Hei muista pistää seuraavaan postaukseen combofix.exe raportti. Kiitos.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)




Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)


O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C7B4574D-4482-49AF-9373-3D2EC0CF1656} - C:\WINDOWS\system32\ssqoliGX.dll (file missing)
O2 - BHO: (no name) - {D2ACD584-EEE7-474A-B7E8-48AB5AA345CA} - C:\WINDOWS\system32\hgGXpOhG.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe
O4 - HKLM\..\Run: [087c165a] rundll32.exe "C:\WINDOWS\system32\cowohiep.dll",b
O4 - HKLM\..\Run: [BM0b4f25c6] Rundll32.exe "C:\WINDOWS\system32\somognly.dll",s
O20 - Winlogon Notify: ssqoliGX - ssqoliGX.dll (file missing)


Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

Dodi:

ComboFix 08-06-15.4 - Joonas 2008-06-16 18:23:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.482 [GMT 3:00]
Running from: C:\Documents and Settings\Joonas\Työpöytä\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM0b4f25c6.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaoyuyop.dll
C:\WINDOWS\system32\awttusQJ.dll
C:\WINDOWS\system32\byefobjo.ini
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\cmrsymwu.dll
C:\WINDOWS\system32\cnatrfby.ini
C:\WINDOWS\system32\ctjxkoml.dll
C:\WINDOWS\system32\ddcsuebm.dll
C:\WINDOWS\system32\efcYOigE.dll
C:\WINDOWS\system32\fcccARif.dll
C:\WINDOWS\system32\fccyyWOg.dll
C:\WINDOWS\system32\GhOpXGgh.ini
C:\WINDOWS\system32\GhOpXGgh.ini2
C:\WINDOWS\system32\hgGXpOhG.dll
C:\WINDOWS\system32\hiyofoym.ini
C:\WINDOWS\system32\jkkJcYol.dll
C:\WINDOWS\system32\JQsuttwa.ini
C:\WINDOWS\system32\JQsuttwa.ini2
C:\WINDOWS\system32\lmokxjtc.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\nhetwwaa.ini
C:\WINDOWS\system32\nnnnKefG.dll
C:\WINDOWS\system32\noynlvbq.ini
C:\WINDOWS\system32\oolrmhax.dll
C:\WINDOWS\system32\peihowoc.ini
C:\WINDOWS\system32\pmnkLEuV.dll
C:\WINDOWS\system32\poyuyoaa.ini
C:\WINDOWS\system32\qcdfpyer.dll
C:\WINDOWS\system32\qontxytc.dll
C:\WINDOWS\system32\qvaljahs.dll
C:\WINDOWS\system32\rqRLcBss.dll
C:\WINDOWS\system32\sqjwgnjj.dll
C:\WINDOWS\system32\sqvrkptk.ini
C:\WINDOWS\system32\ssBcLRqr.ini
C:\WINDOWS\system32\ssBcLRqr.ini2
C:\WINDOWS\system32\ssqoliGX.dll
C:\WINDOWS\system32\ssqRHBrp.dll
C:\WINDOWS\system32\tuvTjHBU.dll
C:\WINDOWS\system32\uakbbnas.dll
C:\WINDOWS\system32\vqfssvai.ini
C:\WINDOWS\system32\VuELknmp.ini
C:\WINDOWS\system32\VuELknmp.ini2
C:\WINDOWS\system32\wvUllmMF.dll
C:\WINDOWS\system32\yayyXRKe.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-16 to 2008-06-16 )))))))))))))))))
.

2008-06-16 17:20 . 2008-06-16 17:21 36,465 --a------ C:\p.exe
2008-06-16 15:35 . 2008-06-16 15:35 99,328 --a------ C:\WINDOWS\system32\wkcsbpse.dll
2008-06-16 15:33 . 2008-06-16 15:33 90,112 --a------ C:\WINDOWS\system32\somognly.dll
2008-06-16 15:33 . 2008-06-16 15:33 81,408 --a------ C:\WINDOWS\system32\cowohiep.dll
2008-06-16 14:39 . 2008-06-16 14:39 99,328 --a------ C:\WINDOWS\system32\npokbphx.dll
2008-06-16 14:37 . 2008-06-16 14:37 90,112 --a------ C:\WINDOWS\system32\wrttfuao.dll
2008-06-16 13:36 . 2008-06-16 13:36 99,328 --a------ C:\WINDOWS\system32\tbqpnsli.dll
2008-06-16 13:34 . 2008-06-16 13:34 90,112 --a------ C:\WINDOWS\system32\vsgmwege.dll
2008-06-16 13:31 . 2008-06-16 13:30 36,465 -r-hs---- C:\WINDOWS\winudpmgrs.exe
2008-06-15 11:03 . 2008-06-15 11:03 98,304 --a------ C:\WINDOWS\system32\baqxsmui.dll
2008-06-15 11:00 . 2008-06-15 11:00 80,896 --a------ C:\WINDOWS\system32\ybfrtanc.dll
2008-06-15 10:57 . 2008-06-15 10:57 89,600 --a------ C:\WINDOWS\system32\plrtlmqh.dll
2008-06-13 10:56 . 2008-06-13 10:56 1,660,412 ---hs---- C:\WINDOWS\system32\hiyofoym.tmp
2008-06-12 19:58 . 2008-06-12 19:59 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2008-06-12 19:47 . 2008-06-12 19:47 45,056 --------- C:\is155815.exe
2008-06-12 17:37 . 2008-06-12 17:37 80,896 --a------ C:\WINDOWS\system32\ojbofeyb.dll
2008-06-12 08:39 . 2008-06-12 11:58 2,232 --a------ C:\is15932.exe
2008-06-11 09:11 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 09:11 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:46 . 2008-06-10 20:58 45,056 --------- C:\mzdza.exe
2008-06-10 15:08 . 2008-06-10 15:08 29,334 -r-hs---- C:\WINDOWS\winudmr.exe
2008-06-09 10:13 . 2008-06-09 10:13 29,342 --a------ C:\pf.exe
2008-06-09 10:13 . 2008-06-10 20:47 2,231 --a------ C:\ps.exe
2008-06-06 10:10 . 2008-06-06 12:34 2,232 --a------ C:\fs.exe
2008-06-06 10:10 . 2008-06-06 12:34 2,232 --a------ C:\fa.exe
2008-06-06 10:10 . 2008-06-06 10:10 2,232 --a------ C:\f.exe
2008-06-05 19:49 . 2008-06-06 13:37 <KANSIO> d-------- C:\Program Files\StarWarsGalaxies
2008-06-04 15:44 . 2008-06-04 18:19 3,424 --a------ C:\is155400.exe
2008-06-03 15:17 . 2008-06-04 14:30 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 03:56 . 2008-06-03 03:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-02 16:04 . 2008-06-01 19:13 <KANSIO> d-a------ C:\SDFix
2008-05-30 19:33 . 2008-05-30 19:33 83,400 --a------ C:\img.exe
2008-05-29 16:30 . 2008-05-29 16:30 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-24 18:33 . 2008-05-24 18:35 <KANSIO> d-------- C:\Program Files\BattleLauncher
2008-05-24 18:33 . 2008-05-24 18:33 92,728 --a------ C:\WINDOWS\system32\bass.dll
2008-05-21 18:34 . 2008-05-21 18:34 <KANSIO> d-------- C:\Documents and Settings\Joonas\Application Data\InstallShield Installation Information
2008-05-21 18:03 . 2008-05-21 18:03 <KANSIO> d-------- C:\Program Files\Unreal Tournament 3
2008-05-21 18:03 . 2008-05-21 18:03 <KANSIO> d-------- C:\Program Files\DIFX
2008-05-21 18:02 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-21 18:02 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-21 18:02 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-21 17:32 . 1997-02-26 00:00 167,936 --a------ C:\WINDOWS\setup1.exe
2008-05-21 17:32 . 2000-06-08 17:00 99,866 --a------ C:\WINDOWS\system32\VB5DE.dll
2008-05-21 17:32 . 1997-02-26 00:00 72,704 --a------ C:\WINDOWS\ST5UNST.EXE
2008-05-21 17:32 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
2008-05-21 17:32 . 2008-05-21 17:32 7,262 --a------ C:\WINDOWS\SETUP.LST
2008-05-21 17:32 . 2008-05-21 17:33 2,390 --a------ C:\WINDOWS\ST5UNST.000
2008-05-19 18:16 . 2008-05-19 18:16 <KANSIO> d-------- C:\Documents and Settings\Anni\Application Data\Xfire
2008-05-19 17:19 . 2008-05-19 17:20 <KANSIO> d-------- C:\Documents and Settings\Anni\Application Data\BitTorrent

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 15:34 --------- d-----w C:\Documents and Settings\Joonas\Application Data\DNA
2008-06-16 14:32 --------- d-----w C:\Program Files\Opera
2008-06-15 18:22 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Xfire
2008-06-14 14:53 --------- d-----w C:\Program Files\RevConnect
2008-06-13 10:07 2,938 ----a-w C:\Documents and Settings\Pasi ja Minna\Application Data\wklnhst.dat
2008-06-11 10:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-11 10:10 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-10 11:51 --------- d-s---w C:\Program Files\Xfire
2008-06-05 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:40 --------- d-----w C:\Program Files\Bethesda Softworks
2008-06-02 14:36 --------- d-----w C:\Program Files\EA GAMES
2008-06-02 14:36 --------- d-----w C:\Documents and Settings\Joonas\Application Data\My Battle for Middle-earth Files
2008-05-29 17:59 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-29 17:59 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-29 17:59 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-05-26 14:49 --------- d-----w C:\Program Files\Electronic Arts
2008-05-25 08:07 --------- d-----w C:\Documents and Settings\Joonas\Application Data\BitTorrent
2008-05-24 07:31 --------- d-----w C:\Program Files\EA SPORTS
2008-05-21 15:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 15:02 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-19 18:36 6,002 ----a-w C:\Documents and Settings\Joonas\Application Data\wklnhst.dat
2008-05-17 14:31 --------- d-----w C:\Program Files\City Interactive
2008-05-17 14:30 --------- d-----w C:\Program Files\Activision
2008-05-16 14:37 --------- d-----w C:\Program Files\Atari-Infogrames
2008-05-16 14:36 --------- d-----w C:\Program Files\Downloads
2008-05-16 14:22 --------- d-----w C:\Program Files\Prima Games
2008-05-16 14:19 --------- d-----w C:\Program Files\LucasArts
2008-05-16 14:10 --------- d-----w C:\Program Files\Infogrames
2008-05-15 09:38 --------- d-----w C:\Program Files\EML
2008-05-10 18:20 --------- d-----w C:\Program Files\Global Star Software
2008-05-10 14:19 --------- d-----w C:\Program Files\DNA
2008-05-10 14:19 --------- d-----w C:\Program Files\BitTorrent
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 15:09 33,014 ----a-w C:\Documents and Settings\Minna\Application Data\wklnhst.dat
2008-05-07 10:38 --------- d-----w C:\Program Files\Smart Install Maker
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 18:28 --------- d-----w C:\Program Files\Rockstar Games
2008-05-02 14:16 --------- d-----w C:\Documents and Settings\Joonas\Application Data\teamspeak2
2008-05-01 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 19:06 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Move Networks
2008-04-17 16:59 --------- d-----w C:\Program Files\Java
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 15:05 8,192 ----a-w C:\WINDOWS\system32\cidaemon.exe
2007-12-10 17:20 258 ----a-w C:\Documents and Settings\Anni\Application Data\wklnhst.dat
2007-11-20 06:45 22,328 ----a-w C:\Documents and Settings\Joonas\Application Data\PnkBstrK.sys
2007-10-01 10:56 73,016 ----a-w C:\Documents and Settings\Minna\Application Data\GDIPFONTCACHEV1.DAT
2005-10-01 15:18 72,240 ----a-w C:\Documents and Settings\Joonas\Application Data\GDIPFONTCACHEV1.DAT
2005-09-20 13:44 542,572 ----a-w C:\Program Files\MyList.DcLst
2004-12-02 19:51 102,447 ----a-w C:\Program Files\ChangeLog.txt
.

PS:
Kun yaht laitoit hieman erilaiset ohjeet kun mitä ensin tuli pitääkö minun tehdä koko homma uusiksi noilla uusilla ohjeilla?

 

Eli seuraat ohjeita kohta kohdalta mutta combofix.exe latauksen voit jättää väliin jos se sinulla on jo ladattuna.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)




Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)


O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C7B4574D-4482-49AF-9373-3D2EC0CF1656} - C:\WINDOWS\system32\ssqoliGX.dll (file missing)
O2 - BHO: (no name) - {D2ACD584-EEE7-474A-B7E8-48AB5AA345CA} - C:\WINDOWS\system32\hgGXpOhG.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe
O4 - HKLM\..\Run: [087c165a] rundll32.exe "C:\WINDOWS\system32\cowohiep.dll",b
O4 - HKLM\..\Run: [BM0b4f25c6] Rundll32.exe "C:\WINDOWS\system32\somognly.dll",s
O20 - Winlogon Notify: ssqoliGX - ssqoliGX.dll (file missing)


Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

Tämmöstä....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:31, on 16.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919387
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: {dd98d38f-00cc-79e9-33a4-8eb2f3ea4566} - {6654ae3f-2be8-4a33-9e97-cc00f83d89dd} - C:\WINDOWS\system32\wkcsbpse.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98BFA01C-C71C-4063-9113-C866BD3F8EDF}: NameServer = 212.50.211.242 212.50.192.226
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

--
End of file - 8563 bytes






Ja




ComboFix 08-06-15.4 - Joonas 2008-06-16 20:03:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.626 [GMT 3:00]
Running from: C:\Documents and Settings\Joonas\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joonas\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\f.exe
C:\p.exe
.
---- Previous Run -------
.
C:\WINDOWS\BM0b4f25c6.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaoyuyop.dll
C:\WINDOWS\system32\awttusQJ.dll
C:\WINDOWS\system32\byefobjo.ini
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\cmrsymwu.dll
C:\WINDOWS\system32\cnatrfby.ini
C:\WINDOWS\system32\ctjxkoml.dll
C:\WINDOWS\system32\ddcsuebm.dll
C:\WINDOWS\system32\efcYOigE.dll
C:\WINDOWS\system32\fcccARif.dll
C:\WINDOWS\system32\fccyyWOg.dll
C:\WINDOWS\system32\GhOpXGgh.ini
C:\WINDOWS\system32\GhOpXGgh.ini2
C:\WINDOWS\system32\hgGXpOhG.dll
C:\WINDOWS\system32\hiyofoym.ini
C:\WINDOWS\system32\jkkJcYol.dll
C:\WINDOWS\system32\JQsuttwa.ini
C:\WINDOWS\system32\JQsuttwa.ini2
C:\WINDOWS\system32\lmokxjtc.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\nhetwwaa.ini
C:\WINDOWS\system32\nnnnKefG.dll
C:\WINDOWS\system32\noynlvbq.ini
C:\WINDOWS\system32\oolrmhax.dll
C:\WINDOWS\system32\peihowoc.ini
C:\WINDOWS\system32\pmnkLEuV.dll
C:\WINDOWS\system32\poyuyoaa.ini
C:\WINDOWS\system32\qcdfpyer.dll
C:\WINDOWS\system32\qontxytc.dll
C:\WINDOWS\system32\qvaljahs.dll
C:\WINDOWS\system32\rqRLcBss.dll
C:\WINDOWS\system32\sqjwgnjj.dll
C:\WINDOWS\system32\sqvrkptk.ini
C:\WINDOWS\system32\ssBcLRqr.ini
C:\WINDOWS\system32\ssBcLRqr.ini2
C:\WINDOWS\system32\ssqoliGX.dll
C:\WINDOWS\system32\ssqRHBrp.dll
C:\WINDOWS\system32\tuvTjHBU.dll
C:\WINDOWS\system32\uakbbnas.dll
C:\WINDOWS\system32\vqfssvai.ini
C:\WINDOWS\system32\VuELknmp.ini
C:\WINDOWS\system32\VuELknmp.ini2
C:\WINDOWS\system32\wvUllmMF.dll
C:\WINDOWS\system32\yayyXRKe.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-16 to 2008-06-16 )))))))))))))))))
.

C:\ComboFix\CreateC00.bat .
C:\ComboFix\CreateC00 .
2008-06-16 20:01 . 2008-06-16 20:01 389,120 --a------ C:\a.com
2008-06-16 18:57 . 2008-06-16 18:57 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-16 15:35 . 2008-06-16 15:35 99,328 --a------ C:\WINDOWS\system32\wkcsbpse.dll
2008-06-16 15:33 . 2008-06-16 15:33 90,112 --a------ C:\WINDOWS\system32\somognly.dll
2008-06-16 15:33 . 2008-06-16 15:33 81,408 --a------ C:\WINDOWS\system32\cowohiep.dll
2008-06-16 14:39 . 2008-06-16 14:39 99,328 --a------ C:\WINDOWS\system32\npokbphx.dll
2008-06-16 14:37 . 2008-06-16 14:37 90,112 --a------ C:\WINDOWS\system32\wrttfuao.dll
2008-06-16 13:36 . 2008-06-16 13:36 99,328 --a------ C:\WINDOWS\system32\tbqpnsli.dll
2008-06-16 13:34 . 2008-06-16 13:34 90,112 --a------ C:\WINDOWS\system32\vsgmwege.dll
2008-06-16 13:31 . 2008-06-16 19:03 36,465 -r-hs---- C:\WINDOWS\winudpmgrs.exe
2008-06-15 11:03 . 2008-06-15 11:03 98,304 --a------ C:\WINDOWS\system32\baqxsmui.dll
2008-06-15 11:00 . 2008-06-15 11:00 80,896 --a------ C:\WINDOWS\system32\ybfrtanc.dll
2008-06-15 10:57 . 2008-06-15 10:57 89,600 --a------ C:\WINDOWS\system32\plrtlmqh.dll
2008-06-13 10:56 . 2008-06-13 10:56 1,660,412 ---hs---- C:\WINDOWS\system32\hiyofoym.tmp
2008-06-12 19:58 . 2008-06-12 19:59 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2008-06-12 19:47 . 2008-06-12 19:47 45,056 --------- C:\is155815.exe
2008-06-12 17:37 . 2008-06-12 17:37 80,896 --a------ C:\WINDOWS\system32\ojbofeyb.dll
2008-06-12 08:39 . 2008-06-12 11:58 2,232 --a------ C:\is15932.exe
2008-06-11 09:11 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 09:11 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:46 . 2008-06-10 20:58 45,056 --------- C:\mzdza.exe
2008-06-10 15:08 . 2008-06-10 15:08 29,334 -r-hs---- C:\WINDOWS\winudmr.exe
2008-06-09 10:13 . 2008-06-09 10:13 29,342 --a------ C:\pf.exe
2008-06-09 10:13 . 2008-06-10 20:47 2,231 --a------ C:\ps.exe
2008-06-06 10:10 . 2008-06-06 12:34 2,232 --a------ C:\fs.exe
2008-06-06 10:10 . 2008-06-06 12:34 2,232 --a------ C:\fa.exe
2008-06-05 19:49 . 2008-06-06 13:37 <KANSIO> d-------- C:\Program Files\StarWarsGalaxies
2008-06-04 15:44 . 2008-06-04 18:19 3,424 --a------ C:\is155400.exe
2008-06-03 15:17 . 2008-06-04 14:30 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 03:56 . 2008-06-03 03:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-02 16:04 . 2008-06-01 19:13 <KANSIO> d-a------ C:\SDFix
2008-05-30 19:33 . 2008-05-30 19:33 83,400 --a------ C:\img.exe
2008-05-29 16:30 . 2008-05-29 16:30 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-24 18:33 . 2008-05-24 18:35 <KANSIO> d-------- C:\Program Files\BattleLauncher
2008-05-24 18:33 . 2008-05-24 18:33 92,728 --a------ C:\WINDOWS\system32\bass.dll
2008-05-21 18:34 . 2008-05-21 18:34 <KANSIO> d-------- C:\Documents and Settings\Joonas\Application Data\InstallShield Installation Information
2008-05-21 18:03 . 2008-05-21 18:03 <KANSIO> d-------- C:\Program Files\Unreal Tournament 3
2008-05-21 18:03 . 2008-05-21 18:03 <KANSIO> d-------- C:\Program Files\DIFX
2008-05-21 18:02 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-21 18:02 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-21 18:02 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-21 17:32 . 1997-02-26 00:00 167,936 --a------ C:\WINDOWS\setup1.exe
2008-05-21 17:32 . 2000-06-08 17:00 99,866 --a------ C:\WINDOWS\system32\VB5DE.dll
2008-05-21 17:32 . 1997-02-26 00:00 72,704 --a------ C:\WINDOWS\ST5UNST.EXE
2008-05-21 17:32 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
2008-05-21 17:32 . 2008-05-21 17:32 7,262 --a------ C:\WINDOWS\SETUP.LST
2008-05-21 17:32 . 2008-05-21 17:33 2,390 --a------ C:\WINDOWS\ST5UNST.000
2008-05-19 18:16 . 2008-05-19 18:16 <KANSIO> d-------- C:\Documents and Settings\Anni\Application Data\Xfire
2008-05-19 17:19 . 2008-05-19 17:20 <KANSIO> d-------- C:\Documents and Settings\Anni\Application Data\BitTorrent

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 17:09 --------- d-----w C:\Documents and Settings\Joonas\Application Data\DNA
2008-06-16 17:02 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Xfire
2008-06-16 14:32 --------- d-----w C:\Program Files\Opera
2008-06-14 14:53 --------- d-----w C:\Program Files\RevConnect
2008-06-13 10:07 2,938 ----a-w C:\Documents and Settings\Pasi ja Minna\Application Data\wklnhst.dat
2008-06-11 10:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-11 10:10 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-10 11:51 --------- d-s---w C:\Program Files\Xfire
2008-06-05 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:40 --------- d-----w C:\Program Files\Bethesda Softworks
2008-06-02 14:36 --------- d-----w C:\Program Files\EA GAMES
2008-06-02 14:36 --------- d-----w C:\Documents and Settings\Joonas\Application Data\My Battle for Middle-earth Files
2008-05-29 17:59 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-29 17:59 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-29 17:59 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-05-26 14:49 --------- d-----w C:\Program Files\Electronic Arts
2008-05-25 08:07 --------- d-----w C:\Documents and Settings\Joonas\Application Data\BitTorrent
2008-05-24 07:31 --------- d-----w C:\Program Files\EA SPORTS
2008-05-21 15:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 15:02 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-19 18:36 6,002 ----a-w C:\Documents and Settings\Joonas\Application Data\wklnhst.dat
2008-05-17 14:31 --------- d-----w C:\Program Files\City Interactive
2008-05-17 14:30 --------- d-----w C:\Program Files\Activision
2008-05-16 14:37 --------- d-----w C:\Program Files\Atari-Infogrames
2008-05-16 14:36 --------- d-----w C:\Program Files\Downloads
2008-05-16 14:22 --------- d-----w C:\Program Files\Prima Games
2008-05-16 14:19 --------- d-----w C:\Program Files\LucasArts
2008-05-16 14:10 --------- d-----w C:\Program Files\Infogrames
2008-05-15 09:38 --------- d-----w C:\Program Files\EML
2008-05-10 18:20 --------- d-----w C:\Program Files\Global Star Software
2008-05-10 14:19 --------- d-----w C:\Program Files\DNA
2008-05-10 14:19 --------- d-----w C:\Program Files\BitTorrent
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 15:09 33,014 ----a-w C:\Documents and Settings\Minna\Application Data\wklnhst.dat
2008-05-07 10:38 --------- d-----w C:\Program Files\Smart Install Maker
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 18:28 --------- d-----w C:\Program Files\Rockstar Games
2008-05-02 14:16 --------- d-----w C:\Documents and Settings\Joonas\Application Data\teamspeak2
2008-05-01 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 19:06 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Move Networks
2008-04-17 16:59 --------- d-----w C:\Program Files\Java
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 15:05 8,192 ----a-w C:\WINDOWS\system32\cidaemon.exe
2007-12-10 17:20 258 ----a-w C:\Documents and Settings\Anni\Application Data\wklnhst.dat
2007-11-20 06:45 22,328 ----a-w C:\Documents and Settings\Joonas\Application Data\PnkBstrK.sys
2007-10-01 10:56 73,016 ----a-w C:\Documents and Settings\Minna\Application Data\GDIPFONTCACHEV1.DAT
2005-10-01 15:18 72,240 ----a-w C:\Documents and Settings\Joonas\Application Data\GDIPFONTCACHEV1.DAT
2005-09-20 13:44 542,572 ----a-w C:\Program Files\MyList.DcLst
2004-12-02 19:51 102,447 ----a-w C:\Program Files\ChangeLog.txt
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6654ae3f-2be8-4a33-9e97-cc00f83d89dd}]
2008-06-16 15:35 99328 --a------ C:\WINDOWS\system32\wkcsbpse.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7B4574D-4482-49AF-9373-3D2EC0CF1656}]
C:\WINDOWS\system32\ssqoliGX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2ACD584-EEE7-474A-B7E8-48AB5AA345CA}]
C:\WINDOWS\system32\hgGXpOhG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"Steam"="c:\progra~1\valve\steam\steam.exe" [2008-04-18 21:11 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 17:16 171464]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-10 17:19 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 03:11 50688]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 20:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-21 19:48 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-03 13:58 1655552]
"Windows svchost"="ups.exe" [2004-09-15 15:00 18432 C:\WINDOWS\system32\ups.exe]
"Windows Controls Center"="winudmr.exe" [2008-06-10 15:08 29334 C:\WINDOWS\winudmr.exe]
"087c165a"="C:\WINDOWS\system32\cowohiep.dll" [2008-06-16 15:33 81408]
"BM0b4f25c6"="C:\WINDOWS\system32\somognly.dll" [2008-06-16 15:33 90112]
"combofix"="C:\WINDOWS\system32\CF12689.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Joonas\K&#8222;ynnist&#8222;-valikko\Ohjelmat\K&#8222;ynnistys\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-03 03:56:46 3017040]

C:\Documents and Settings\All Users\K&#8222;ynnist&#8222;-valikko\Ohjelmat\K&#8222;ynnistys\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C7B4574D-4482-49AF-9373-3D2EC0CF1656}"= C:\WINDOWS\system32\ssqoliGX.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoliGX]
ssqoliGX.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Freeciv-2.0.0\\civserver.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"=
"C:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Server\\BF2142_w32ded.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gobraza\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gobraza\\condition zero\\hl.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Documents and Settings\\Joonas\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\LaunchEAW.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-29 20:59]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-29 20:59]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 bck0b4b4;bck0b4b4;C:\DOCUME~1\Joonas\LOCALS~1\Temp\221pP62 []
S3 krdpdre;krdpdre;C:\DOCUME~1\Joonas\LOCALS~1\Temp\krdpdre.sys []
S3 we8fb4b3;we8fb4b3;C:\DOCUME~1\Joonas\LOCALS~1\Temp\2IoziO []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-14 06:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 17:12:16 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\ComboFix\temp00
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 20:08:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bck0b4b4]
"ImagePath"="\??\C:\DOCUME~1\Joonas\LOCALS~1\Temp\221pP62"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\we8fb4b3]
"ImagePath"="\??\C:\DOCUME~1\Joonas\LOCALS~1\Temp\2IoziO"
.
Completion time: 2008-06-16 20:18:23
ComboFix-quarantined-files.txt 2008-06-16 17:18:17

Pre-Run: 119,687,610,368 tavua vapaana
Post-Run: 120,099,545,088 tavua vapaana

299 --- E O F --- 2008-06-11 07:45:28

PS: Vielä näytti sillä MSN photo removerillä löytävän sen C:/windows/Winudspm.exe ja tuli taas unable to remove. Eli ei taida olla kone vielä puhdas?

 

Poista Avast ja asenna se uudelleen.

Järjestelmän palauttamisen poistaminen käytöstä
Voit poistaa järjestelmän palauttamisen käytöstä seuraavasti:

1.Napsauta Käynnistä-painiketta, napsauta Oma tietokone -kuvaketta hiiren kakkospainikkeella ja valitse sitten Ominaisuudet.

2.Valitse Järjestelmän palauttaminen -välilehti.

3.Valitse Poista järjestelmän palauttaminen käytöstä -valintaruutu (tai Poista järjestelmän palauttaminen käytöstä kaikissa asemissa -valintaruutu) ja valitse sitten OK.

4.Valitse Kyllä, kun näyttöön tulee kehote järjestelmän palauttamisen poistamisesta käytöstä.

Käynnistä kone uudelleen ja jatka ohjeita.


1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)




Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)


O2 - BHO: {dd98d38f-00cc-79e9-33a4-8eb2f3ea4566} - {6654ae3f-2be8-4a33-9e97-cc00f83d89dd} - C:\WINDOWS\system32\wkcsbpse.dll


Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:11, on 17.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919387
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98BFA01C-C71C-4063-9113-C866BD3F8EDF}: NameServer = 212.50.211.242 212.50.192.226
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

--
End of file - 8514 bytes



ComboFix 08-06-15.4 - Joonas 2008-06-16 20:03:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.626 [GMT 3:00]
Running from: C:\Documents and Settings\Joonas\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joonas\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\f.exe
C:\p.exe
.
---- Previous Run -------
.
C:\WINDOWS\BM0b4f25c6.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaoyuyop.dll
C:\WINDOWS\system32\awttusQJ.dll
C:\WINDOWS\system32\byefobjo.ini
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\cmrsymwu.dll
C:\WINDOWS\system32\cnatrfby.ini
C:\WINDOWS\system32\ctjxkoml.dll
C:\WINDOWS\system32\ddcsuebm.dll
C:\WINDOWS\system32\efcYOigE.dll
C:\WINDOWS\system32\fcccARif.dll
C:\WINDOWS\system32\fccyyWOg.dll
C:\WINDOWS\system32\GhOpXGgh.ini
C:\WINDOWS\system32\GhOpXGgh.ini2
C:\WINDOWS\system32\hgGXpOhG.dll
C:\WINDOWS\system32\hiyofoym.ini
C:\WINDOWS\system32\jkkJcYol.dll
C:\WINDOWS\system32\JQsuttwa.ini
C:\WINDOWS\system32\JQsuttwa.ini2
C:\WINDOWS\system32\lmokxjtc.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\nhetwwaa.ini
C:\WINDOWS\system32\nnnnKefG.dll
C:\WINDOWS\system32\noynlvbq.ini
C:\WINDOWS\system32\oolrmhax.dll
C:\WINDOWS\system32\peihowoc.ini
C:\WINDOWS\system32\pmnkLEuV.dll
C:\WINDOWS\system32\poyuyoaa.ini
C:\WINDOWS\system32\qcdfpyer.dll
C:\WINDOWS\system32\qontxytc.dll
C:\WINDOWS\system32\qvaljahs.dll
C:\WINDOWS\system32\rqRLcBss.dll
C:\WINDOWS\system32\sqjwgnjj.dll
C:\WINDOWS\system32\sqvrkptk.ini
C:\WINDOWS\system32\ssBcLRqr.ini
C:\WINDOWS\system32\ssBcLRqr.ini2
C:\WINDOWS\system32\ssqoliGX.dll
C:\WINDOWS\system32\ssqRHBrp.dll
C:\WINDOWS\system32\tuvTjHBU.dll
C:\WINDOWS\system32\uakbbnas.dll
C:\WINDOWS\system32\vqfssvai.ini
C:\WINDOWS\system32\VuELknmp.ini
C:\WINDOWS\system32\VuELknmp.ini2
C:\WINDOWS\system32\wvUllmMF.dll
C:\WINDOWS\system32\yayyXRKe.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-16 to 2008-06-16 )))))))))))))))))
.

C:\ComboFix\CreateC00.bat .
C:\ComboFix\CreateC00 .
2008-06-16 20:01 . 2008-06-16 20:01 389,120 --a------ C:\a.com
2008-06-16 18:57 . 2008-06-16 18:57 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-16 15:35 . 2008-06-16 15:35 99,328 --a------ C:\WINDOWS\system32\wkcsbpse.dll
2008-06-16 15:33 . 2008-06-16 15:33 90,112 --a------ C:\WINDOWS\system32\somognly.dll
2008-06-16 15:33 . 2008-06-16 15:33 81,408 --a------ C:\WINDOWS\system32\cowohiep.dll
2008-06-16 14:39 . 2008-06-16 14:39 99,328 --a------ C:\WINDOWS\system32\npokbphx.dll
2008-06-16 14:37 . 2008-06-16 14:37 90,112 --a------ C:\WINDOWS\system32\wrttfuao.dll
2008-06-16 13:36 . 2008-06-16 13:36 99,328 --a------ C:\WINDOWS\system32\tbqpnsli.dll
2008-06-16 13:34 . 2008-06-16 13:34 90,112 --a------ C:\WINDOWS\system32\vsgmwege.dll
2008-06-16 13:31 . 2008-06-16 19:03 36,465 -r-hs---- C:\WINDOWS\winudpmgrs.exe
2008-06-15 11:03 . 2008-06-15 11:03 98,304 --a------ C:\WINDOWS\system32\baqxsmui.dll
2008-06-15 11:00 . 2008-06-15 11:00 80,896 --a------ C:\WINDOWS\system32\ybfrtanc.dll
2008-06-15 10:57 . 2008-06-15 10:57 89,600 --a------ C:\WINDOWS\system32\plrtlmqh.dll
2008-06-13 10:56 . 2008-06-13 10:56 1,660,412 ---hs---- C:\WINDOWS\system32\hiyofoym.tmp
2008-06-12 19:58 . 2008-06-12 19:59 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2008-06-12 19:47 . 2008-06-12 19:47 45,056 --------- C:\is155815.exe
2008-06-12 17:37 . 2008-06-12 17:37 80,896 --a------ C:\WINDOWS\system32\ojbofeyb.dll
2008-06-12 08:39 . 2008-06-12 11:58 2,232 --a------ C:\is15932.exe
2008-06-11 09:11 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 09:11 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:46 . 2008-06-10 20:58 45,056 --------- C:\mzdza.exe
2008-06-10 15:08 . 2008-06-10 15:08 29,334 -r-hs---- C:\WINDOWS\winudmr.exe
2008-06-09 10:13 . 2008-06-09 10:13 29,342 --a------ C:\pf.exe
2008-06-09 10:13 . 2008-06-10 20:47 2,231 --a------ C:\ps.exe
2008-06-06 10:10 . 2008-06-06 12:34 2,232 --a------ C:\fs.exe
2008-06-06 10:10 . 2008-06-06 12:34 2,232 --a------ C:\fa.exe
2008-06-05 19:49 . 2008-06-06 13:37 <KANSIO> d-------- C:\Program Files\StarWarsGalaxies
2008-06-04 15:44 . 2008-06-04 18:19 3,424 --a------ C:\is155400.exe
2008-06-03 15:17 . 2008-06-04 14:30 3,423 --a------ C:\WINDOWS\is154890.exe
2008-06-03 03:56 . 2008-06-03 03:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-02 16:04 . 2008-06-01 19:13 <KANSIO> d-a------ C:\SDFix
2008-05-30 19:33 . 2008-05-30 19:33 83,400 --a------ C:\img.exe
2008-05-29 16:30 . 2008-05-29 16:30 56,832 -r-hs---- C:\WINDOWS\winudspm.exe
2008-05-24 18:33 . 2008-05-24 18:35 <KANSIO> d-------- C:\Program Files\BattleLauncher
2008-05-24 18:33 . 2008-05-24 18:33 92,728 --a------ C:\WINDOWS\system32\bass.dll
2008-05-21 18:34 . 2008-05-21 18:34 <KANSIO> d-------- C:\Documents and Settings\Joonas\Application Data\InstallShield Installation Information
2008-05-21 18:03 . 2008-05-21 18:03 <KANSIO> d-------- C:\Program Files\Unreal Tournament 3
2008-05-21 18:03 . 2008-05-21 18:03 <KANSIO> d-------- C:\Program Files\DIFX
2008-05-21 18:02 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-21 18:02 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-21 18:02 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-21 17:32 . 1997-02-26 00:00 167,936 --a------ C:\WINDOWS\setup1.exe
2008-05-21 17:32 . 2000-06-08 17:00 99,866 --a------ C:\WINDOWS\system32\VB5DE.dll
2008-05-21 17:32 . 1997-02-26 00:00 72,704 --a------ C:\WINDOWS\ST5UNST.EXE
2008-05-21 17:32 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
2008-05-21 17:32 . 2008-05-21 17:32 7,262 --a------ C:\WINDOWS\SETUP.LST
2008-05-21 17:32 . 2008-05-21 17:33 2,390 --a------ C:\WINDOWS\ST5UNST.000
2008-05-19 18:16 . 2008-05-19 18:16 <KANSIO> d-------- C:\Documents and Settings\Anni\Application Data\Xfire
2008-05-19 17:19 . 2008-05-19 17:20 <KANSIO> d-------- C:\Documents and Settings\Anni\Application Data\BitTorrent

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 17:09 --------- d-----w C:\Documents and Settings\Joonas\Application Data\DNA
2008-06-16 17:02 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Xfire
2008-06-16 14:32 --------- d-----w C:\Program Files\Opera
2008-06-14 14:53 --------- d-----w C:\Program Files\RevConnect
2008-06-13 10:07 2,938 ----a-w C:\Documents and Settings\Pasi ja Minna\Application Data\wklnhst.dat
2008-06-11 10:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-11 10:10 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-10 11:51 --------- d-s---w C:\Program Files\Xfire
2008-06-05 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 14:40 --------- d-----w C:\Program Files\Bethesda Softworks
2008-06-02 14:36 --------- d-----w C:\Program Files\EA GAMES
2008-06-02 14:36 --------- d-----w C:\Documents and Settings\Joonas\Application Data\My Battle for Middle-earth Files
2008-05-29 17:59 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-29 17:59 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-29 17:59 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-05-26 14:49 --------- d-----w C:\Program Files\Electronic Arts
2008-05-25 08:07 --------- d-----w C:\Documents and Settings\Joonas\Application Data\BitTorrent
2008-05-24 07:31 --------- d-----w C:\Program Files\EA SPORTS
2008-05-21 15:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 15:02 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-19 18:36 6,002 ----a-w C:\Documents and Settings\Joonas\Application Data\wklnhst.dat
2008-05-17 14:31 --------- d-----w C:\Program Files\City Interactive
2008-05-17 14:30 --------- d-----w C:\Program Files\Activision
2008-05-16 14:37 --------- d-----w C:\Program Files\Atari-Infogrames
2008-05-16 14:36 --------- d-----w C:\Program Files\Downloads
2008-05-16 14:22 --------- d-----w C:\Program Files\Prima Games
2008-05-16 14:19 --------- d-----w C:\Program Files\LucasArts
2008-05-16 14:10 --------- d-----w C:\Program Files\Infogrames
2008-05-15 09:38 --------- d-----w C:\Program Files\EML
2008-05-10 18:20 --------- d-----w C:\Program Files\Global Star Software
2008-05-10 14:19 --------- d-----w C:\Program Files\DNA
2008-05-10 14:19 --------- d-----w C:\Program Files\BitTorrent
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 15:09 33,014 ----a-w C:\Documents and Settings\Minna\Application Data\wklnhst.dat
2008-05-07 10:38 --------- d-----w C:\Program Files\Smart Install Maker
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 18:28 --------- d-----w C:\Program Files\Rockstar Games
2008-05-02 14:16 --------- d-----w C:\Documents and Settings\Joonas\Application Data\teamspeak2
2008-05-01 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-21 07:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 19:06 --------- d-----w C:\Documents and Settings\Joonas\Application Data\Move Networks
2008-04-17 16:59 --------- d-----w C:\Program Files\Java
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 15:05 8,192 ----a-w C:\WINDOWS\system32\cidaemon.exe
2007-12-10 17:20 258 ----a-w C:\Documents and Settings\Anni\Application Data\wklnhst.dat
2007-11-20 06:45 22,328 ----a-w C:\Documents and Settings\Joonas\Application Data\PnkBstrK.sys
2007-10-01 10:56 73,016 ----a-w C:\Documents and Settings\Minna\Application Data\GDIPFONTCACHEV1.DAT
2005-10-01 15:18 72,240 ----a-w C:\Documents and Settings\Joonas\Application Data\GDIPFONTCACHEV1.DAT
2005-09-20 13:44 542,572 ----a-w C:\Program Files\MyList.DcLst
2004-12-02 19:51 102,447 ----a-w C:\Program Files\ChangeLog.txt
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6654ae3f-2be8-4a33-9e97-cc00f83d89dd}]
2008-06-16 15:35 99328 --a------ C:\WINDOWS\system32\wkcsbpse.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7B4574D-4482-49AF-9373-3D2EC0CF1656}]
C:\WINDOWS\system32\ssqoliGX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2ACD584-EEE7-474A-B7E8-48AB5AA345CA}]
C:\WINDOWS\system32\hgGXpOhG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"Steam"="c:\progra~1\valve\steam\steam.exe" [2008-04-18 21:11 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 17:16 171464]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-10 17:19 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 03:11 50688]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 20:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-21 19:48 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-03 13:58 1655552]
"Windows svchost"="ups.exe" [2004-09-15 15:00 18432 C:\WINDOWS\system32\ups.exe]
"Windows Controls Center"="winudmr.exe" [2008-06-10 15:08 29334 C:\WINDOWS\winudmr.exe]
"087c165a"="C:\WINDOWS\system32\cowohiep.dll" [2008-06-16 15:33 81408]
"BM0b4f25c6"="C:\WINDOWS\system32\somognly.dll" [2008-06-16 15:33 90112]
"combofix"="C:\WINDOWS\system32\CF12689.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Joonas\K&#8222;ynnist&#8222;-valikko\Ohjelmat\K&#8222;ynnistys\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-03 03:56:46 3017040]

C:\Documents and Settings\All Users\K&#8222;ynnist&#8222;-valikko\Ohjelmat\K&#8222;ynnistys\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C7B4574D-4482-49AF-9373-3D2EC0CF1656}"= C:\WINDOWS\system32\ssqoliGX.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoliGX]
ssqoliGX.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Freeciv-2.0.0\\civserver.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"=
"C:\\Program Files\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Server\\BF2142_w32ded.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gobraza\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gobraza\\condition zero\\hl.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Documents and Settings\\Joonas\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\LaunchEAW.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-29 20:59]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-29 20:59]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 bck0b4b4;bck0b4b4;C:\DOCUME~1\Joonas\LOCALS~1\Temp\221pP62 []
S3 krdpdre;krdpdre;C:\DOCUME~1\Joonas\LOCALS~1\Temp\krdpdre.sys []
S3 we8fb4b3;we8fb4b3;C:\DOCUME~1\Joonas\LOCALS~1\Temp\2IoziO []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-14 06:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 17:12:16 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\ComboFix\temp00
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 20:08:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bck0b4b4]
"ImagePath"="\??\C:\DOCUME~1\Joonas\LOCALS~1\Temp\221pP62"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\we8fb4b3]
"ImagePath"="\??\C:\DOCUME~1\Joonas\LOCALS~1\Temp\2IoziO"
.
Completion time: 2008-06-16 20:18:23
ComboFix-quarantined-files.txt 2008-06-16 17:18:17

Pre-Run: 119,687,610,368 tavua vapaana
Post-Run: 120,099,545,088 tavua vapaana

299 --- E O F --- 2008-06-11 07:45:28

 

Suorita combofix.exe vikasietotilassa.

Ohje: http://neko.1g.fi/ohje/vikasietotila.html