Apua!

Kun etsin googella tai jollain muulla haku-ohjelmalla ja kun painan linkkiä niin osoitepalkille tulee jokin Ip-osoite joka ohjaa minut taas jollekkin mainos sivulle, joskus taas internet explorer aukeaa vaikka käytän Firefoxia. asialla ei ole mikään kiire, mutta se on ärsyttävää. tätä on kestänyt n. 2 viikkoa

tässä hjt-loki

Koodi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:17, on 18.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Users\Esa\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\RunServices: [Windows Services] crss.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Esa\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [{9EA8EBEB-F251-6F7F-6651-0177DB4B6884}] C:\Users\Esa\AppData\Roaming\msnms9r.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WinMySQLadmin.lnk = D:\xampp\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: &Lataa FlashGetillä
 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - C:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\cmipnpinstall32.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12164 bytes

 

Ja kerrothan ohjeet mahdollisimman tarkasti, koska en vielä kunnolla osaa näitä juttuja.

 

Ohjelmien mukaan et ole aloittelija !!!

Lataa Malwarebytes' Anti-Malware työpöydällesi.

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.
* Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.

----------------------------------------------------------------------------------

* Lähetä lokin sisältö seuraavassa viestissäsi
+ uusi hjt-loki.
.

 

Mbam-logi:

Malwarebytes' Anti-Malware 1.40
Tietokantaversio: 2629
Windows 6.0.6001 Service Pack 1

19.10.2009 21:40:43
mbam-log-2009-10-19 (21-40-39).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 468858
Kulunut aika: 2 hour(s), 25 minute(s), 25 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 3
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.

Saastuneita tiedostoja:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.bak (Adware.MyWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.bak (Adware.MyWeb) -> No action taken.

hjt-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:21, on 19.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Users\Esa\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\RunServices: [Windows Services] crss.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Esa\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [{9EA8EBEB-F251-6F7F-6651-0177DB4B6884}] C:\Users\Esa\AppData\Roaming\msnms9r.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WinMySQLadmin.lnk = D:\xampp\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - C:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\cmipnpinstall32.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12187 bytes

 

eipä ole tämän tarkistuksen jälkeen google linkit ohjanneet millekkään toiselle sivulle. toivottavasti se on nyt lopullisesti poissa.

 

* Lataa OTM by OldTimer.
* Tallenna se työpöydällesi.
* Tuplaklikkaa OTM.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.

Koodi:

:files
C:\Windows\System32\cmipnpinstall32.dll
C:\Program Files\Winferno\PC Confidential
C:\Users\Esa\AppData\Roaming\msnms9r.exe
:commands 
[emptytemp] 

* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTM.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

*********************************************************

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot
(HJT sammuttaa ohjelman ei poista)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Windows Services] crss.exe
O4 - HKCU\..\Run: [{9EA8EBEB-F251-6F7F-6651-0177DB4B6884}] C:\Users\Esa\AppData\Roaming\msnms9r.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O20 - AppInit_DLLs: C:\Windows\System32\cmipnpinstall32.dll

sekä sammuta ne.(fix Chekked) napista.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* OTMoveIt logi. raportti
*
* Auttoiko ???
*

 

All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\Windows\System32\cmipnpinstall32.dll
C:\Windows\System32\cmipnpinstall32.dll NOT unregistered.
C:\Windows\System32\cmipnpinstall32.dll moved successfully.
File/Folder C:\Program Files\Winferno\PC Confidential not found.
File/Folder C:\Users\Esa\AppData\Roaming\msnms9r.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Esa
->Temp folder emptied: -1903851227 bytes
->Temporary Internet Files folder emptied: 20662297 bytes
->Java cache emptied: 53045444 bytes
->FireFox cache emptied: 83712057 bytes
->Google Chrome cache emptied: 9246026 bytes

User: Public

User: Tiina
->Temp folder emptied: 136610142 bytes
->Temporary Internet Files folder emptied: 6818469 bytes
->Java cache emptied: 15051219 bytes
->FireFox cache emptied: 119054371 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\NV15283012.TMP folder deleted successfully.
C:\Windows\NV3788968.TMP folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 402445025 bytes
RecycleBin emptied: 2998 bytes

Total Files Cleaned = -1008,20 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10202009_151809

Files moved on Reboot...

Registry entries deleted on Reboot...

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:12, on 20.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Users\Esa\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Esa\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WinMySQLadmin.lnk = D:\xampp\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - C:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\cmipnpinstall32.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11088 bytes

 

google ei enään uudelleen ohjaa lähes ollenkaan paitsi välillä kun painan google -linkkiä niin se ohjaa minut sivulle http://www.topdaofinder.com/

 

Tätä on ollut viimeaikoina liikkeellä =>

Lataa GooredFix

yhdestä alla olevasta linkistä ja tallenna se Työpöydälle
Linkki 1
Linkki 2
* Varmistu, että Firefox on suljettu
* Ajaaksesi ohjelman, tuplaklikkaa sitä (XP) tai
klikkaa hiiren oikealle ja valitse Aja järjestelmänvalvojana (Vista).
* Kun tarkistus alkaa, valitseKyllä.
* GooredFix tarkistaa infektioita ja
loki ilmestyy tämän jälkeen. Lähetä tämän lokin sisältö seuraavassa viestissäs

(se löytyy myös Työpöydältä nimellä GooredFix.txt).

--------------------------------------------------------------------------------------

Tekisitkö tuon OTM:n uusiksi =>

Toimenpiteet Vistassa suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
Kun käynnistät Ehdotetun ohjelman = tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana

**************************************************

Tätä minä oudoksun =>

C:\Windows\System32\cmipnpinstall32.dll

Kuuluisko se sinun serveriin tai "niihin"

Katso hiiren oikealla napilla => Ominaisuudet
jos sieltä näkyisi mikä se on ???

HJT + GooredFix.txt


.

 

gooredfix.txt:

GooredFix by jpshortstuff (24.09.09.1)
Log created at 19:14 on 20/10/2009 (Esa)
Firefox version 3.0.14 (fi)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [11:25 03/02/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [12:48 27/12/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [11:14 20/09/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [11:50 13/12/2008]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [17:39 03/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [17:16 07/10/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:23 26/07/2009]
"bkmrksync@nokia.com"="C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [17:16 13/09/2009]

---------- Old Logs ----------
GooredFix[16.13.16_20-10-2009].txt

-=E.O.F=-

 

Tein kyllä tuon otm jutun uusiksi käynnistämällä sen järjestelmänvalvojana mutta ei tainnut tulos muuttua.

enkä myöskään tiedä mikä tuo cmipnpinstall32.dll on.

mutta tässä nyt se uusi otm ja hjt.

All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\Windows\System32\cmipnpinstall32.dll
C:\Windows\System32\cmipnpinstall32.dll NOT unregistered.
C:\Windows\System32\cmipnpinstall32.dll moved successfully.
File/Folder C:\Program Files\Winferno\PC Confidential not found.
File/Folder C:\Users\Esa\AppData\Roaming\msnms9r.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Esa
->Temp folder emptied: 1675089 bytes
->Temporary Internet Files folder emptied: 45978 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8990680 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

User: Tiina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 632 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10,22 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10202009_192851

Files moved on Reboot...

Registry entries deleted on Reboot...

hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:30, on 20.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Users\Esa\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Esa\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WinMySQLadmin.lnk = D:\xampp\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - C:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\cmipnpinstall32.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11238 bytes

 

Oli siellä tuo GooRed !!!
(ohjailee FireFoxia mihin sattuu)

-----------------------------------------------------------

Tämä cmipnpinstall32.dll on niin uusi tiedosto,
ettei siitä ole vielä tietoja.

Winukkaan se ei kuulu.

Kokeile =>

Klikkaa => TÄNNE

Paina yläreunassa selaa nappia.
Etsi koneeltasi ==>> C:\Windows\System32\cmipnpinstall32.dll
Klikkaa tiedostoa ja paina Avaa nappia.
Painele sitten Upload nappia.
Scan nappia ja odottelet hetken.
Kun raportti on valmistunut sivun alareunassa painat
nappia Copy to clipboard
Avaa Muistio/Notebad ja kopioit leikepöydältä raportin sinne (Ctlr+V)
Lähetä sitten raportti tänne viesti ketjuusi.

(jos se löysi jotain)


.

 

VirSCAN.org Scanned Report :
Scanned time : 2009/10/21 15:20:09 (EEST)
Scanner results: 5% Scanner(s) (2/37) found malware!
File Name : cmipnpinstall32.dll
File Size : 123392 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 5f9af178f9273975ce47527c722f0f51
SHA1 : 185742fcd6bddfc582a573738a47cf78aceb29f6
Online report : http://virscan.org/report/e378ae68760b54d6001c32ac5f9657eb.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091021201047 2009-10-21 4.21 -
AhnLab V3 2009.10.21.00 2009.10.21 2009-10-21 0.96 -
AntiVir 8.2.1.42 7.1.6.132 2009-10-21 0.29 TR/Crypt.ZPACK.Gen
Antiy 2.0.18 20091021.3035331 2009-10-21 0.12 -
Arcavir 2009 200910201017 2009-10-20 0.06 -
Authentium 5.1.1 200910210958 2009-10-21 1.24 -
AVAST! 4.7.4 091020-0 2009-10-20 0.01 -
AVG 8.5.288 270.14.24/2449 2009-10-21 0.31 Packed.DelfCrypt
BitDefender 7.81008.4433333 7.28470 2009-10-21 3.85 -
CA (VET) 9.0.0.143 35.1.7075 2009-10-21 9.43 -
ClamAV 0.95.2 9920 2009-10-21 0.02 -
Comodo 3.12 2678 2009-10-21 0.97 -
CP Secure 1.3.0.5 2009.10.21 2009-10-21 0.06 -
Dr.Web 4.44.0.9170 2009.10.21 2009-10-21 5.88 -
F-Prot 4.4.4.56 20091020 2009-10-20 1.25 -
F-Secure 7.02.73807 2009.10.21.10 2009-10-21 0.13 -
Fortinet 2.81-3.120 10.969 2009-10-21 0.86 -
GData 19.8511/19.517 20091021 2009-10-21 10.44 -
ViRobot 20091020 2009.10.20 2009-10-20 0.73 -
Ikarus T3.1.01.72 2009.10.21.74215 2009-10-21 4.24 -
JiangMin 11.0.800 2009.10.20 2009-10-20 8.19 -
Kaspersky 5.5.10 2009.10.21 2009-10-21 0.06 -
KingSoft 2009.2.5.15 2009.10.21.16 2009-10-21 0.85 -
McAfee 5.3.00 5777 2009-10-20 3.40 -
Microsoft 1.5101 2009.10.21 2009-10-21 8.85 -
Norman 6.01.09 6.01.00 2009-10-20 2.02 -
Panda 9.05.01 2009.10.20 2009-10-20 2.43 -
Trend Micro 8.700-1004 6.566.01 2009-10-20 0.03 -
Quick Heal 10.00 2009.10.21 2009-10-21 1.47 -
Rising 20.0 21.52.23.00 2009-10-21 0.89 -
Sophos 3.00.1 4.46 2009-10-21 2.62 -
Sunbelt 5460 5460 2009-10-20 2.08 -
Symantec 1.3.0.24 20091020.006 2009-10-20 0.05 -
nProtect 20091021.02 5952698 2009-10-21 12.66 -
The Hacker 6.5.0.2 v00049 2009-10-20 0.96 -
VBA32 3.12.10.11 20091020.1141 2009-10-20 2.12 -
VirusBuster 4.5.11.10 10.112.74/2010359 2009-10-20 2.47 -

 

muuten huomasin juuri että sama ongelma on tullu takaisin. siis google ohjaa joillekkin ihan ihme sivuille ja välillä kun avaa jonku tietyn sivun niin IE aukee ja se tuo jonku mainoksen esille.

 

Ole hyvä ja lataa Combofix yhdestä alla olevista linkeistä:

Linkki 1
Linkki 2
Linkki 3

* TÄRKEÄÄ !!! Tallenna ComboFix.exe työpöydällesi

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.

* Tuplaklikkaa Combofix.exe ja noudata ohjeita.

* Osana skannausta Combofix tarkistaa onko palautuskonsoli asennettuna. Nykypäivän haittaohjelmien takia on erittäin suositeltua olla asennettuna palautuskonsoli ennen haittaohjelmien poistoa. Windowsin palautuskonsoli mahdollistaa käynnistyksen erityiseen palautustilaan. Palautuskonsolin kautta voimme auttaa sinua helpommin mikäli haittaohjelmien poiston yhteydessä ilmenee ongelmia.

* Seuraa ohjeita ja salli Combofixin ladata ja asentaa Microsoftin palautuskonsoli, ja kun pyydetään, hyväksy ohjelman takuuehdot asentaaksesi palautuskonsolin.

**Huomaa: Jos palautuskonsoli on jo asennettuna, Combofix jatkaa eteenpäin.



Kun Microsoftin palautuskonsoli on asennettu, sinun pitäisi nähdä seuraava viesti:



Klikkaa Kyllä jatkaaksesi skannausta.

Kun ComboFix on valmis, se luo raportin. Ole hyvä ja kopioi/liitä seuraavat raportit vastaukseesi:
C:\ComboFix.txt
Uusi HijackThis-loki


Varoitus: ÄLÄ aja ComboFixia ilman valvontaa. Se ei ole lelu ja sitä ei tule käyttää rutiininomaisesti päivittäin.

Jos tarvitset apua, katso yksityiskohtaisempi ohje:
http://www.bleepingcomputer.com/combofix/fi/combofixin-kayttoohje
.

 

ComboFix 09-10-20.03 - Esa 22.10.2009 16:02.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.358.1035.18.3322.2132 [GMT 3:00]
Sijainti: c:\users\Esa\Desktop\ComboFix.exe
AV: F-Secure Client Security 7.12 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 7.12 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
SP: F-Secure Client Security 7.12 *disabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Esa\AppData\Roaming\020000000a1b8884687C.manifest
c:\users\Esa\AppData\Roaming\020000000a1b8884687O.manifest
c:\users\Esa\AppData\Roaming\020000000a1b8884687P.manifest
c:\users\Esa\AppData\Roaming\020000000a1b8884687S.manifest
c:\users\Esa\AppData\Roaming\inst.exe
c:\users\Tiina\AppData\Roaming\020000000a1b8884687C.manifest
c:\users\Tiina\AppData\Roaming\020000000a1b8884687O.manifest
c:\users\Tiina\AppData\Roaming\020000000a1b8884687P.manifest
c:\users\Tiina\AppData\Roaming\020000000a1b8884687S.manifest
c:\windows\Installer\6c3fe.msi
c:\windows\system32\qpa3YPComOh8VKG.vbs
c:\windows\WinBots32

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-09-22 to 2009-10-22 )))))))))))))))))
.

2009-10-20 12:18 . 2009-10-20 12:18 -------- d-----w- C:\_OTM
2009-10-20 12:02 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 12:02 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 12:02 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 12:02 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 12:02 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-20 12:02 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 12:02 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-20 12:02 . 2009-08-06 16:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 12:02 . 2009-08-06 15:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-19 14:50 . 2009-10-19 14:51 -------- d-----w- c:\program files\BBViewer
2009-10-16 00:02 . 2009-10-16 00:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-15 03:28 . 2009-10-15 03:28 -------- d-----w- c:\users\Esa\AppData\Local\Nero
2009-10-14 19:06 . 2009-10-14 19:07 -------- d-----w- c:\users\Esa\AppData\Roaming\Nero
2009-10-14 18:54 . 2009-10-14 19:05 -------- d-----w- c:\program files\Common Files\Nero
2009-10-14 17:05 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:05 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:04 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-14 17:04 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-14 17:02 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:02 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:02 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 16:07 . 2009-10-14 18:57 -------- d-----w- c:\programdata\Nero
2009-10-10 23:07 . 2009-10-10 23:26 -------- d-----w- c:\programdata\SecTaskMan
2009-10-09 08:24 . 2009-10-20 16:29 123392 ----a-w- c:\windows\system32\cmipnpinstall32.dll
2009-10-09 07:30 . 2009-10-09 08:36 -------- d-----w- c:\users\Tiina\AppData\Roaming\LimeWire
2009-10-07 12:32 . 2009-10-07 12:32 -------- d-----w- c:\users\Esa\AppData\Local\Nokia
2009-10-07 10:54 . 2009-10-07 10:54 -------- d-----w- c:\users\Tiina\AppData\Local\IsolatedStorage
2009-10-07 10:27 . 2009-10-14 06:51 -------- d-----w- c:\users\Tiina\AppData\Roaming\Nokia
2009-10-07 10:27 . 2009-10-07 10:27 -------- d-----w- c:\users\Tiina\AppData\Local\Nokia
2009-10-07 10:26 . 2009-10-07 10:26 -------- d-----w- c:\programdata\NokiaMusic
2009-10-02 22:32 . 2009-10-01 07:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 13:13 . 2008-09-20 11:03 -------- d-----w- c:\users\Esa\AppData\Roaming\DNA
2009-10-22 13:11 . 2008-10-20 15:25 -------- d-----w- c:\users\Esa\AppData\Roaming\Hamachi
2009-10-22 12:36 . 2008-09-20 11:04 -------- d-----w- c:\users\Esa\AppData\Roaming\BitTorrent
2009-10-22 10:22 . 2006-11-27 22:44 540014 ----a-w- c:\windows\system32\perfh00B.dat
2009-10-22 10:22 . 2006-11-27 22:44 126384 ----a-w- c:\windows\system32\perfc00B.dat
2009-10-21 07:11 . 2009-08-05 05:44 -------- d-----w- c:\users\Tiina\AppData\Roaming\DNA
2009-10-20 18:43 . 2009-08-02 00:00 -------- d-----w- c:\users\Esa\AppData\Roaming\LimeWire
2009-10-19 16:14 . 2008-12-04 13:38 -------- d-----w- c:\users\Esa\AppData\Roaming\Vso
2009-10-16 00:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 00:02 . 2008-10-11 09:21 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-14 07:19 . 2008-11-03 08:15 1 ----a-w- c:\users\Tiina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-08 11:19 . 2008-11-28 06:03 -------- d-----w- c:\users\Tiina\AppData\Roaming\PC Suite
2009-10-07 10:26 . 2008-10-23 08:25 -------- d-----w- c:\program files\Common Files\Nokia
2009-10-07 10:26 . 2008-10-23 08:25 -------- d-----w- c:\program files\Nokia
2009-10-05 12:16 . 2009-09-14 16:35 -------- d-----w- c:\users\Esa\AppData\Roaming\Spotify
2009-09-30 12:52 . 2008-10-01 13:03 -------- d-----w- c:\program files\Cheat Engine
2009-09-29 13:51 . 2008-12-02 13:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-29 13:50 . 2008-12-02 13:46 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-17 19:28 . 2008-09-24 17:11 -------- d-----w- c:\users\Esa\AppData\Roaming\gtk-2.0
2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-14 16:35 . 2009-09-14 16:35 -------- d-----w- c:\program files\Spotify
2009-09-13 17:24 . 2009-01-15 19:09 -------- d-----w- c:\users\Esa\AppData\Roaming\Nokia
2009-09-13 17:19 . 2009-09-13 17:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-09-13 17:19 . 2008-11-28 13:05 -------- d-----w- c:\users\Esa\AppData\Roaming\PC Suite
2009-09-13 17:18 . 2008-11-28 06:03 -------- d-----w- c:\programdata\PC Suite
2009-09-13 17:18 . 2009-09-13 17:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-09-13 17:17 . 2009-09-13 17:15 -------- d-----w- c:\program files\DIFX
2009-09-13 17:16 . 2009-09-13 17:16 -------- d-----w- c:\program files\Common Files\PCSuite
2009-09-13 17:16 . 2008-11-28 06:02 -------- d-----w- c:\programdata\Downloaded Installations
2009-09-13 17:14 . 2009-09-13 17:14 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-13 17:09 . 2008-10-23 08:25 -------- d-----w- c:\programdata\Installations
2009-09-13 16:51 . 2009-09-13 16:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-10 17:30 . 2009-10-14 17:06 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 18:10 . 2008-10-18 11:05 -------- d-----w- c:\program files\Steam
2009-09-04 14:44 . 2009-09-23 14:39 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 14:44 . 2009-09-23 14:39 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 14:44 . 2009-09-23 14:39 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 14:29 . 2009-09-23 14:39 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 14:29 . 2009-09-23 14:39 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 14:29 . 2009-09-23 14:39 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 14:29 . 2009-09-23 14:39 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 14:29 . 2009-09-23 14:39 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-02 11:45 . 2008-11-27 14:12 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-02 11:45 . 2008-11-27 14:12 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-28 12:39 . 2009-09-03 03:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 03:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-14 17:06 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-14 17:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-14 17:06 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 17:07 . 2009-09-09 09:31 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 09:31 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 09:30 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 09:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 09:30 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 09:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 09:31 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 09:30 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 09:30 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16 . 2009-09-09 09:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-11 14:04 . 2009-08-11 14:04 1924440 ----a-w- c:\users\Tiina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-08-07 16:51 . 2009-08-07 16:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 16:51 . 2009-08-07 16:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 09:39 . 2008-09-19 17:50 59936 ----a-w- c:\users\Tiina\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-06 19:32 . 2008-09-19 17:03 59936 ----a-w- c:\users\Esa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-03 10:36 . 2009-08-15 10:35 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 10:36 . 2009-08-15 10:35 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 12:08 . 2008-09-19 17:03 680 ----a-w- c:\users\Esa\AppData\Local\d3d9caps.dat
2009-07-29 04:31 . 2008-12-15 14:46 139152 ----a-w- c:\users\Esa\AppData\Roaming\PnkBstrK.sys
2009-07-29 04:31 . 2008-12-15 14:45 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-29 04:31 . 2008-11-27 14:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-28 13:48 . 2009-07-28 13:48 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-11 1780248]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2008-09-11 18:43 1780248 ----a-w- c:\program files\Softonic_English\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-11 1780248]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-11 1780248]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BitTorrent DNA"="c:\users\Esa\Program Files\DNA\btdna.exe" [2008-12-19 342848]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"Google Update"="c:\users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-05 133104]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-22 306088]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-06-19 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-06-19 895584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-07 185872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-17 4435968]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-09-17 1822720]

c:\users\Tiina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]

c:\users\Esa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-10-20 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure\HIPS\fshs.sys [23.9.2008 20:00 70752]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [23.9.2008 20:00 34720]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [23.9.2008 20:00 68736]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [23.9.2008 19:59 12896]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.9.2008 12:03 169312]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [13.12.2008 12:36 625952]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [23.9.2008 19:59 72288]
S2 Apache2.2;Apache2.2;"d:\xampp\apache\bin\apache.exe" -k runservice --> d:\xampp\apache\bin\apache.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 3:27 29262680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [23.9.2008 19:59 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [23.9.2008 19:59 25184]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4216291640-4154717555-1925557758-1000Core.job
- c:\users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-05 21:27]

2009-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4216291640-4154717555-1925557758-1000UA.job
- c:\users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-05 21:27]

2009-10-22 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2008-09-23 09:18]
.
.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Lataa FlashGetillä - c:\program files\FlashGet\jc_link.htm
IE: &Lataa kaikki FlashGetillä - c:\program files\FlashGet\jc_all.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with ImTOO YouTube Video Converter - c:\program files\ImTOO\YouTube Video Converter\upod_link.HTM
FF - ProfilePath - c:\users\Esa\AppData\Roaming\Mozilla\Firefox\Profiles\m3k72hku.default\
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - component: c:\program files\Mozilla Firefox\platform\WINNT_x86-msvc\components\mozvoikko.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\Esa\AppData\Roaming\Mozilla\Firefox\Profiles\m3k72hku.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\users\Esa\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Esa\AppData\Roaming\Mozilla\Firefox\Profiles\m3k72hku.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Esa\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-PlayNC Launcher - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 16:13
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\S-1-5-21-4216291640-4154717555-1925557758-1000\Software\SecuROM\License information*]
"datasecu"=hex:d2,1e,08,7d,09,d8,47,13,d0,85,fa,c5,ac,9b,0a,50,30,2b,45,2e,cd,
88,2a,d5,8c,09,91,9a,ed,0d,a0,a1,e0,07,03,ce,92,20,a5,4f,ca,66,4b,d0,f6,b3,\
"rkeysecu"=hex:35,ac,fe,96,1c,ce,58,8a,79,49,71,e5,b1,01,69,da

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(4592)
c:\program files\Common Files\Winferno\wse2007.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\F-Secure\Common\FSMB32.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\combofix\CF14207.exe
c:\windows\system32\wlrmdr.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Valmistumisajankohta: 2009-10-22 16:23 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-10-22 13:23

Ennen ajoa: 23 019 036 672 tavua vapaana
Ajon jälkeen: 22 678 802 432 tavua vapaana

- - End Of File - - DA1C63B5A18AD59E5D1359E4EF1E7163

Hjt-loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:48, on 22.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Users\Esa\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Esa\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WinMySQLadmin.lnk = D:\xampp\mysql\bin\winmysqladmin.exe
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - C:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\cmipnpinstall32.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10695 bytes

 

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

-------------------------------------------------------------------------------------

Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

Tupla-klikkaa SystemLook.exe ajaaksesi sen.

Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen.

Koodi:

:regfind
cmipnpinstall32.dll
cmipnpinstall32

:filefind
cmipnpinstall32.dll
cmipnpinstall32.*

:dir
C:\WINDOWS\system32\drivers\etc /s

Klikkaa nappulaa Look aloittaaksesi skannauksen.

Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
Kopio ja liitä se seuraavaan viestiisi.
(Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)

*******************************************************************************

Lähetä =>

(C:\ComboFix.txt)
SystemLook.txt

.

 

combofix:

ComboFix 09-10-20.03 - Esa 22.10.2009 19:01.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.358.1035.18.3322.1914 [GMT 3:00]
Sijainti: c:\users\Esa\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Esa\Desktop\CFScript.txt
AV: F-Secure Client Security 7.12 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 7.12 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
SP: F-Secure Client Security 7.12 *disabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\System32\cmipnpinstall32.dll"
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\cmipnpinstall32.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-09-22 to 2009-10-22 )))))))))))))))))
.

2009-10-22 16:05 . 2009-10-22 16:05 -------- d-----w- c:\users\Esa\AppData\Local\temp
2009-10-22 16:05 . 2009-10-22 16:05 -------- d-----w- c:\users\Tiina\AppData\Local\temp
2009-10-22 16:05 . 2009-10-22 16:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-22 16:05 . 2009-10-22 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-20 12:18 . 2009-10-20 12:18 -------- d-----w- C:\_OTM
2009-10-20 12:02 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 12:02 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 12:02 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 12:02 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 12:02 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-20 12:02 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 12:02 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-20 12:02 . 2009-08-06 16:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 12:02 . 2009-08-06 15:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-19 14:50 . 2009-10-19 14:51 -------- d-----w- c:\program files\BBViewer
2009-10-16 00:02 . 2009-10-16 00:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-15 03:28 . 2009-10-15 03:28 -------- d-----w- c:\users\Esa\AppData\Local\Nero
2009-10-14 19:06 . 2009-10-14 19:07 -------- d-----w- c:\users\Esa\AppData\Roaming\Nero
2009-10-14 18:54 . 2009-10-14 19:05 -------- d-----w- c:\program files\Common Files\Nero
2009-10-14 17:05 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:05 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:04 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-14 17:04 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-14 17:02 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:02 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:02 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 16:07 . 2009-10-14 18:57 -------- d-----w- c:\programdata\Nero
2009-10-10 23:07 . 2009-10-10 23:26 -------- d-----w- c:\programdata\SecTaskMan
2009-10-09 07:30 . 2009-10-09 08:36 -------- d-----w- c:\users\Tiina\AppData\Roaming\LimeWire
2009-10-07 12:32 . 2009-10-07 12:32 -------- d-----w- c:\users\Esa\AppData\Local\Nokia
2009-10-07 10:54 . 2009-10-07 10:54 -------- d-----w- c:\users\Tiina\AppData\Local\IsolatedStorage
2009-10-07 10:27 . 2009-10-14 06:51 -------- d-----w- c:\users\Tiina\AppData\Roaming\Nokia
2009-10-07 10:27 . 2009-10-07 10:27 -------- d-----w- c:\users\Tiina\AppData\Local\Nokia
2009-10-07 10:26 . 2009-10-07 10:26 -------- d-----w- c:\programdata\NokiaMusic
2009-10-02 22:32 . 2009-10-01 07:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 16:05 . 2008-10-20 15:25 -------- d-----w- c:\users\Esa\AppData\Roaming\Hamachi
2009-10-22 15:45 . 2008-09-20 11:03 -------- d-----w- c:\users\Esa\AppData\Roaming\DNA
2009-10-22 13:20 . 2006-11-27 22:44 540014 ----a-w- c:\windows\system32\perfh00B.dat
2009-10-22 13:20 . 2006-11-27 22:44 126384 ----a-w- c:\windows\system32\perfc00B.dat
2009-10-22 12:36 . 2008-09-20 11:04 -------- d-----w- c:\users\Esa\AppData\Roaming\BitTorrent
2009-10-21 07:11 . 2009-08-05 05:44 -------- d-----w- c:\users\Tiina\AppData\Roaming\DNA
2009-10-20 18:43 . 2009-08-02 00:00 -------- d-----w- c:\users\Esa\AppData\Roaming\LimeWire
2009-10-19 16:14 . 2008-12-04 13:38 -------- d-----w- c:\users\Esa\AppData\Roaming\Vso
2009-10-16 00:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 00:02 . 2008-10-11 09:21 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-14 07:19 . 2008-11-03 08:15 1 ----a-w- c:\users\Tiina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-08 11:19 . 2008-11-28 06:03 -------- d-----w- c:\users\Tiina\AppData\Roaming\PC Suite
2009-10-07 10:26 . 2008-10-23 08:25 -------- d-----w- c:\program files\Common Files\Nokia
2009-10-07 10:26 . 2008-10-23 08:25 -------- d-----w- c:\program files\Nokia
2009-10-05 12:16 . 2009-09-14 16:35 -------- d-----w- c:\users\Esa\AppData\Roaming\Spotify
2009-09-30 12:52 . 2008-10-01 13:03 -------- d-----w- c:\program files\Cheat Engine
2009-09-29 13:51 . 2008-12-02 13:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-29 13:50 . 2008-12-02 13:46 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-17 19:28 . 2008-09-24 17:11 -------- d-----w- c:\users\Esa\AppData\Roaming\gtk-2.0
2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-14 16:35 . 2009-09-14 16:35 -------- d-----w- c:\program files\Spotify
2009-09-13 17:24 . 2009-01-15 19:09 -------- d-----w- c:\users\Esa\AppData\Roaming\Nokia
2009-09-13 17:19 . 2009-09-13 17:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-09-13 17:19 . 2008-11-28 13:05 -------- d-----w- c:\users\Esa\AppData\Roaming\PC Suite
2009-09-13 17:18 . 2008-11-28 06:03 -------- d-----w- c:\programdata\PC Suite
2009-09-13 17:18 . 2009-09-13 17:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-09-13 17:17 . 2009-09-13 17:15 -------- d-----w- c:\program files\DIFX
2009-09-13 17:16 . 2009-09-13 17:16 -------- d-----w- c:\program files\Common Files\PCSuite
2009-09-13 17:16 . 2008-11-28 06:02 -------- d-----w- c:\programdata\Downloaded Installations
2009-09-13 17:14 . 2009-09-13 17:14 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-13 17:09 . 2008-10-23 08:25 -------- d-----w- c:\programdata\Installations
2009-09-13 16:51 . 2009-09-13 16:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-10 17:30 . 2009-10-14 17:06 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 18:10 . 2008-10-18 11:05 -------- d-----w- c:\program files\Steam
2009-09-04 14:44 . 2009-09-23 14:39 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 14:44 . 2009-09-23 14:39 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 14:44 . 2009-09-23 14:39 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 14:29 . 2009-09-23 14:39 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 14:29 . 2009-09-23 14:39 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 14:29 . 2009-09-23 14:39 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 14:29 . 2009-09-23 14:39 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 14:29 . 2009-09-23 14:39 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-02 11:45 . 2008-11-27 14:12 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-02 11:45 . 2008-11-27 14:12 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-28 12:39 . 2009-09-03 03:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 03:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-14 17:06 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-14 17:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-14 17:06 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 17:07 . 2009-09-09 09:31 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 09:31 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 09:30 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 09:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 09:30 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 09:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 09:31 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 09:30 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 09:30 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16 . 2009-09-09 09:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-11 14:04 . 2009-08-11 14:04 1924440 ----a-w- c:\users\Tiina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-08-07 16:51 . 2009-08-07 16:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 16:51 . 2009-08-07 16:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-07 09:39 . 2008-09-19 17:50 59936 ----a-w- c:\users\Tiina\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-06 19:32 . 2008-09-19 17:03 59936 ----a-w- c:\users\Esa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-03 10:36 . 2009-08-15 10:35 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 10:36 . 2009-08-15 10:35 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 12:08 . 2008-09-19 17:03 680 ----a-w- c:\users\Esa\AppData\Local\d3d9caps.dat
2009-07-29 04:31 . 2008-12-15 14:46 139152 ----a-w- c:\users\Esa\AppData\Roaming\PnkBstrK.sys
2009-07-29 04:31 . 2008-12-15 14:45 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-29 04:31 . 2008-11-27 14:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-28 13:48 . 2009-07-28 13:48 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-22_13.12.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:02 . 2009-10-22 13:11 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-10-22 10:15 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-10-22 10:15 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-10-22 13:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-10-22 10:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-10-22 13:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-10-22 13:20 689872 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-22 10:22 689872 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-22 10:22 143030 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-22 13:20 143030 c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-11 1780248]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2008-09-11 18:43 1780248 ----a-w- c:\program files\Softonic_English\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-11 1780248]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-11 1780248]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BitTorrent DNA"="c:\users\Esa\Program Files\DNA\btdna.exe" [2008-12-19 342848]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"Google Update"="c:\users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-05 133104]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-22 306088]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-06-19 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-06-19 895584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-07 185872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-17 4435968]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-09-17 1822720]

c:\users\Tiina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]

c:\users\Esa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-10-20 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure\HIPS\fshs.sys [23.9.2008 20:00 70752]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [23.9.2008 20:00 34720]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [23.9.2008 20:00 68736]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [23.9.2008 19:59 12896]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [13.12.2008 12:36 625952]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [23.9.2008 19:59 72288]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.9.2008 12:03 169312]
S2 Apache2.2;Apache2.2;"d:\xampp\apache\bin\apache.exe" -k runservice --> d:\xampp\apache\bin\apache.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 3:27 29262680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [23.9.2008 19:59 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [23.9.2008 19:59 25184]
.
'Ajoitetut tehtävät'-kansion sisältö

2009-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4216291640-4154717555-1925557758-1000Core.job
- c:\users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-05 21:27]

2009-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4216291640-4154717555-1925557758-1000UA.job
- c:\users\Esa\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-05 21:27]

2009-10-22 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2008-09-23 09:18]
.
.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Lataa FlashGetillä - c:\program files\FlashGet\jc_link.htm
IE: &Lataa kaikki FlashGetillä - c:\program files\FlashGet\jc_all.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with ImTOO YouTube Video Converter - c:\program files\ImTOO\YouTube Video Converter\upod_link.HTM
FF - ProfilePath - c:\users\Esa\AppData\Roaming\Mozilla\Firefox\Profiles\m3k72hku.default\
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - component: c:\program files\Mozilla Firefox\platform\WINNT_x86-msvc\components\mozvoikko.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\Esa\AppData\Roaming\Mozilla\Firefox\Profiles\m3k72hku.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\users\Esa\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Esa\AppData\Roaming\Mozilla\Firefox\Profiles\m3k72hku.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Esa\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 19:05
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_USERS\S-1-5-21-4216291640-4154717555-1925557758-1000\Software\SecuROM\License information*]
"datasecu"=hex:d2,1e,08,7d,09,d8,47,13,d0,85,fa,c5,ac,9b,0a,50,30,2b,45,2e,cd,
88,2a,d5,8c,09,91,9a,ed,0d,a0,a1,e0,07,03,ce,92,20,a5,4f,ca,66,4b,d0,f6,b3,\
"rkeysecu"=hex:35,ac,fe,96,1c,ce,58,8a,79,49,71,e5,b1,01,69,da

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Valmistumisajankohta: 2009-10-22 19:07
ComboFix-quarantined-files.txt 2009-10-22 16:07
ComboFix2.txt 2009-10-22 13:23

Ennen ajoa: 22 577 090 560 tavua vapaana
Ajon jälkeen: 22 545 670 144 tavua vapaana

- - End Of File - - AF61FF3F56CFB9739BF0C257C9F0435E

systemlook:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:40 on 22/10/2009 by Esa (Administrator - Elevation successful)

========== regfind ==========

Searching for "cmipnpinstall32.dll"
No data found.

Searching for "cmipnpinstall32"
No data found.

========== filefind ==========

Searching for "cmipnpinstall32.dll"
C:\_OTM\MovedFiles\10202009_151809\Windows\System32\cmipnpinstall32.dll --a--- 123392 bytes [08:24 09/10/2009] [23:09 10/10/2009] 5F9AF178F9273975CE47527C722F0F51
C:\_OTM\MovedFiles\10202009_191910\Windows\System32\cmipnpinstall32.dll --a--- 123392 bytes [08:24 09/10/2009] [12:18 20/10/2009] 5F9AF178F9273975CE47527C722F0F51
C:\_OTM\MovedFiles\10202009_192851\Windows\System32\cmipnpinstall32.dll --a--- 123392 bytes [08:24 09/10/2009] [16:19 20/10/2009] 5F9AF178F9273975CE47527C722F0F51

Searching for "cmipnpinstall32.*"
C:\ProgramData\SecTaskMan\cmipnpinstall32.dll.q_Quarantine_804E201_q --a--- 123392 bytes [08:24 09/10/2009] [08:24 09/10/2009] 5F9AF178F9273975CE47527C722F0F51
C:\ProgramData\SecTaskMan\cmipnpinstall32.dll.q_Quarantine_804E201_q.ini --a--- 532 bytes [23:09 10/10/2009] [23:09 10/10/2009] B9472B8512D1967199409F88FD874D09
C:\Qoobox\Quarantine\C\Windows\System32\cmipnpinstall32.dll.vir --a--- 123392 bytes [08:24 09/10/2009] [16:29 20/10/2009] 5F9AF178F9273975CE47527C722F0F51
C:\Users\All Users\SecTaskMan\cmipnpinstall32.dll.q_Quarantine_804E201_q --a--- 123392 bytes [08:24 09/10/2009] [08:24 09/10/2009] 5F9AF178F9273975CE47527C722F0F51
C:\Users\All Users\SecTaskMan\cmipnpinstall32.dll.q_Quarantine_804E201_q.ini --a--- 532 bytes [23:09 10/10/2009] [23:09 10/10/2009] B9472B8512D1967199409F88FD874D09
C:\_OTM\MovedFiles\10202009_151809\Windows\System32\cmipnpinstall32.dll --a--- 123392 bytes [08:24 09/10/2009] [23:09 10/10/2009] 5F9AF178F9273975CE47527C722F0F51
C:\_OTM\MovedFiles\10202009_191910\Windows\System32\cmipnpinstall32.dll --a--- 123392 bytes [08:24 09/10/2009] [12:18 20/10/2009] 5F9AF178F9273975CE47527C722F0F51
C:\_OTM\MovedFiles\10202009_192851\Windows\System32\cmipnpinstall32.dll --a--- 123392 bytes [08:24 09/10/2009] [16:19 20/10/2009] 5F9AF178F9273975CE47527C722F0F51

========== dir ==========

C:\WINDOWS\system32\drivers\etc - Parameters: "/s"

---Files---
hosts --a--- 27 bytes [10:23 02/11/2006] [13:12 22/10/2009]
hosts.ics --a--- 433 bytes [22:07 12/12/2008] [22:32 12/12/2008]
lmhosts.sam --a--- 3683 bytes [06:38 02/11/2006] [21:41 18/09/2006]
networks --a--- 407 bytes [10:23 02/11/2006] [21:41 18/09/2006]
protocol --a--- 1358 bytes [10:23 02/11/2006] [21:41 18/09/2006]
services --a--- 17244 bytes [10:23 02/11/2006] [21:41 18/09/2006]

No folders found.

-=End Of File=-

 

vieläkään ongelma ei ole lähtenyt.