Elikkäs kummassakin pelissä on alkanut tapahtumaan jatkuasti connection probleemia ja peli tökkii aina 5-10sekunniksi eikä ja loppujen lopuksi menettää yhteyden serveriin. Kummatkin pelit ovat toiminut ennen hyvin mutta kun viime viikolla koitin pelata nii tämä ongelma ilmeni. Kone on vasta formatoitu mutta ei vaikuttanut asiaan ollenkaan sama vain jatkuu... :/ Peleissä pingi pysyy "normaalina".

Elisa 1/512
Telewell TW-EA501

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:16, on 4.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1209723448187
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 4692 bytes

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:


3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u5

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

Tehty on mutta ei vaikutusta :/

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

ComboFix 08-05-01.3 - Omistaja 2008-05-05 21:29:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.698 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-05 to 2008-05-05 )))))))))))))))))
.

2008-05-05 20:02 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-05 17:57 . 2008-05-05 17:57 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-05 17:33 . 2008-05-05 17:33 <KANSIO> d-------- C:\Program Files\ToniArts
2008-05-05 17:10 . 2004-09-15 21:10 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-05 17:07 . 2008-05-05 17:07 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe
2008-05-05 16:58 . 2007-09-29 05:36 1,593,600 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-05 16:58 . 2004-09-14 16:11 516,768 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-05 15:54 . 2008-05-05 15:54 <KANSIO> d-------- C:\8b6bb82ea6c6c0ea8ef75963
2008-05-05 15:04 . 2008-05-05 15:04 <KANSIO> d-------- C:\Program Files\Java
2008-05-05 15:04 . 2008-05-05 15:04 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-05 15:04 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 06:01 . 2008-05-05 06:01 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2008-05-04 22:11 . 2008-05-04 22:11 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-04 20:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-05-04 20:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-05-04 20:51 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-05-04 20:51 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-05-04 20:49 . 2008-05-04 20:49 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-05-04 20:49 . 2008-05-05 18:13 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-04 20:49 . 2008-05-04 20:59 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-04 20:49 . 2008-05-05 18:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-04 20:49 . 2008-05-04 20:49 22,328 --a------ C:\Documents and Settings\Omistaja\Application Data\PnkBstrK.sys
2008-05-04 20:49 . 2008-05-04 20:49 319 --a------ C:\WINDOWS\game.ini
2008-05-04 20:38 . 2008-05-04 20:38 <KANSIO> d-------- C:\Program Files\ffdshow
2008-05-04 20:38 . 2008-04-21 15:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-04 20:38 . 2008-04-21 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-04 20:38 . 2008-04-21 15:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-04 20:34 . 2008-05-04 20:34 <KANSIO> d-------- C:\Program Files\Activision
2008-05-04 20:33 . 2008-05-04 20:33 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-05-04 18:38 . 2008-05-04 18:38 <KANSIO> d-------- C:\Program Files\B2BPOKER
2008-05-04 13:39 . 2008-05-04 13:39 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\ATI
2008-05-04 13:38 . 2008-05-04 13:38 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-04 13:35 . 2007-11-07 06:40 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2008-05-04 13:35 . 2005-12-03 01:49 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc01.cod
2008-05-04 13:34 . 2007-06-27 04:41 2,940,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-04 13:34 . 2007-09-29 06:05 2,456,064 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-04 13:34 . 2004-09-14 16:11 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-04 13:34 . 2004-09-14 16:11 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-05-04 13:34 . 2004-09-14 16:11 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-05-04 13:34 . 2004-09-14 16:06 701,440 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-04 13:30 . 2008-05-04 13:30 <KANSIO> d-------- C:\WINDOWS\system32\fi-FI
2008-05-04 13:28 . 2008-05-04 13:28 <KANSIO> d-------- C:\Program Files\MSBuild
2008-05-04 13:25 . 2008-05-05 17:18 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-04 13:24 . 2008-05-04 13:24 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2008-05-04 13:23 . 2008-05-04 13:23 <KANSIO> d-------- C:\6345597ee0f0f8c4593ec665
2008-05-04 13:23 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-04 13:02 . 2008-05-05 16:56 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-04 13:00 . 2008-05-04 13:00 <KANSIO> d-------- C:\Program Files\Driver Cleaner Pro
2008-05-04 11:50 . 2008-05-05 15:47 10 --a------ C:\WINDOWS\WININIT.INI
2008-05-04 01:00 . 2008-05-04 01:00 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\vlc
2008-05-03 22:34 . 2008-05-03 22:34 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Grisoft
2008-05-03 22:34 . 2008-05-03 22:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-03 22:34 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-03 19:00 . 2008-05-03 19:00 <KANSIO> d-------- C:\Program Files\AP Tuner
2008-05-03 18:56 . 2008-05-03 19:01 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\NCH Swift Sound
2008-05-03 18:56 . 2008-05-03 18:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-03 18:44 . 2008-05-03 18:44 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2008-05-03 16:54 . 2008-05-03 16:55 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-05-03 15:49 . 2008-05-05 18:11 <KANSIO> d-------- C:\Program Files\mIRC
2008-05-03 15:49 . 2008-05-05 20:11 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\mIRC
2008-05-03 11:54 . 2008-05-05 18:06 <KANSIO> d-------- C:\Program Files\SpeedFan
2008-05-03 11:54 . 2008-05-03 11:54 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-05-03 11:11 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-03 11:11 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-03 11:11 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-02 22:17 . 2004-09-15 15:00 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-05-02 22:16 . 2003-07-30 11:49 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin
2008-05-02 22:15 . 2004-09-15 15:00 4,190,352 --a--c--- C:\WINDOWS\system32\dllcache\luna.mst
2008-05-02 22:14 . 2004-09-15 15:00 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2008-05-02 22:13 . 2004-09-15 15:00 1,852,416 --a--c--- C:\WINDOWS\system32\dllcache\acgenral.dll
2008-05-02 13:57 . 2008-05-02 13:57 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-02 13:57 . 2008-05-02 14:35 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-05-02 13:50 . 2006-02-22 03:05 144,213 --a------ C:\WINDOWS\system32\atmfinxx.hlp
2008-05-02 13:50 . 2006-02-22 03:05 43,310 --a------ C:\WINDOWS\system32\attfinxx.hlp
2008-05-02 13:50 . 2006-02-22 03:05 24,260 --a------ C:\WINDOWS\system32\atffinxx.hlp
2008-05-02 13:48 . 2008-05-02 13:56 <KANSIO> d-------- C:\Program Files\Windows Live
2008-05-02 13:48 . 2008-05-02 13:56 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-02 13:48 . 2008-05-02 13:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-02 13:45 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-05-02 13:45 . 2004-08-03 23:08 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2008-05-02 13:41 . 2008-05-02 13:41 <KANSIO> d-------- C:\Program Files\Common Files\Logitech
2008-05-02 13:41 . 2008-05-05 21:23 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\foobar2000
2008-05-02 13:41 . 2003-12-18 09:50 155,648 --a------ C:\WINDOWS\system32\ifc21.dll
2008-05-02 13:41 . 2003-12-18 09:50 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2008-05-02 13:41 . 2003-12-18 09:50 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2008-05-02 13:41 . 2003-12-18 09:50 94,208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2008-05-02 13:41 . 2003-12-18 09:50 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2008-05-02 13:41 . 2003-12-18 09:50 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2008-05-02 13:40 . 2008-05-02 13:40 <KANSIO> d-------- C:\Program Files\Logitech
2008-05-02 13:40 . 2003-12-11 12:50 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2008-05-02 13:40 . 2003-12-11 12:50 70,894 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-05-02 13:40 . 2003-12-11 12:50 51,582 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2008-05-02 13:40 . 2003-12-11 12:50 37,916 --a------ C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-05-02 13:40 . 2003-12-11 12:50 25,630 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-05-02 13:40 . 2003-12-11 12:50 23,372 --------- C:\WINDOWS\system32\LCOINST.DLL
2008-05-02 13:40 . 2003-12-11 12:50 20,992 --------- C:\WINDOWS\LOGI_MWX.EXE
2008-05-02 13:40 . 2003-12-11 12:50 14,092 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-05-02 13:39 . 2008-05-02 13:39 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-02 13:38 . 2008-05-05 17:12 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-02 13:34 . 2008-05-05 17:07 <KANSIO> d-------- C:\Program Files\Radeon Omega Drivers
2008-05-02 13:34 . 2008-05-02 13:34 472,576 --a------ C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-05-02 13:32 . 2008-05-05 17:54 <KANSIO> d-------- C:\Program Files\Xfire
2008-05-02 13:32 . 2008-05-05 17:33 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-02 13:32 . 2008-05-05 21:27 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Xfire
2008-05-02 13:32 . 2003-06-27 14:11 491,520 --a------ C:\WINDOWS\Au51Fun.exe
2008-05-02 13:32 . 2000-05-18 14:43 108,978 --a------ C:\WINDOWS\TTTest.wav
2008-05-02 13:31 . 2008-05-02 13:31 <KANSIO> d-------- C:\TerraTec
2008-05-02 13:31 . 2008-05-05 17:32 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2008-05-02 13:25 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-02 13:25 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-02 13:25 . 2007-07-30 19:18 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-02 13:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-02 13:25 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-02 13:23 . 2008-05-02 13:23 <KANSIO> d-------- C:\Program Files\Sygate
2008-05-02 13:23 . 2008-05-02 13:23 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 13:23 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-05-02 13:23 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-05-02 13:23 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-05-02 13:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-05-02 13:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-05-02 13:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-05-02 13:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-05-02 13:15 . 2008-05-05 21:26 <KANSIO> d-------- C:\Program Files\Steam
2008-05-02 13:15 . 2008-05-02 13:15 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-05-02 13:14 . 2008-05-02 13:14 <KANSIO> d-------- C:\Program Files\Opera

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 22:00 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\vlc
2008-05-02 09:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-05-05 15:24 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 12:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-30 03:57:48 2998608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\steamapps\\murha1992\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 01:29]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 21:30:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-05-05 21:31:53
ComboFix-quarantined-files.txt 2008-05-05 18:31:48

Pre-Run: 76,423,602,176 tavua vapaana
Post-Run: 76,428,775,424 tavua vapaana

206 --- E O F --- 2008-05-05 14:21:08

=================================================================


SDFix: Version 1.179
Run by Omistaja on 2008-05-05 at 21:42

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Omistaja\TYPYT~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 21:48:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Steam\\steamapps\\murha1992\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\murha1992\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Omistaja\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18397a86c04a39f976425987d938a72f\BIT52.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT13.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT11.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1c5569ded01b575fe3a7e275ade6fa47\download\BIT123.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1dbc83797bb08bfc6f29b30c2ad4249b\download\BIT53.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4fa7077dc904550867b20e133969e20a\download\BIT50.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52d535445a7e6158af3f02ffad4711ed\download\BIT124.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7151e4231862c5cbf2054db3516083eb\download\BIT87.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8436cda0baa5481bc338e6ee2beb1ecc\download\BIT128.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9df72f37cac9f88436f5e64660004705\download\BIT89.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a5714a97b96ed6cbe326d52417dd9ee0\download\BIT122.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c31655aa1f722605d9c99f8cddb01796\download\BITBF.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f052a5a48ce71727f801d1f48f751740\download\BIT91.tmp"

Finished!

=================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53, on 2008-05-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1209723448187
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5031 bytes

ComboFix 08-05-01.3 - Omistaja 2008-05-05 21:29:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.698 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-05 to 2008-05-05 )))))))))))))))))
.

2008-05-05 20:02 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-05 17:57 . 2008-05-05 17:57 <KANSIO> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-05 17:33 . 2008-05-05 17:33 <KANSIO> d-------- C:\Program Files\ToniArts
2008-05-05 17:10 . 2004-09-15 21:10 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-05 17:07 . 2008-05-05 17:07 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe
2008-05-05 16:58 . 2007-09-29 05:36 1,593,600 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-05-05 16:58 . 2004-09-14 16:11 516,768 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-05 15:54 . 2008-05-05 15:54 <KANSIO> d-------- C:\8b6bb82ea6c6c0ea8ef75963
2008-05-05 15:04 . 2008-05-05 15:04 <KANSIO> d-------- C:\Program Files\Java
2008-05-05 15:04 . 2008-05-05 15:04 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-05 15:04 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 06:01 . 2008-05-05 06:01 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2008-05-04 22:11 . 2008-05-04 22:11 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-04 20:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-05-04 20:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-05-04 20:51 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-05-04 20:51 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-05-04 20:49 . 2008-05-04 20:49 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-05-04 20:49 . 2008-05-05 18:13 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-04 20:49 . 2008-05-04 20:59 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-04 20:49 . 2008-05-05 18:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-04 20:49 . 2008-05-04 20:49 22,328 --a------ C:\Documents and Settings\Omistaja\Application Data\PnkBstrK.sys
2008-05-04 20:49 . 2008-05-04 20:49 319 --a------ C:\WINDOWS\game.ini
2008-05-04 20:38 . 2008-05-04 20:38 <KANSIO> d-------- C:\Program Files\ffdshow
2008-05-04 20:38 . 2008-04-21 15:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-04 20:38 . 2008-04-21 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-04 20:38 . 2008-04-21 15:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-04 20:34 . 2008-05-04 20:34 <KANSIO> d-------- C:\Program Files\Activision
2008-05-04 20:33 . 2008-05-04 20:33 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-05-04 18:38 . 2008-05-04 18:38 <KANSIO> d-------- C:\Program Files\B2BPOKER
2008-05-04 13:39 . 2008-05-04 13:39 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\ATI
2008-05-04 13:38 . 2008-05-04 13:38 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-04 13:35 . 2007-11-07 06:40 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2008-05-04 13:35 . 2005-12-03 01:49 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc01.cod
2008-05-04 13:34 . 2007-06-27 04:41 2,940,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-04 13:34 . 2007-09-29 06:05 2,456,064 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-04 13:34 . 2004-09-14 16:11 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-04 13:34 . 2004-09-14 16:11 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-05-04 13:34 . 2004-09-14 16:11 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-05-04 13:34 . 2004-09-14 16:06 701,440 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-04 13:30 . 2008-05-04 13:30 <KANSIO> d-------- C:\WINDOWS\system32\fi-FI
2008-05-04 13:28 . 2008-05-04 13:28 <KANSIO> d-------- C:\Program Files\MSBuild
2008-05-04 13:25 . 2008-05-05 17:18 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-04 13:24 . 2008-05-04 13:24 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2008-05-04 13:23 . 2008-05-04 13:23 <KANSIO> d-------- C:\6345597ee0f0f8c4593ec665
2008-05-04 13:23 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-04 13:02 . 2008-05-05 16:56 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-04 13:00 . 2008-05-04 13:00 <KANSIO> d-------- C:\Program Files\Driver Cleaner Pro
2008-05-04 11:50 . 2008-05-05 15:47 10 --a------ C:\WINDOWS\WININIT.INI
2008-05-04 01:00 . 2008-05-04 01:00 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\vlc
2008-05-03 22:34 . 2008-05-03 22:34 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Grisoft
2008-05-03 22:34 . 2008-05-03 22:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-03 22:34 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-03 19:00 . 2008-05-03 19:00 <KANSIO> d-------- C:\Program Files\AP Tuner
2008-05-03 18:56 . 2008-05-03 19:01 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\NCH Swift Sound
2008-05-03 18:56 . 2008-05-03 18:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-03 18:44 . 2008-05-03 18:44 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2008-05-03 16:54 . 2008-05-03 16:55 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-05-03 15:49 . 2008-05-05 18:11 <KANSIO> d-------- C:\Program Files\mIRC
2008-05-03 15:49 . 2008-05-05 20:11 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\mIRC
2008-05-03 11:54 . 2008-05-05 18:06 <KANSIO> d-------- C:\Program Files\SpeedFan
2008-05-03 11:54 . 2008-05-03 11:54 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-05-03 11:11 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-03 11:11 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-03 11:11 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-02 22:17 . 2004-09-15 15:00 2,921,984 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-05-02 22:16 . 2003-07-30 11:49 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin
2008-05-02 22:15 . 2004-09-15 15:00 4,190,352 --a--c--- C:\WINDOWS\system32\dllcache\luna.mst
2008-05-02 22:14 . 2004-09-15 15:00 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2008-05-02 22:13 . 2004-09-15 15:00 1,852,416 --a--c--- C:\WINDOWS\system32\dllcache\acgenral.dll
2008-05-02 13:57 . 2008-05-02 13:57 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-02 13:57 . 2008-05-02 14:35 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Contacts
2008-05-02 13:50 . 2006-02-22 03:05 144,213 --a------ C:\WINDOWS\system32\atmfinxx.hlp
2008-05-02 13:50 . 2006-02-22 03:05 43,310 --a------ C:\WINDOWS\system32\attfinxx.hlp
2008-05-02 13:50 . 2006-02-22 03:05 24,260 --a------ C:\WINDOWS\system32\atffinxx.hlp
2008-05-02 13:48 . 2008-05-02 13:56 <KANSIO> d-------- C:\Program Files\Windows Live
2008-05-02 13:48 . 2008-05-02 13:56 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-02 13:48 . 2008-05-02 13:48 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-02 13:45 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-05-02 13:45 . 2004-08-03 23:08 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2008-05-02 13:41 . 2008-05-02 13:41 <KANSIO> d-------- C:\Program Files\Common Files\Logitech
2008-05-02 13:41 . 2008-05-05 21:23 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\foobar2000
2008-05-02 13:41 . 2003-12-18 09:50 155,648 --a------ C:\WINDOWS\system32\ifc21.dll
2008-05-02 13:41 . 2003-12-18 09:50 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2008-05-02 13:41 . 2003-12-18 09:50 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2008-05-02 13:41 . 2003-12-18 09:50 94,208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2008-05-02 13:41 . 2003-12-18 09:50 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2008-05-02 13:41 . 2003-12-18 09:50 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2008-05-02 13:40 . 2008-05-02 13:40 <KANSIO> d-------- C:\Program Files\Logitech
2008-05-02 13:40 . 2003-12-11 12:50 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2008-05-02 13:40 . 2003-12-11 12:50 70,894 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-05-02 13:40 . 2003-12-11 12:50 51,582 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2008-05-02 13:40 . 2003-12-11 12:50 37,916 --a------ C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-05-02 13:40 . 2003-12-11 12:50 25,630 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-05-02 13:40 . 2003-12-11 12:50 23,372 --------- C:\WINDOWS\system32\LCOINST.DLL
2008-05-02 13:40 . 2003-12-11 12:50 20,992 --------- C:\WINDOWS\LOGI_MWX.EXE
2008-05-02 13:40 . 2003-12-11 12:50 14,092 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-05-02 13:39 . 2008-05-02 13:39 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-02 13:38 . 2008-05-05 17:12 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-02 13:34 . 2008-05-05 17:07 <KANSIO> d-------- C:\Program Files\Radeon Omega Drivers
2008-05-02 13:34 . 2008-05-02 13:34 472,576 --a------ C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-05-02 13:32 . 2008-05-05 17:54 <KANSIO> d-------- C:\Program Files\Xfire
2008-05-02 13:32 . 2008-05-05 17:33 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-02 13:32 . 2008-05-05 21:27 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Xfire
2008-05-02 13:32 . 2003-06-27 14:11 491,520 --a------ C:\WINDOWS\Au51Fun.exe
2008-05-02 13:32 . 2000-05-18 14:43 108,978 --a------ C:\WINDOWS\TTTest.wav
2008-05-02 13:31 . 2008-05-02 13:31 <KANSIO> d-------- C:\TerraTec
2008-05-02 13:31 . 2008-05-05 17:32 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2008-05-02 13:25 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-02 13:25 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-02 13:25 . 2007-07-30 19:18 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-02 13:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-02 13:25 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-02 13:23 . 2008-05-02 13:23 <KANSIO> d-------- C:\Program Files\Sygate
2008-05-02 13:23 . 2008-05-02 13:23 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 13:23 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-05-02 13:23 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-05-02 13:23 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-05-02 13:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-05-02 13:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-05-02 13:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-05-02 13:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-05-02 13:15 . 2008-05-05 21:26 <KANSIO> d-------- C:\Program Files\Steam
2008-05-02 13:15 . 2008-05-02 13:15 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-05-02 13:14 . 2008-05-02 13:14 <KANSIO> d-------- C:\Program Files\Opera

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 22:00 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\vlc
2008-05-02 09:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-05-05 15:24 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 12:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-30 03:57:48 2998608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\steamapps\\murha1992\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 01:29]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 21:30:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-05-05 21:31:53
ComboFix-quarantined-files.txt 2008-05-05 18:31:48

Pre-Run: 76,423,602,176 tavua vapaana
Post-Run: 76,428,775,424 tavua vapaana

206 --- E O F --- 2008-05-05 14:21:08

=================================================================


SDFix: Version 1.179
Run by Omistaja on 2008-05-05 at 21:42

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Omistaja\TYPYT~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 21:48:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Steam\\steamapps\\murha1992\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\murha1992\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Omistaja\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18397a86c04a39f976425987d938a72f\BIT52.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT13.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT11.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1c5569ded01b575fe3a7e275ade6fa47\download\BIT123.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1dbc83797bb08bfc6f29b30c2ad4249b\download\BIT53.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4fa7077dc904550867b20e133969e20a\download\BIT50.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52d535445a7e6158af3f02ffad4711ed\download\BIT124.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7151e4231862c5cbf2054db3516083eb\download\BIT87.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8436cda0baa5481bc338e6ee2beb1ecc\download\BIT128.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9df72f37cac9f88436f5e64660004705\download\BIT89.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a5714a97b96ed6cbe326d52417dd9ee0\download\BIT122.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c31655aa1f722605d9c99f8cddb01796\download\BITBF.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f052a5a48ce71727f801d1f48f751740\download\BIT91.tmp"

Finished!

=================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53, on 2008-05-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1209723448187
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5031 bytes

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 720

Tarkistustyyppi: Täysi tarkistus (A:\|C:\|D:\|E:\|F:\|)
Tarkistetut kohteet: 64467
Kulunut aika: 30 minute(s), 25 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Jaa-a eipä ollu mitään vaikutasta nuillakaan :'(. Pitää tyytä irkkaamiseen sitte :()

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

Fri May 09 00:01:36 2008 => ***** Scanning complete. *****
Fri May 09 00:01:37 2008 => Total Number of Files Scanned: 35978
Fri May 09 00:01:37 2008 => Total Number of Virus(es) Found: 2
Fri May 09 00:01:37 2008 => Total Number of Disinfected Files: 0
Fri May 09 00:01:37 2008 => Total Number of Files Renamed: 0
Fri May 09 00:01:37 2008 => Total Number of Deleted Files: 0
Fri May 09 00:01:37 2008 => Total Number of Errors: 4
Fri May 09 00:01:37 2008 => Time Elapsed: 01:02:50
Fri May 09 00:01:37 2008 => Virus Database Date: 2008/05/08
Fri May 09 00:01:37 2008 => Virus Database Count: 747889

Fri May 09 00:01:37 2008 => Scan Completed.



File C:\PROGRA~1\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.631. No Action Taken.

File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.631. No Action Taken.

Ratkaisu löytyi sammuttamalla Sygaten palomuurin :) Nyt meni sit kesälomaki "pilalle" ^_^