hjt logia, mese virus mahdollisesti??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:02, on 27.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\winudspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://elisa.net/paketti/haku.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SMS-viesti - {8088DCEE-8B50-4D03-A179-4314E5D0C875} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {B4684F49-D1D8-4B88-BECB-EE89C6A779AE} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {C9A28965-4807-4A4F-805C-3B70BC954452} - http://service.kolumbus.fi/ (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200409831750
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 7240 bytes

 

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

combo fixi

ComboFix 08-05-27.4 - Toni 2008-05-28 17:34:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.986 [GMT 3:00]
Running from: C:\Documents and Settings\Toni\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Toni\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\winudspm.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\winudspm.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-28 )))))))))))))))))
.

2008-05-27 23:36 . 2008-05-27 23:36 40,960 --a------ C:\dcis.exe
2008-05-27 23:26 . 2008-05-28 00:29 56,832 --a------ C:\sexy.com
2008-05-27 23:25 . 2008-05-28 12:39 40,960 --a------ C:\dciz.exe
2008-05-27 23:23 . 2008-05-27 23:23 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-27 18:35 . 2008-04-14 09:12 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-05-27 18:23 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\003088_.tmp
2008-05-21 23:47 . 2008-05-21 23:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 23:47 . 2008-05-21 23:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-19 18:51 . 2008-05-19 18:51 <KANSIO> d-------- C:\Documents and Settings\Riitta\Application Data\Skype
2008-05-19 00:54 . 2004-09-15 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-19 00:53 . 2008-04-14 09:10 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-19 00:52 . 2003-04-14 21:02 212,992 --a--c--- C:\WINDOWS\system32\dllcache\fpmmcsat.dll
2008-05-19 00:52 . 2001-10-05 16:31 45,056 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
2008-05-19 00:52 . 2003-04-14 21:02 16,384 --a--c--- C:\WINDOWS\system32\dllcache\tcptsat.dll
2008-05-19 00:52 . 2001-10-05 16:31 5,632 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2008-05-19 00:50 . 2004-09-15 15:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-19 00:50 . 2008-05-19 00:50 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-19 00:50 . 2008-05-19 00:50 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-19 00:50 . 2008-05-19 00:50 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-19 00:50 . 2008-05-19 00:50 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-19 00:50 . 2008-05-19 00:50 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-19 00:38 . 2008-05-19 00:38 <KANSIO> dr------- C:\Documents and Settings\Default User\Omat tiedostot
2008-05-19 00:17 . 2004-09-15 15:00 1,014,139 -ra------ C:\WINDOWS\SET5F.tmp
2008-05-18 19:16 . 2008-05-18 19:17 <KANSIO> d-------- C:\Documents and Settings\Toni\Application Data\U3
2008-05-18 19:16 . 2008-05-18 19:16 12,128 --a------ C:\WINDOWS\setupapi.old
2008-05-16 22:45 . 2008-05-16 22:45 <KANSIO> d-------- C:\Program Files\Subdownloader
2008-05-13 16:24 . 2008-05-13 16:24 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-05-13 16:24 . 2008-05-13 16:24 <KANSIO> d-------- C:\WINDOWS\system32\bits
2008-05-13 16:24 . 2008-05-13 16:24 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-05-13 16:24 . 2008-04-14 09:11 712,704 --a------ C:\WINDOWS\system32\windowscodecs.dll
2008-05-13 16:24 . 2008-04-14 09:11 346,112 --a------ C:\WINDOWS\system32\windowscodecsext.dll
2008-05-13 16:24 . 2008-04-14 09:11 276,992 --a------ C:\WINDOWS\system32\wmphoto.dll
2008-05-13 16:24 . 2008-04-14 09:11 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-05-13 16:24 . 2008-04-14 09:11 53,248 --a------ C:\WINDOWS\system32\tsgqec.dll
2008-05-13 16:24 . 2008-04-14 09:11 50,688 --a------ C:\WINDOWS\system32\tspkg.dll
2008-05-13 16:24 . 2008-04-14 09:12 32,866 --a------ C:\WINDOWS\slrundll.exe
2008-05-13 16:24 . 2008-04-14 09:12 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-05-13 16:20 . 2008-05-13 16:25 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 16:18 . 2008-04-13 09:34 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-13 16:15 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002635_.tmp
2008-05-13 16:13 . 2008-05-27 18:20 <KANSIO> d-------- C:\WINDOWS\EHome
2008-05-12 14:45 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002631_.tmp
2008-05-12 14:43 . 2007-10-25 19:44 8,464,384 --a------ C:\WINDOWS\system32\shell32(2).dll
2008-05-12 14:42 . 2004-09-15 15:00 726,528 --a------ C:\WINDOWS\system32\SET57A.tmp
2008-05-05 20:09 . 2008-05-05 20:09 <KANSIO> d-------- C:\Documents and Settings\Toni\OngameNetwork
2008-04-30 14:54 . 2008-04-30 14:54 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Työpöytä
2008-04-30 14:54 . 2008-04-30 14:54 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Käynnistä-valikko
2008-04-30 14:54 . 2008-04-14 09:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-30 13:48 . 2008-04-30 13:48 <KANSIO> d-------- C:\Program Files\Winamp
2008-04-30 13:48 . 2008-04-30 13:52 <KANSIO> d-------- C:\Documents and Settings\Toni\Application Data\Winamp
2008-04-29 15:14 . 2008-04-29 15:14 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 15:10 . 2004-06-22 08:23 103,474 --a------ C:\WINDOWS\hpoins04.dat.temp
2008-04-29 15:10 . 2004-06-22 08:04 17,176 --a------ C:\WINDOWS\hpomdl04.dat.temp
2008-04-29 14:59 . 2008-04-13 11:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-29 14:56 . 2008-04-29 14:57 <KANSIO> d-------- C:\Program Files\HP
2008-04-29 14:55 . 2008-04-29 15:15 103,535 --a------ C:\WINDOWS\hpoins04.dat
2008-04-29 14:55 . 2004-06-22 08:04 17,176 --a------ C:\WINDOWS\hpomdl04.dat
2008-04-29 14:54 . 2008-04-29 14:55 <KANSIO> d-------- C:\temp\HP_WebRelease
2008-04-29 14:54 . 2008-04-29 15:34 <KANSIO> d-------- C:\temp

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 18:30 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-10-02 18:30 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2008-10-02 18:30 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-28 14:01 --------- d-----w C:\Program Files\Steam
2008-05-27 21:25 --------- d-----w C:\Documents and Settings\Toni\Application Data\Skype
2008-05-27 19:16 --------- d-----w C:\Documents and Settings\Toni\Application Data\skypePM
2008-05-27 19:13 --------- d-----w C:\Program Files\MSN Messenger
2008-05-23 17:44 --------- d-----w C:\Program Files\DC++
2008-05-18 16:37 --------- d-----w C:\Documents and Settings\Toni\Application Data\uTorrent
2008-05-18 13:07 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-07 13:29 --------- d-----w C:\Program Files\iTunes
2008-04-24 18:54 --------- d-----w C:\Program Files\Bonjour
2008-04-24 18:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 21:26 --------- d-----w C:\Documents and Settings\Toni\Application Data\Malwarebytes
2008-04-16 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 06:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 06:15 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 06:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 06:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 06:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 06:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 06:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 06:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 06:11 997,888 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 06:10 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 06:09 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 06:09 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 06:09 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 06:09 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 05:51 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 05:51 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 05:51 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 05:51 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 05:51 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 05:49 2,191,360 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:49 2,068,224 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:48 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 05:47 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 05:47 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 05:46 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 05:46 37,120 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 05:46 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 05:46 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 05:45 80,384 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 05:45 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 05:45 40,320 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 05:45 2,957,312 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 05:44 48,640 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 05:43 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:43 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 05:43 52,096 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 05:42 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:42 171,520 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 05:41 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 05:41 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:40 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 05:40 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 05:40 272,896 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:39 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 05:39 51,840 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 05:39 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 05:38 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 05:38 39,808 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 05:38 326,912 ----a-w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 05:38 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 05:37 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 05:37 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 05:36 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:36 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 05:36 187,904 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 09:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 09:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 09:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 09:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 09:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 09:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 09:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 09:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 09:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 09:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 09:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 09:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 09:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 09:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 09:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 09:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 09:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 09:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 09:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 09:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 09:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 09:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 08:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 08:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 08:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 08:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 08:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 08:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 08:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 08:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 22:05 339968]
"F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2007-04-26 20:12 183208]
"F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2007-04-26 20:10 740208]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 06:15 83968]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2006-11-10 17:19 1051648]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 13:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Windows UDP Control"="winudspm.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20273:TCP"= 20273:TCP:BitComet 20273 TCP
"20273:UDP"= 20273:UDP:BitComet 20273 UDP


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b241552f-c2ec-11dc-a8a0-806d6172696f}]
\Shell\AutoRun\command - E:\Bin\assetup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 17:40:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-28 17:51:01
ComboFix-quarantined-files.txt 2008-05-28 14:50:30

Pre-Run: 58,868,555,776 tavua vapaana
Post-Run: 58,885,533,696 tavua vapaana

233 --- E O F --- 2008-05-28 09:40:30



ja HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:31, on 28.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SMS-viesti - {8088DCEE-8B50-4D03-A179-4314E5D0C875} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {B4684F49-D1D8-4B88-BECB-EE89C6A779AE} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {C9A28965-4807-4A4F-805C-3B70BC954452} - http://service.kolumbus.fi/ (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200409831750
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 7108 bytes

 

Mesemato lähti.
Fixaa HJT:llä vielä tämä:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

Varmistetaan:
Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi.

 

Malvare bytes ei löytäny mitään

Malwarebytes' Anti-Malware 1.12
Tietokantaversio: 794

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 156897
Kulunut aika: 1 hour(s), 3 minute(s), 9 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)


ja tossa vielä hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:12, on 28.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsus.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SMS-viesti - {8088DCEE-8B50-4D03-A179-4314E5D0C875} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {B4684F49-D1D8-4B88-BECB-EE89C6A779AE} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {C9A28965-4807-4A4F-805C-3B70BC954452} - http://service.kolumbus.fi/ (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200409831750
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6973 bytes

 

Hienoa puhdasta tuli !!!

 

kiitoksia vastauksista

 

Ollos hyvä !!!!

Nämä Tietokoneen Suojaus ohjeet ovat vain oman kokemuseni mukaan.

Yksi virustutka ja yksi palomuuri.

Javan päivitys:
* http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 4

* Kyllä InternetExplorein päivitys kannattaa se on osa Winukan käyttöjärjestelmää.
Eli se käynnistyy aina, kun Winukkakin (ei pysty poistamaan kokonaan)

* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.
Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

* Asenna SpywareBlaster!
SpywareBlaster estää haittaohjelmien asentumista koneelle.
SpywareBlasterin latauslinkki!


SpywareBlaster opas!

* Järjestelmän palautus!
Tyhjennä ja luo uusi järjestelmän palautuspiste säännöllisesti!
Näin vältyt siltä, että palautuspisteisiin ei jää örkkejä.
Kuinka putsaan järjestelmän palautuksen ja luon uuden palautus pisteen? Ohjeet löytyy täältä!

* Pidä ohjelmat päivitettyinä!
Muista pitää kaikki ohjelmat ajantasalla, myös Windows. Vieraile Windowsin päivityskeskuksessa säännöllisesti ja asenna kaikki päivitykset. Windowsin päivityskeskus.

Pusy puhtaana !!!

 

Mulla oli tämä sama viirus, ja Malwarebytesillä tais lähtee, ja näillä ohjeilla täällä, mutta haluan olla varma, koska netti on vielä vähän hidas ja esim Winamp avautuu turhankin hitaasti. Voisiko joku vähän tulkita.

Vastaotettu Combofix:

ComboFix 08-05-27.4 - Late 2008-05-30 14:46:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.225 [GMT 3:00]
Running from: C:\Documents and Settings\Late\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Late\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM37b3fcd5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alyjcydw.dll
C:\WINDOWS\system32\huyuxjnq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\slipktqs.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-30 )))))))))))))))))
.

2008-05-29 17:31 . 2008-05-29 17:31 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 17:31 . 2008-05-29 17:31 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\Malwarebytes
2008-05-29 17:31 . 2008-05-29 17:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 17:31 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 17:31 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 22:48 . 2008-05-28 22:48 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-28 19:21 . 2008-05-28 19:21 56,832 --a------ C:\sxy.com
2008-05-27 20:51 . 2008-05-27 20:51 <KANSIO> d--h----- C:\WINDOWS\PIF
2008-05-27 20:41 . 2008-05-28 21:54 40,960 --a------ C:\dci.exe
2008-05-26 20:58 . 2008-05-26 20:58 <KANSIO> d-------- C:\Program Files\LD-Anime
2008-05-26 20:33 . 2008-05-28 16:13 <KANSIO> d-------- C:\Program Files\BSplayerPro
2008-05-26 20:33 . 2008-05-26 20:55 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\BSplayer PRO
2008-05-22 22:33 . 2008-05-22 22:33 172 --ah----- C:\sqmnoopt19.sqm
2008-05-22 22:33 . 2008-05-22 22:33 172 --ah----- C:\sqmdata19.sqm
2008-05-22 20:16 . 2008-05-22 20:16 268 --ah----- C:\sqmdata18.sqm
2008-05-22 20:16 . 2008-05-22 20:16 244 --ah----- C:\sqmnoopt18.sqm
2008-05-21 15:53 . 2008-05-25 14:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-05-20 21:01 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2008-05-20 21:01 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2008-05-20 21:01 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2008-05-20 21:01 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2008-05-20 21:01 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2008-05-20 21:01 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2008-05-19 22:37 . 2008-05-19 22:37 268 --ah----- C:\sqmdata17.sqm
2008-05-19 22:37 . 2008-05-19 22:37 244 --ah----- C:\sqmnoopt17.sqm
2008-05-19 18:24 . 2008-05-19 18:24 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2008-05-19 16:32 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-05-19 16:32 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-05-19 16:32 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-05-19 16:04 . 2008-05-19 16:04 <KANSIO> d-------- C:\Program Files\uTorrent
2008-05-19 16:03 . 2008-05-26 21:17 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\uTorrent
2008-05-19 16:03 . 2008-05-19 16:03 267,568 --a------ C:\Program Files\utorrent-1.8.exe
2008-05-19 15:54 . 2008-05-19 15:55 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-05-19 15:50 . 2008-05-19 15:50 <KANSIO> d-------- C:\Program Files\Disc2Phone
2008-05-19 15:48 . 2008-05-19 15:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-19 15:48 . 2008-05-19 15:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-19 15:47 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-19 15:47 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-18 22:01 . 2008-05-18 22:01 268 --ah----- C:\sqmdata16.sqm
2008-05-18 22:01 . 2008-05-18 22:01 244 --ah----- C:\sqmnoopt16.sqm
2008-05-16 22:07 . 2008-05-16 22:07 268 --ah----- C:\sqmdata15.sqm
2008-05-16 22:07 . 2008-05-16 22:07 244 --ah----- C:\sqmnoopt15.sqm
2008-05-07 23:15 . 2008-05-07 23:15 268 --ah----- C:\sqmdata14.sqm
2008-05-07 23:15 . 2008-05-07 23:15 244 --ah----- C:\sqmnoopt14.sqm
2008-05-04 12:46 . 2008-05-04 12:46 268 --ah----- C:\sqmdata13.sqm
2008-05-04 12:46 . 2008-05-04 12:46 244 --ah----- C:\sqmnoopt13.sqm
2008-05-03 22:57 . 2008-05-03 22:57 268 --ah----- C:\sqmdata12.sqm
2008-05-03 22:57 . 2008-05-03 22:57 244 --ah----- C:\sqmnoopt12.sqm
2008-05-03 09:45 . 2008-05-03 09:45 268 --ah----- C:\sqmdata11.sqm
2008-05-03 09:45 . 2008-05-03 09:45 244 --ah----- C:\sqmnoopt11.sqm
2008-05-01 12:06 . 2008-05-03 13:22 <KANSIO> d-------- C:\Program Files\DC++
2008-05-01 12:06 . 2008-05-01 12:06 3,030,204 --a------ C:\Program Files\DCPlusPlus-0.705.exe
2008-04-28 21:51 . 2008-04-28 21:51 268 --ah----- C:\sqmdata10.sqm
2008-04-28 21:51 . 2008-04-28 21:51 244 --ah----- C:\sqmnoopt10.sqm
2008-04-28 21:14 . 2008-04-28 21:14 <KANSIO> d-------- C:\Documents and Settings\Inkku\Application Data\Symantec
2008-04-27 21:18 . 2008-04-27 21:18 268 --ah----- C:\sqmdata09.sqm
2008-04-27 21:18 . 2008-04-27 21:18 244 --ah----- C:\sqmnoopt09.sqm
2008-04-26 13:04 . 2008-04-26 13:04 268 --ah----- C:\sqmdata08.sqm
2008-04-26 13:04 . 2008-04-26 13:04 244 --ah----- C:\sqmnoopt08.sqm
2008-04-25 15:39 . 2008-04-25 15:39 <KANSIO> d-------- C:\HP LJ1320
2008-04-25 15:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-25 15:31 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-24 21:05 . 2008-04-24 21:05 268 --ah----- C:\sqmdata07.sqm
2008-04-24 21:05 . 2008-04-24 21:05 244 --ah----- C:\sqmnoopt07.sqm
2008-04-22 22:21 . 2008-04-22 22:21 268 --ah----- C:\sqmdata06.sqm
2008-04-22 22:21 . 2008-04-22 22:21 244 --ah----- C:\sqmnoopt06.sqm
2008-04-21 22:22 . 2008-04-21 22:22 268 --ah----- C:\sqmdata05.sqm
2008-04-21 22:22 . 2008-04-21 22:22 244 --ah----- C:\sqmnoopt05.sqm
2008-04-21 07:50 . 2008-04-21 07:50 268 --ah----- C:\sqmdata04.sqm
2008-04-21 07:50 . 2008-04-21 07:50 244 --ah----- C:\sqmnoopt04.sqm
2008-04-20 23:28 . 2008-04-20 23:28 268 --ah----- C:\sqmdata03.sqm
2008-04-20 23:28 . 2008-04-20 23:28 244 --ah----- C:\sqmnoopt03.sqm
2008-04-19 17:26 . 2008-05-27 21:11 268 --ah----- C:\sqmdata01.sqm
2008-04-19 17:26 . 2008-05-27 21:11 244 --ah----- C:\sqmnoopt01.sqm
2008-04-19 17:26 . 2008-05-27 22:21 172 --ah----- C:\sqmnoopt02.sqm
2008-04-19 17:26 . 2008-05-27 22:21 172 --ah----- C:\sqmdata02.sqm
2008-04-19 17:20 . 2008-05-26 23:03 268 --ah----- C:\sqmdata00.sqm
2008-04-19 17:20 . 2008-05-26 23:03 244 --ah----- C:\sqmnoopt00.sqm
2008-04-19 16:49 . 2008-04-19 16:50 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2008-04-19 16:49 . 2008-04-19 16:49 <KANSIO> d-------- C:\Documents and Settings\Late\Contacts
2008-04-17 20:19 . 2008-04-21 20:27 <KANSIO> d-------- C:\Documents and Settings\Late\e-Safekey
2008-04-15 20:24 . 2008-04-15 20:24 <KANSIO> d-------- C:\Program Files\Audacity
2008-04-15 20:23 . 2008-04-15 20:23 2,228,534 --a------ C:\Program Files\audacity-win-1.2.6.exe
2008-04-13 19:54 . 2008-04-13 19:54 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\Symantec
2008-04-12 10:16 . 2008-04-12 10:16 <KANSIO> d-------- C:\Documents and Settings\Ultimate Ride\Omat tiedostot
2008-04-12 10:16 . 2008-04-12 10:16 <KANSIO> d-------- C:\Documents and Settings\Ultimate Ride
2008-04-11 22:13 . 2008-03-21 12:54 2,000,324 --a------ C:\Program Files\CDex 1.51.exe
2008-04-11 20:46 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-11 20:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-11 20:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-11 20:46 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-11 10:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-11 10:36 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-11 10:36 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-10 16:07 . 2008-04-10 16:07 2,402,320 --a------ C:\Program Files\WLinstaller.exe
2008-04-10 16:02 . 2008-04-19 16:45 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-10 16:01 . 2008-04-19 16:46 <KANSIO> d-------- C:\Program Files\Windows Live
2008-04-10 16:01 . 2008-04-19 16:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 15:56 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-10 15:56 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-10 15:56 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-09 20:51 . 2008-04-09 20:51 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2008-04-09 20:51 . 2008-04-09 20:51 <KANSIO> d-------- C:\Program Files\Winamp Remote
2008-04-09 20:51 . 2008-04-09 20:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-04-09 20:51 . 2008-04-09 20:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-04-09 20:50 . 2008-04-09 20:53 <KANSIO> d-------- C:\Program Files\Winamp
2008-04-09 20:50 . 2008-04-19 15:29 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\Winamp
2008-04-09 20:45 . 2008-05-29 13:31 <KANSIO> d-------- C:\Program Files\Google
2008-04-09 20:06 . 2008-04-21 07:41 <KANSIO> d-------- C:\Documents and Settings\Inkku\e-Safekey
2008-04-09 20:05 . 2008-04-09 20:05 <KANSIO> d-------- C:\WINDOWS\Sun
2008-04-08 21:01 . 2008-04-08 21:01 <KANSIO> d-------- C:\Program Files\ANI
2008-04-08 19:03 . 2008-05-14 16:40 <KANSIO> d--h----- C:\Documents and Settings\Late\Verkkoympäristö
2008-04-08 19:03 . 2008-05-30 14:46 <KANSIO> d-------- C:\Documents and Settings\Late\Työpöytä
2008-04-08 19:03 . 2000-02-16 08:32 <KANSIO> d--h----- C:\Documents and Settings\Late\Tulostinympäristö
2008-04-08 19:03 . 2008-05-29 22:33 <KANSIO> dr------- C:\Documents and Settings\Late\Suosikit
2008-04-08 19:03 . 2008-05-29 13:30 <KANSIO> dr------- C:\Documents and Settings\Late\Omat tiedostot
2008-04-08 19:03 . 2000-02-16 06:41 <KANSIO> d--h----- C:\Documents and Settings\Late\Mallit
2008-04-08 19:03 . 2008-05-19 16:04 <KANSIO> dr------- C:\Documents and Settings\Late\Käynnistä-valikko
2008-04-08 19:03 . 2008-05-29 17:42 <KANSIO> d-------- C:\Documents and Settings\Late
2008-04-08 19:00 . 2008-04-15 21:53 <KANSIO> d--h----- C:\Documents and Settings\Inkku\Verkkoympäristö
2008-04-08 19:00 . 2008-05-24 10:24 <KANSIO> d-------- C:\Documents and Settings\Inkku\Työpöytä
2008-04-08 19:00 . 2000-02-16 08:32 <KANSIO> d--h----- C:\Documents and Settings\Inkku\Tulostinympäristö
2008-04-08 19:00 . 2008-05-18 21:22 <KANSIO> dr------- C:\Documents and Settings\Inkku\Suosikit
2008-04-08 19:00 . 2008-04-19 17:20 <KANSIO> dr------- C:\Documents and Settings\Inkku\Omat tiedostot
2008-04-08 19:00 . 2000-02-16 06:41 <KANSIO> d--h----- C:\Documents and Settings\Inkku\Mallit

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 14:17 13,030 ----a-w C:\Program Files\Guitar_Pro_5.2 RSE.torrent
2008-05-19 13:42 34,077 ----a-w C:\Program Files\Guitar_Pro_5.2.torrent
2008-04-08 18:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 07:57 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 10:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 05:51 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2008-02-29 05:51 50,688 ----a-w C:\WINDOWS\system32\dmutil.dll
2008-02-29 05:51 48,128 ----a-w C:\WINDOWS\system32\cnbjmon.dll
2008-02-29 05:51 476,160 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2008-02-29 05:51 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2008-02-29 05:51 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2008-02-29 05:51 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-02-29 05:51 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2008-02-29 05:51 2,061,696 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-02-29 05:51 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
2008-02-29 05:51 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll
2008-02-29 05:51 1,548,288 ----a-w C:\WINDOWS\system32\sfcfiles.dll
2008-02-29 05:44 985,088 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-02-29 05:43 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2008-02-29 05:43 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2008-02-29 05:43 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2008-02-29 05:43 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2008-02-29 05:43 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2008-02-29 05:42 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
2008-02-29 05:42 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
2008-02-29 05:42 343,040 ----a-w C:\WINDOWS\system32\msvcrt.dll
2008-02-29 05:42 2,184,448 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-02-29 05:42 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2008-02-29 05:40 600,576 ----a-w C:\WINDOWS\system32\mstsc.exe
2008-02-29 05:40 36,352 ----a-w C:\WINDOWS\system32\tsgqec.dll
2008-02-29 05:40 288,768 ----a-w C:\WINDOWS\system32\rhttpaa.dll
2008-02-29 05:40 122,368 ----a-w C:\WINDOWS\system32\oledlg.dll
2008-02-29 05:40 116,736 ----a-w C:\WINDOWS\system32\aaclient.dll
2008-02-29 05:40 1,866,240 ----a-w C:\WINDOWS\system32\mstscax.dll
2008-02-29 05:38 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
2008-02-29 05:38 1,438,208 ----a-w C:\WINDOWS\system32\query.dll
2008-02-29 05:37 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
2008-02-29 05:37 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe
2008-02-29 05:36 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
2008-02-29 05:36 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
2008-02-29 05:36 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
2008-02-29 05:36 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
2008-02-29 05:36 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
2008-02-29 05:36 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
2008-02-29 05:36 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
2008-02-29 05:35 96,792 ----a-w C:\WINDOWS\system32\basecsp.dll
2008-02-29 05:35 84,992 ----a-w C:\WINDOWS\system32\pintool.exe
2008-02-29 05:35 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
2008-02-29 05:35 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
2008-02-29 05:35 26,112 ----a-w C:\WINDOWS\system32\bcsprsrc.dll
2008-02-29 05:35 151,552 ----a-w C:\WINDOWS\system32\ifxcardm.dll
2008-02-29 05:35 133,120 ----a-w C:\WINDOWS\system32\axaltocm.dll
2008-02-29 05:35 117,760 ----a-w C:\WINDOWS\system32\t2embed.dll
2008-02-29 05:35 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
2008-02-29 05:32 62,464 ----a-w C:\WINDOWS\system32\authz.dll
2008-02-29 05:31 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
2008-02-29 05:31 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-02-29 05:31 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-02-29 05:31 350,208 ----a-w C:\WINDOWS\system32\hypertrm.dll
2008-02-29 05:31 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
2008-02-29 05:31 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
2008-02-26 12:00 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-20 18:50 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 09:14 68856]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-03-25 05:59 507904]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2000-02-16 06:47 32881]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"P17Helper"="P17.dll" [2006-03-17 17:11 81408 C:\WINDOWS\system32\P17.dll]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-01 16:01 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52675:UDP"= 52675:UDP:uTorrent

R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 19:34]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-30 11:17:07 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 14:48:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-30 14:54:53
ComboFix-quarantined-files.txt 2008-05-30 11:54:49

Pre-Run: 46,556,868,608 tavua vapaana
Post-Run: 46,556,327,936 tavua vapaana

296 --- E O F --- 2008-05-29 18:17:37

Ja HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:40, on 30.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8776 bytes

 

==>> Latemast

Java on yhtä tärkeä, kuin palomuuri.

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
(Windows Vista: Käynnistä -> [kirjoita hakukenttään] Ohjelmat ja toiminnot ja Enter)

2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 6

Paina Download

Laita Platform -kohtaan Windows

Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue

Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:

* Applications and Applets

* Trace and Log Files


Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically

Valitse Never check

11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

------------------------------------------------------------

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

--------------------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* C:\ComboFix.exe raportti
*

 

Combofix:

ComboFix 08-05-27.4 - Late 2008-05-30 17:28:24.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.175 [GMT 3:00]
Running from: C:\Documents and Settings\Late\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Late\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\dci.exe
C:\sxy.com
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dci.exe
C:\sxy.com

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-30 )))))))))))))))))
.

2008-05-30 17:10 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-30 17:09 . 2008-05-30 17:09 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-05-29 17:31 . 2008-05-29 17:31 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 17:31 . 2008-05-29 17:31 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\Malwarebytes
2008-05-29 17:31 . 2008-05-29 17:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 17:31 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 17:31 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 22:48 . 2008-05-28 22:48 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-27 20:51 . 2008-05-27 20:51 <KANSIO> d--h----- C:\WINDOWS\PIF
2008-05-26 20:58 . 2008-05-26 20:58 <KANSIO> d-------- C:\Program Files\LD-Anime
2008-05-26 20:33 . 2008-05-28 16:13 <KANSIO> d-------- C:\Program Files\BSplayerPro
2008-05-26 20:33 . 2008-05-26 20:55 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\BSplayer PRO
2008-05-22 22:33 . 2008-05-22 22:33 172 --ah----- C:\sqmnoopt19.sqm
2008-05-22 22:33 . 2008-05-22 22:33 172 --ah----- C:\sqmdata19.sqm
2008-05-22 20:16 . 2008-05-22 20:16 268 --ah----- C:\sqmdata18.sqm
2008-05-22 20:16 . 2008-05-22 20:16 244 --ah----- C:\sqmnoopt18.sqm
2008-05-21 15:53 . 2008-05-25 14:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-05-20 21:01 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2008-05-20 21:01 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2008-05-20 21:01 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2008-05-20 21:01 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2008-05-20 21:01 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2008-05-20 21:01 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2008-05-19 22:37 . 2008-05-19 22:37 268 --ah----- C:\sqmdata17.sqm
2008-05-19 22:37 . 2008-05-19 22:37 244 --ah----- C:\sqmnoopt17.sqm
2008-05-19 18:24 . 2008-05-19 18:24 <KANSIO> d-------- C:\Program Files\Guitar Pro 5
2008-05-19 16:32 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2008-05-19 16:32 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2008-05-19 16:32 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2008-05-19 16:04 . 2008-05-19 16:04 <KANSIO> d-------- C:\Program Files\uTorrent
2008-05-19 16:03 . 2008-05-26 21:17 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\uTorrent
2008-05-19 16:03 . 2008-05-19 16:03 267,568 --a------ C:\Program Files\utorrent-1.8.exe
2008-05-19 15:54 . 2008-05-19 15:55 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2008-05-19 15:50 . 2008-05-19 15:50 <KANSIO> d-------- C:\Program Files\Disc2Phone
2008-05-19 15:48 . 2008-05-19 15:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-19 15:48 . 2008-05-19 15:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-19 15:47 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-19 15:47 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-18 22:01 . 2008-05-18 22:01 268 --ah----- C:\sqmdata16.sqm
2008-05-18 22:01 . 2008-05-18 22:01 244 --ah----- C:\sqmnoopt16.sqm
2008-05-16 22:07 . 2008-05-16 22:07 268 --ah----- C:\sqmdata15.sqm
2008-05-16 22:07 . 2008-05-16 22:07 244 --ah----- C:\sqmnoopt15.sqm
2008-05-07 23:15 . 2008-05-07 23:15 268 --ah----- C:\sqmdata14.sqm
2008-05-07 23:15 . 2008-05-07 23:15 244 --ah----- C:\sqmnoopt14.sqm
2008-05-04 12:46 . 2008-05-04 12:46 268 --ah----- C:\sqmdata13.sqm
2008-05-04 12:46 . 2008-05-04 12:46 244 --ah----- C:\sqmnoopt13.sqm
2008-05-03 22:57 . 2008-05-03 22:57 268 --ah----- C:\sqmdata12.sqm
2008-05-03 22:57 . 2008-05-03 22:57 244 --ah----- C:\sqmnoopt12.sqm
2008-05-03 09:45 . 2008-05-03 09:45 268 --ah----- C:\sqmdata11.sqm
2008-05-03 09:45 . 2008-05-03 09:45 244 --ah----- C:\sqmnoopt11.sqm
2008-05-01 12:06 . 2008-05-03 13:22 <KANSIO> d-------- C:\Program Files\DC++
2008-05-01 12:06 . 2008-05-01 12:06 3,030,204 --a------ C:\Program Files\DCPlusPlus-0.705.exe
2008-04-28 21:51 . 2008-04-28 21:51 268 --ah----- C:\sqmdata10.sqm
2008-04-28 21:51 . 2008-04-28 21:51 244 --ah----- C:\sqmnoopt10.sqm
2008-04-28 21:14 . 2008-04-28 21:14 <KANSIO> d-------- C:\Documents and Settings\Inkku\Application Data\Symantec
2008-04-27 21:18 . 2008-04-27 21:18 268 --ah----- C:\sqmdata09.sqm
2008-04-27 21:18 . 2008-04-27 21:18 244 --ah----- C:\sqmnoopt09.sqm
2008-04-26 13:04 . 2008-04-26 13:04 268 --ah----- C:\sqmdata08.sqm
2008-04-26 13:04 . 2008-04-26 13:04 244 --ah----- C:\sqmnoopt08.sqm
2008-04-25 15:39 . 2008-04-25 15:39 <KANSIO> d-------- C:\HP LJ1320
2008-04-25 15:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-25 15:31 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-24 21:05 . 2008-04-24 21:05 268 --ah----- C:\sqmdata07.sqm
2008-04-24 21:05 . 2008-04-24 21:05 244 --ah----- C:\sqmnoopt07.sqm
2008-04-22 22:21 . 2008-04-22 22:21 268 --ah----- C:\sqmdata06.sqm
2008-04-22 22:21 . 2008-04-22 22:21 244 --ah----- C:\sqmnoopt06.sqm
2008-04-21 22:22 . 2008-04-21 22:22 268 --ah----- C:\sqmdata05.sqm
2008-04-21 22:22 . 2008-04-21 22:22 244 --ah----- C:\sqmnoopt05.sqm
2008-04-21 07:50 . 2008-04-21 07:50 268 --ah----- C:\sqmdata04.sqm
2008-04-21 07:50 . 2008-04-21 07:50 244 --ah----- C:\sqmnoopt04.sqm
2008-04-20 23:28 . 2008-04-20 23:28 268 --ah----- C:\sqmdata03.sqm
2008-04-20 23:28 . 2008-04-20 23:28 244 --ah----- C:\sqmnoopt03.sqm
2008-04-19 17:26 . 2008-05-27 21:11 268 --ah----- C:\sqmdata01.sqm
2008-04-19 17:26 . 2008-05-27 21:11 244 --ah----- C:\sqmnoopt01.sqm
2008-04-19 17:26 . 2008-05-27 22:21 172 --ah----- C:\sqmnoopt02.sqm
2008-04-19 17:26 . 2008-05-27 22:21 172 --ah----- C:\sqmdata02.sqm
2008-04-19 17:20 . 2008-05-26 23:03 268 --ah----- C:\sqmdata00.sqm
2008-04-19 17:20 . 2008-05-26 23:03 244 --ah----- C:\sqmnoopt00.sqm
2008-04-19 16:49 . 2008-04-19 16:50 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2008-04-19 16:49 . 2008-04-19 16:49 <KANSIO> d-------- C:\Documents and Settings\Late\Contacts
2008-04-17 20:19 . 2008-04-21 20:27 <KANSIO> d-------- C:\Documents and Settings\Late\e-Safekey
2008-04-15 20:24 . 2008-04-15 20:24 <KANSIO> d-------- C:\Program Files\Audacity
2008-04-15 20:23 . 2008-04-15 20:23 2,228,534 --a------ C:\Program Files\audacity-win-1.2.6.exe
2008-04-13 19:54 . 2008-04-13 19:54 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\Symantec
2008-04-12 10:16 . 2008-04-12 10:16 <KANSIO> d-------- C:\Documents and Settings\Ultimate Ride\Omat tiedostot
2008-04-12 10:16 . 2008-04-12 10:16 <KANSIO> d-------- C:\Documents and Settings\Ultimate Ride
2008-04-11 22:13 . 2008-03-21 12:54 2,000,324 --a------ C:\Program Files\CDex 1.51.exe
2008-04-11 20:46 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-11 20:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-11 20:46 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-11 20:46 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-11 10:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-11 10:36 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-11 10:36 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-10 16:07 . 2008-04-10 16:07 2,402,320 --a------ C:\Program Files\WLinstaller.exe
2008-04-10 16:02 . 2008-04-19 16:45 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-10 16:01 . 2008-04-19 16:46 <KANSIO> d-------- C:\Program Files\Windows Live
2008-04-10 16:01 . 2008-04-19 16:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 15:56 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-10 15:56 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-10 15:56 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-09 20:51 . 2008-04-09 20:51 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2008-04-09 20:51 . 2008-04-09 20:51 <KANSIO> d-------- C:\Program Files\Winamp Remote
2008-04-09 20:51 . 2008-04-09 20:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-04-09 20:51 . 2008-04-09 20:51 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-04-09 20:50 . 2008-04-09 20:53 <KANSIO> d-------- C:\Program Files\Winamp
2008-04-09 20:50 . 2008-04-19 15:29 <KANSIO> d-------- C:\Documents and Settings\Late\Application Data\Winamp
2008-04-09 20:45 . 2008-05-29 13:31 <KANSIO> d-------- C:\Program Files\Google
2008-04-09 20:06 . 2008-04-21 07:41 <KANSIO> d-------- C:\Documents and Settings\Inkku\e-Safekey
2008-04-09 20:05 . 2008-04-09 20:05 <KANSIO> d-------- C:\WINDOWS\Sun
2008-04-08 21:01 . 2008-04-08 21:01 <KANSIO> d-------- C:\Program Files\ANI
2008-04-08 19:03 . 2008-05-14 16:40 <KANSIO> d--h----- C:\Documents and Settings\Late\Verkkoympäristö
2008-04-08 19:03 . 2008-05-30 17:28 <KANSIO> d-------- C:\Documents and Settings\Late\Työpöytä
2008-04-08 19:03 . 2000-02-16 08:32 <KANSIO> d--h----- C:\Documents and Settings\Late\Tulostinympäristö
2008-04-08 19:03 . 2008-05-29 22:33 <KANSIO> dr------- C:\Documents and Settings\Late\Suosikit
2008-04-08 19:03 . 2008-05-29 13:30 <KANSIO> dr------- C:\Documents and Settings\Late\Omat tiedostot
2008-04-08 19:03 . 2000-02-16 06:41 <KANSIO> d--h----- C:\Documents and Settings\Late\Mallit
2008-04-08 19:03 . 2008-05-19 16:04 <KANSIO> dr------- C:\Documents and Settings\Late\Käynnistä-valikko
2008-04-08 19:03 . 2008-05-30 17:12 <KANSIO> d-------- C:\Documents and Settings\Late
2008-04-08 19:00 . 2008-04-15 21:53 <KANSIO> d--h----- C:\Documents and Settings\Inkku\Verkkoympäristö
2008-04-08 19:00 . 2008-05-24 10:24 <KANSIO> d-------- C:\Documents and Settings\Inkku\Työpöytä
2008-04-08 19:00 . 2000-02-16 08:32 <KANSIO> d--h----- C:\Documents and Settings\Inkku\Tulostinympäristö
2008-04-08 19:00 . 2008-05-18 21:22 <KANSIO> dr------- C:\Documents and Settings\Inkku\Suosikit
2008-04-08 19:00 . 2008-04-19 17:20 <KANSIO> dr------- C:\Documents and Settings\Inkku\Omat tiedostot
2008-04-08 19:00 . 2000-02-16 06:41 <KANSIO> d--h----- C:\Documents and Settings\Inkku\Mallit

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 14:10 --------- d-----w C:\Program Files\Java
2008-05-19 14:17 13,030 ----a-w C:\Program Files\Guitar_Pro_5.2 RSE.torrent
2008-05-19 13:42 34,077 ----a-w C:\Program Files\Guitar_Pro_5.2.torrent
2008-04-08 18:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 07:57 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 10:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 05:51 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2008-02-29 05:51 50,688 ----a-w C:\WINDOWS\system32\dmutil.dll
2008-02-29 05:51 48,128 ----a-w C:\WINDOWS\system32\cnbjmon.dll
2008-02-29 05:51 476,160 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2008-02-29 05:51 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2008-02-29 05:51 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2008-02-29 05:51 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-02-29 05:51 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2008-02-29 05:51 2,061,696 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-02-29 05:51 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
2008-02-29 05:51 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll
2008-02-29 05:51 1,548,288 ----a-w C:\WINDOWS\system32\sfcfiles.dll
2008-02-29 05:44 985,088 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-02-29 05:43 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2008-02-29 05:43 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2008-02-29 05:43 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2008-02-29 05:43 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2008-02-29 05:43 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2008-02-29 05:42 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
2008-02-29 05:42 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
2008-02-29 05:42 343,040 ----a-w C:\WINDOWS\system32\msvcrt.dll
2008-02-29 05:42 2,184,448 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-02-29 05:42 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2008-02-29 05:40 600,576 ----a-w C:\WINDOWS\system32\mstsc.exe
2008-02-29 05:40 36,352 ----a-w C:\WINDOWS\system32\tsgqec.dll
2008-02-29 05:40 288,768 ----a-w C:\WINDOWS\system32\rhttpaa.dll
2008-02-29 05:40 122,368 ----a-w C:\WINDOWS\system32\oledlg.dll
2008-02-29 05:40 116,736 ----a-w C:\WINDOWS\system32\aaclient.dll
2008-02-29 05:40 1,866,240 ----a-w C:\WINDOWS\system32\mstscax.dll
2008-02-29 05:38 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
2008-02-29 05:38 1,438,208 ----a-w C:\WINDOWS\system32\query.dll
2008-02-29 05:37 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
2008-02-29 05:37 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe
2008-02-29 05:36 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
2008-02-29 05:36 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
2008-02-29 05:36 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
2008-02-29 05:36 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
2008-02-29 05:36 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
2008-02-29 05:36 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
2008-02-29 05:36 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
2008-02-29 05:35 96,792 ----a-w C:\WINDOWS\system32\basecsp.dll
2008-02-29 05:35 84,992 ----a-w C:\WINDOWS\system32\pintool.exe
2008-02-29 05:35 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
2008-02-29 05:35 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
2008-02-29 05:35 26,112 ----a-w C:\WINDOWS\system32\bcsprsrc.dll
2008-02-29 05:35 151,552 ----a-w C:\WINDOWS\system32\ifxcardm.dll
2008-02-29 05:35 133,120 ----a-w C:\WINDOWS\system32\axaltocm.dll
2008-02-29 05:35 117,760 ----a-w C:\WINDOWS\system32\t2embed.dll
2008-02-29 05:35 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
2008-02-29 05:32 62,464 ----a-w C:\WINDOWS\system32\authz.dll
2008-02-29 05:31 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
2008-02-29 05:31 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-02-29 05:31 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-02-29 05:31 350,208 ----a-w C:\WINDOWS\system32\hypertrm.dll
2008-02-29 05:31 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
2008-02-29 05:31 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
2008-02-26 12:00 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-20 18:50 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-30_14.54.34.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 11:15:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-30 14:19:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-29 18:16:52 2,560 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-05-30 14:17:44 2,560 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-05-29 18:16:51 34,304 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-05-30 14:17:44 34,304 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-05-29 18:16:52 8,192 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-05-30 14:17:44 8,192 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-05-29 18:16:52 3,584 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-05-30 14:17:44 3,584 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-05-29 18:16:52 114,688 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-05-30 14:17:44 114,688 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-05-29 18:16:51 16,384 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-05-30 14:17:44 16,384 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-05-29 18:16:52 30,720 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-05-30 14:17:44 30,720 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-05-29 18:16:52 22,528 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-05-30 14:17:44 22,528 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-05-29 18:16:51 45,056 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-05-30 14:17:44 45,056 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-05-29 18:16:51 90,112 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-05-30 14:17:44 90,112 ----a-r C:\WINDOWS\Installer\{913D040B-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2001-01-22 01:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
+ 2004-01-29 04:08:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
- 2000-02-16 03:47:56 45,161 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 22:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2000-02-16 03:47:56 45,163 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 22:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 23:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 01:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 09:14 68856]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-03-25 05:59 507904]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"P17Helper"="P17.dll" [2006-03-17 17:11 81408 C:\WINDOWS\system32\P17.dll]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52675:UDP"= 52675:UDP:uTorrent

R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 19:34]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

*Newly Created Service* - COMHOST
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-30 14:17:07 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 17:31:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-30 17:38:32
ComboFix-quarantined-files.txt 2008-05-30 14:38:28
ComboFix2.txt 2008-05-30 11:54:54

Pre-Run: 46,158,315,520 tavua vapaana
Post-Run: 46,198,697,984 tavua vapaana

326 --- E O F --- 2008-05-30 14:17:46

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:49, on 30.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7808 bytes

 

Puhdasta on !!!
Hyvät kesät