TurvaPC ongelma + HJT logi

Elikkä koneelleni jotenkin tuppasi TurvaPC mainos, josta painoin peruuta, mutta se silti tunki koneelleni jotain virusta ja tämän seuraukseni netti toimii huonosti ja kone saattaa käynnistyä uudelleen itsekseen. Olen vetänyt joitakin skanneja läpi, mutta en ole varma onko ongelma poistunut, eli tässä vielä tää HJT logi.

Onko muuten normaalia, että prosesseissa svchost.exe on listalla 15 kertaa? Samoin Rundll32.exe oli tänään useampaan kertaan siellä.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:57, on 11.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=73&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9563 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

Skannauksen pystyin tekemään vaan vikasiedossa, koska normaali tilassa kone kaatui ja käynnistyi itsestään uudelleen kesken tarkistuksen. Mutta tässä tää loki.

Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 849

12:26:27 12.6.2008
mbam-log-6-12-2008 (12-26-27).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 200265
Kulunut aika: 35 minute(s), 35 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 4

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\Windows\System32\uRLFXpQG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\xxyayAPG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\yaywxULd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\msnwtibi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Tässä tämä compofix logi:

ComboFix 08-06-10.5 - Marjo 2008-06-12 20:00:07.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1337 [GMT 3:00]
Running from: C:\Users\Marjo\Desktop\ComboFix.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-12 to 2008-06-12 )))))))))))))))))
.

2008-06-12 19:59 . 2008-06-12 19:59 <KANSIO> d-------- C:\327882R2FWJFW
2008-06-12 13:41 . 2008-06-12 13:41 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-12 07:24 . 2008-06-12 07:25 358,221,856 --a------ C:\Windows\MEMORY.DMP
2008-06-11 23:19 . 2008-06-11 23:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-11 22:10 . 2008-06-11 22:10 <KANSIO> d-------- C:\Users\Marjo\AppData\Roaming\Malwarebytes
2008-06-11 22:10 . 2008-06-11 22:10 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-06-11 22:10 . 2008-06-11 22:10 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-06-11 22:10 . 2008-06-11 22:10 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 22:10 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-11 22:10 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-11 21:49 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 21:49 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 21:49 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 21:49 . 2008-04-29 04:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 21:49 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 21:49 . 2008-04-29 06:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 21:49 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 21:49 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 21:49 . 2008-04-29 04:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 21:48 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 21:48 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 21:37 . 2008-06-11 21:37 43 --a------ C:\Windows\System32\Writer.ini
2008-06-11 18:47 . 2008-06-11 19:11 211 --a------ C:\Windows\wininit.ini
2008-06-11 13:11 . 2008-06-11 13:11 157,184 --a------ C:\Windows\System32\brvxqwve.dll
2008-06-11 11:41 . 2008-06-11 11:41 157,184 --a------ C:\Windows\System32\xchcdoae.dll
2008-06-10 01:34 . 2008-06-10 01:34 23 --a------ C:\Windows\DownloadStudio.INI
2008-06-10 01:17 . 2008-06-10 01:17 <KANSIO> d-------- C:\Users\Marjo\AppData\Roaming\Conceiva
2008-06-10 01:17 . 2008-06-10 01:17 <KANSIO> d-------- C:\Users\All Users\Conceiva
2008-06-10 01:17 . 2008-06-10 01:17 <KANSIO> d-------- C:\ProgramData\Conceiva
2008-06-10 01:17 . 2008-06-10 01:17 <KANSIO> d-------- C:\Program Files\WinPcap
2008-06-10 01:15 . 2008-06-10 01:15 <KANSIO> d-------- C:\Users\Marjo\AppData\Roaming\InstallShield
2008-06-10 01:15 . 2008-06-10 01:15 <KANSIO> d-------- C:\Program Files\Conceiva
2008-06-09 23:17 . 2008-06-09 23:17 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-09 13:31 . 2008-06-09 13:32 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-06-09 13:31 . 2008-06-09 13:32 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-06-09 13:07 . 2008-06-09 13:28 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-09 13:07 . 2008-06-09 13:28 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-09 13:07 . 2008-06-09 13:07 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 11:32 . 2008-06-09 21:39 <KANSIO> d-------- C:\Program Files\Steam
2008-06-09 11:32 . 2008-06-09 11:32 <KANSIO> d-------- C:\Program Files\Common Files\Steam
2008-06-09 11:23 . 2008-06-09 22:12 <KANSIO> d-------- C:\Program Files\Vietcong
2008-06-09 01:07 . 2008-06-09 01:07 <KANSIO> d-------- C:\Program Files\Real
2008-06-09 01:07 . 2008-06-09 01:07 <KANSIO> d-------- C:\Program Files\Common Files\xing shared
2008-06-09 01:07 . 2008-06-09 01:07 <KANSIO> d-------- C:\Program Files\Common Files\Real
2008-06-08 17:01 . 2008-06-09 11:08 <KANSIO> d--h----- C:\Users\Marjo\Tzikizii
2008-06-05 11:54 . 2008-06-05 11:54 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-31 16:39 . 2008-05-31 16:40 <KANSIO> d-------- C:\Users\Marjo\Lost S04E13-14
2008-05-28 21:18 . 2008-03-08 05:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 21:18 . 2008-03-08 07:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 00:31 . 2008-06-10 19:38 <KANSIO> d-------- C:\Users\Marjo\Contacts
2008-05-25 12:21 . 2008-05-25 12:21 <KANSIO> dr------- C:\Users\Marjo\Music
2008-05-19 20:13 . 2008-05-19 20:13 <KANSIO> d-------- C:\Varmuuskopio sims
2008-05-17 12:17 . 2008-05-17 12:17 268 --ah----- C:\sqmdata00.sqm
2008-05-17 12:17 . 2008-05-17 12:17 244 --ah----- C:\sqmnoopt00.sqm
2008-05-15 10:28 . 2008-05-15 11:21 <KANSIO> d-------- C:\PerfLogs
2008-05-14 20:24 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-14 20:23 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-14 20:22 . 2008-01-19 10:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-14 20:22 . 2008-01-05 14:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-14 20:22 . 2008-01-05 14:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-05-14 20:22 . 2008-01-05 14:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-14 20:21 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-14 20:21 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-14 20:21 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-14 20:20 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-14 20:20 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-14 20:18 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-14 20:18 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-14 20:18 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-14 20:18 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 11:02 --------- d-----w C:\ProgramData\Symantec
2008-06-12 10:42 --------- d-----w C:\Program Files\Java
2008-06-11 18:52 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 08:49 107,015 ----a-w C:\Users\Marjo\AppData\Roaming\nvModes.dat
2008-06-10 16:54 --------- d-----w C:\Users\Marjo\AppData\Roaming\uTorrent
2008-06-10 16:51 --------- d-----w C:\Program Files\RevConnect
2008-06-10 08:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 08:12 --------- d-----w C:\Program Files\GetASFStream
2008-06-09 22:04 --------- d-----w C:\Program Files\Azureus
2008-05-31 12:04 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-31 12:04 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-31 12:04 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-31 12:04 --------- d-----w C:\Program Files\Symantec
2008-05-19 17:21 --------- d-----w C:\Program Files\EA GAMES
2008-05-15 07:45 --------- d-----w C:\ProgramData\NVIDIA
2008-05-15 07:43 174 --sha-w C:\Program Files\desktop.ini
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Journal
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Defender
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Calendar
2008-05-14 20:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-14 20:05 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-08 11:09 --------- d-----w C:\Program Files\SamsonSoft
2008-05-04 18:25 262,860 ----a-w C:\Windows\IPUI_DivXG400.exe
2008-04-25 19:56 --------- d-----w C:\Users\Marjo\AppData\Roaming\vlc
2008-04-25 19:51 --------- d-----w C:\Program Files\VideoLAN
2008-04-25 19:38 --------- d-----w C:\Program Files\ffvfw
2008-04-25 07:39 --------- d-----w C:\Program Files\CONEXANT
2008-04-24 17:23 --------- d-----w C:\ProgramData\MGS
2008-04-24 17:16 --------- d-----w C:\ProgramData\Microgaming
2008-04-24 08:12 --------- d-----w C:\Program Files\uTorrent
2008-04-20 20:13 --------- d-----w C:\Users\Marjo\AppData\Roaming\Azureus
2008-04-20 19:58 --------- d-----w C:\Users\Marjo\AppData\Roaming\Orbit
2008-04-15 08:30 --------- d-----w C:\Program Files\Maketorrent 2
2008-04-12 10:53 --------- d-----w C:\Users\Marjo\AppData\Roaming\Winamp
2008-03-15 15:10 668 ----a-w C:\Users\Marjo\AppData\Roaming\wklnhst.dat
2008-02-25 14:09 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2008-02-25 14:09 20 ---h--w C:\Users\All Users\PKP_DLds.DAT
2008-02-25 14:09 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2008-02-25 14:09 20 ---h--w C:\ProgramData\PKP_DLds.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-06-11_22.50.11.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 19:46:16 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-12 16:52:40 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-12 16:52:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-12 16:52:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-11 19:46:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-12 16:54:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-12 16:54:22 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-11 19:46:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-12 17:01:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-12 17:01:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-11 19:21:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-12 09:49:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-11 19:21:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-12 09:49:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-11 19:21:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-12 09:49:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-21 23:23:35 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-03-24 22:28:39 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-03-24 22:28:43 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-03-24 23:37:01 139,264 ----a-w C:\Windows\System32\javaws.exe
- 2008-06-11 19:38:16 11,496 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4110460851-3354653255-1867893512-1000_UserData.bin
+ 2008-06-12 16:54:40 11,758 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4110460851-3354653255-1867893512-1000_UserData.bin
- 2008-06-11 19:38:16 79,352 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-12 16:54:40 79,842 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-11 19:38:13 41,180 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-12 16:54:39 41,188 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 10:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 21:12 17920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 09:05 81920]

C:\Users\Marjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\Windows\pss\InterVideo WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\Windows\pss\NkbMonitor.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadStudio]
--a------ 2008-01-22 16:00 127640 C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 10:33 125952 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--------- 2007-04-23 19:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-06-09 12:43 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-09 01:07 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 10:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4110460851-3354653255-1867893512-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{97DB0EB6-73A8-4630-A672-AEA163C69265}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A382B3F6-0530-4923-80BA-AC42E9E8B7F4}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{14360940-F3BD-43FF-8D28-C1342A59BC31}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5FE76FDE-BDD0-4B15-BBA9-5DC5B817AAD7}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{AC705DB4-D72E-483B-A981-BC1FD03572F9}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{6EEE571E-3CB5-45AD-8D2B-4E6EFF0E623D}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{18966354-457B-4D72-8089-0F785D2494B3}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{CE9E10FB-CBF6-40C4-AB8A-DBEB392D2C7A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AD19652E-BCDD-40D1-93AC-9F3F76B88333}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B8D0CE4A-EE9C-4B30-8F80-7653073BE10C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080611.003\IDSvix86.sys [2008-02-13 19:18]
R1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 21:33]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 01:32]
S3 btwaudio;Bluetooth-äänilaite;C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 11:51]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 11:51]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 11:51]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 23:22]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-09-12 17:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{931c939e-c615-11dc-a8c7-001b24d3a6e1}]
\shell\AutoRun\command - G:\Autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 20:02:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-12 20:03:11
ComboFix-quarantined-files.txt 2008-06-12 17:03:06
ComboFix2.txt 2008-06-11 19:50:49

Pre-Run: 87,624,785,920 tavua vapaana
Post-Run: 87,594,270,720 tavua vapaana

279 --- E O F --- 2008-06-11 18:51:10

 

Lataa TÄSTÄ VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Fix Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

 

Vundofix ei löytänyt mitään koneeltani, eli vundo on kai poistunut?

Tässä vielä tämä HJT logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:49, on 13.6.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=73&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9457 bytes

 

KUnnossa

 

Hyvä hyvä, paljon kiitoksia!

 

Taas sama Vundo troijalainen kiusaa. Nortoni siitä ilmoittelee ja sanoo poistaneensa sen, siinä kuitenkaa onnistumatta. Vundofix ei nää koneellani mitään ongelmaa. Ja Malwarebytes kaatuu aina kesken skannauksen ja kone käynnistyy uudelleen. Menee hermo. Mitä voisin vielä kokeilla?

 

aja cambofix.exe viellä uudestaan ja malwarebytesin uudelleen asennus ja sen ajaminen vikasietotilassa.

 

Malwarebytes ei nyt sitten löytänyt mitään ja tässä compofixin logi. En sitte tiedä onko virus taas jotenki poistunu, mutta kun tuntuu, että se jotenki piiloutuu ja sitten taas näyttäytyy.


ComboFix 08-06-10.5 - Marjo 2008-06-16 20:11:52.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.981 [GMT 3:00]
Running from: C:\Users\Marjo\Desktop\ComboFix.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-16 to 2008-06-16 )))))))))))))))))
.

2008-06-16 11:24 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-06-16 11:24 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-06-16 11:24 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-06-16 11:03 . 2008-06-16 11:47 <KANSIO> d-------- C:\Program Files\Norton 360
2008-06-16 11:02 . 2008-06-16 11:15 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-06-16 11:00 . 2008-06-16 11:15 <KANSIO> d-------- C:\Program Files\Symantec
2008-06-13 10:59 . 2008-06-13 10:59 <KANSIO> d-------- C:\VundoFix Backups
2008-06-12 13:41 . 2008-06-12 13:41 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-12 07:24 . 2008-06-15 15:38 237,553,696 --a------ C:\Windows\MEMORY.DMP
2008-06-11 23:19 . 2008-06-11 23:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-11 22:10 . 2008-06-11 22:10 <KANSIO> d-------- C:\Users\Marjo\AppData\Roaming\Malwarebytes
2008-06-11 22:10 . 2008-06-11 22:10 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-06-11 22:10 . 2008-06-11 22:10 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-06-11 22:10 . 2008-06-11 22:10 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 22:10 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-11 22:10 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-11 21:49 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 21:49 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 21:49 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 21:49 . 2008-04-29 04:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 21:49 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 21:49 . 2008-04-29 06:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 21:49 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 21:49 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 21:49 . 2008-04-29 04:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 21:48 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 21:48 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 21:37 . 2008-06-11 21:37 43 --a------ C:\Windows\System32\Writer.ini
2008-06-11 18:47 . 2008-06-11 19:11 211 --a------ C:\Windows\wininit.ini
2008-06-10 01:34 . 2008-06-10 01:34 23 --a------ C:\Windows\DownloadStudio.INI
2008-06-10 01:17 . 2008-06-10 01:17 <KANSIO> d-------- C:\Users\Marjo\AppData\Roaming\Conceiva
2008-06-10 01:17 . 2008-06-10 01:17 <KANSIO> d-------- C:\Users\All Users\Conceiva
2008-06-10 01:17 . 2008-06-10 01:17 <KANSIO> d-------- C:\ProgramData\Conceiva
2008-06-10 01:17 . 2008-06-10 01:17 <KANSIO> d-------- C:\Program Files\WinPcap
2008-06-10 01:15 . 2008-06-10 01:15 <KANSIO> d-------- C:\Users\Marjo\AppData\Roaming\InstallShield
2008-06-10 01:15 . 2008-06-10 01:15 <KANSIO> d-------- C:\Program Files\Conceiva
2008-06-09 23:17 . 2008-06-09 23:17 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-09 13:31 . 2008-06-09 13:32 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-06-09 13:31 . 2008-06-09 13:32 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-06-09 13:07 . 2008-06-09 13:28 <KANSIO> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-09 13:07 . 2008-06-09 13:28 <KANSIO> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-09 13:07 . 2008-06-09 13:07 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 11:32 . 2008-06-09 21:39 <KANSIO> d-------- C:\Program Files\Steam
2008-06-09 11:32 . 2008-06-09 11:32 <KANSIO> d-------- C:\Program Files\Common Files\Steam
2008-06-09 11:23 . 2008-06-09 22:12 <KANSIO> d-------- C:\Program Files\Vietcong
2008-06-09 01:07 . 2008-06-09 01:07 <KANSIO> d-------- C:\Program Files\Real
2008-06-09 01:07 . 2008-06-09 01:07 <KANSIO> d-------- C:\Program Files\Common Files\xing shared
2008-06-09 01:07 . 2008-06-09 01:07 <KANSIO> d-------- C:\Program Files\Common Files\Real
2008-06-08 17:01 . 2008-06-09 11:08 <KANSIO> d--h----- C:\Users\Marjo\Tzikizii
2008-06-05 11:54 . 2008-06-05 11:54 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-31 16:39 . 2008-05-31 16:40 <KANSIO> d-------- C:\Users\Marjo\Lost S04E13-14
2008-05-28 21:18 . 2008-03-08 05:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 21:18 . 2008-03-08 07:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 00:31 . 2008-06-10 19:38 <KANSIO> d-------- C:\Users\Marjo\Contacts
2008-05-25 12:21 . 2008-05-25 12:21 <KANSIO> dr------- C:\Users\Marjo\Music
2008-05-19 20:13 . 2008-05-19 20:13 <KANSIO> d-------- C:\Varmuuskopio sims
2008-05-17 12:17 . 2008-05-17 12:17 268 --ah----- C:\sqmdata00.sqm
2008-05-17 12:17 . 2008-05-17 12:17 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 08:24 --------- d-----w C:\ProgramData\Symantec
2008-06-16 08:15 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-16 08:15 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-16 08:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-15 19:15 106,991 ----a-w C:\Users\Marjo\AppData\Roaming\nvModes.dat
2008-06-12 10:42 --------- d-----w C:\Program Files\Java
2008-06-11 18:52 --------- d-----w C:\Program Files\Windows Mail
2008-06-10 16:54 --------- d-----w C:\Users\Marjo\AppData\Roaming\uTorrent
2008-06-10 16:51 --------- d-----w C:\Program Files\RevConnect
2008-06-10 08:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 08:12 --------- d-----w C:\Program Files\GetASFStream
2008-06-09 22:04 --------- d-----w C:\Program Files\Azureus
2008-05-19 17:21 --------- d-----w C:\Program Files\EA GAMES
2008-05-15 07:45 --------- d-----w C:\ProgramData\NVIDIA
2008-05-15 07:43 174 --sha-w C:\Program Files\desktop.ini
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Journal
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Defender
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-15 07:32 --------- d-----w C:\Program Files\Windows Calendar
2008-05-14 20:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-14 20:05 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-08 11:09 --------- d-----w C:\Program Files\SamsonSoft
2008-05-04 18:25 262,860 ----a-w C:\Windows\IPUI_DivXG400.exe
2008-04-25 19:56 --------- d-----w C:\Users\Marjo\AppData\Roaming\vlc
2008-04-25 19:51 --------- d-----w C:\Program Files\VideoLAN
2008-04-25 19:38 --------- d-----w C:\Program Files\ffvfw
2008-04-25 07:39 --------- d-----w C:\Program Files\CONEXANT
2008-04-24 17:23 --------- d-----w C:\ProgramData\MGS
2008-04-24 17:16 --------- d-----w C:\ProgramData\Microgaming
2008-04-24 08:12 --------- d-----w C:\Program Files\uTorrent
2008-04-20 20:13 --------- d-----w C:\Users\Marjo\AppData\Roaming\Azureus
2008-04-20 19:58 --------- d-----w C:\Users\Marjo\AppData\Roaming\Orbit
2008-03-15 15:10 668 ----a-w C:\Users\Marjo\AppData\Roaming\wklnhst.dat
2008-02-25 14:09 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2008-02-25 14:09 20 ---h--w C:\Users\All Users\PKP_DLds.DAT
2008-02-25 14:09 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2008-02-25 14:09 20 ---h--w C:\ProgramData\PKP_DLds.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-06-11_22.50.11.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 19:46:16 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-16 17:10:34 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-11 19:46:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-16 17:12:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-16 17:12:29 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-11 19:46:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-16 17:16:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-16 17:16:03 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-11 19:21:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-16 08:55:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-11 19:21:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-16 08:55:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-11 19:21:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-16 08:55:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-09-19 10:44:04 15,664 ----a-w C:\Windows\System32\drivers\GEARAspiWDM.sys
+ 2006-09-19 09:44:04 15,664 ----a-w C:\Windows\System32\drivers\GEARAspiWDM.sys
- 2007-11-30 21:57:12 279,088 ----a-w C:\Windows\System32\drivers\srtsp.sys
+ 2007-11-30 20:57:12 279,088 ----a-w C:\Windows\System32\drivers\srtsp.sys
- 2007-11-30 21:57:12 317,616 ----a-w C:\Windows\System32\drivers\srtspl.sys
+ 2007-11-30 20:57:12 317,616 ----a-w C:\Windows\System32\drivers\srtspl.sys
- 2007-11-30 21:57:12 43,696 ----a-w C:\Windows\System32\drivers\srtspx.sys
+ 2007-11-30 20:57:12 43,696 ----a-w C:\Windows\System32\drivers\srtspx.sys
- 2006-10-03 15:47:52 109,360 ----a-w C:\Windows\System32\GEARAspi.dll
+ 2006-10-03 14:47:52 109,360 ----a-w C:\Windows\System32\GEARAspi.dll
- 2008-02-21 23:23:35 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-03-24 22:28:39 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-03-24 22:28:43 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-03-24 23:37:01 139,264 ----a-w C:\Windows\System32\javaws.exe
- 2007-07-12 00:49:26 186,256 ----a-w C:\Windows\System32\SymNPPWA.dll
+ 2007-07-11 23:49:26 186,256 ----a-w C:\Windows\System32\SymNPPWA.dll
- 2008-06-11 19:38:16 11,496 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4110460851-3354653255-1867893512-1000_UserData.bin
+ 2008-06-16 17:12:49 11,906 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4110460851-3354653255-1867893512-1000_UserData.bin
- 2008-06-11 19:38:16 79,352 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 17:12:48 81,296 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-11 19:28:44 3,294 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-06-15 19:20:34 3,294 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-06-11 19:38:13 41,180 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 17:12:40 41,564 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 10:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 21:12 17920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 09:05 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

C:\Users\Marjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\Windows\pss\InterVideo WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\Windows\pss\NkbMonitor.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadStudio]
--a------ 2008-01-22 16:00 127640 C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 10:33 125952 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--------- 2007-04-23 19:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-06-09 12:43 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-09 01:07 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 10:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4110460851-3354653255-1867893512-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{97DB0EB6-73A8-4630-A672-AEA163C69265}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A382B3F6-0530-4923-80BA-AC42E9E8B7F4}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{14360940-F3BD-43FF-8D28-C1342A59BC31}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5FE76FDE-BDD0-4B15-BBA9-5DC5B817AAD7}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{AC705DB4-D72E-483B-A981-BC1FD03572F9}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{6EEE571E-3CB5-45AD-8D2B-4E6EFF0E623D}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{18966354-457B-4D72-8089-0F785D2494B3}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{CE9E10FB-CBF6-40C4-AB8A-DBEB392D2C7A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AD19652E-BCDD-40D1-93AC-9F3F76B88333}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B8D0CE4A-EE9C-4B30-8F80-7653073BE10C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080613.001\IDSvix86.sys [2008-06-03 16:58]
R1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 21:33]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 01:32]
S3 btwaudio;Bluetooth-äänilaite;C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 11:51]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 11:51]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 11:51]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 23:22]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-09-12 17:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{931c939e-c615-11dc-a8c7-001b24d3a6e1}]
\shell\AutoRun\command - G:\Autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 20:16:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-16 20:17:17
ComboFix-quarantined-files.txt 2008-06-16 17:17:09
ComboFix2.txt 2008-06-13 08:24:12
ComboFix3.txt 2008-06-12 17:03:11
ComboFix4.txt 2008-06-11 19:50:49

Pre-Run: 87,784,157,184 tavua vapaana
Post-Run: 87,764,205,568 tavua vapaana

280 --- E O F --- 2008-06-11 18:51:10