kone boottaa itestään

eli otsikon mukanen ongelma, kävin jo tietoturva.net:ssä itkemässä tätä, sönkkäsin aikanai, latasin ties mitä ohjelmia ja olen ajanut reilun 10 eri scanneria eikä mitään löydy.

välillä heittää tälläisen error:n bootin jälkeen:

C:\DOCUME~1\Omistaja\LOCALS~1\Temp\WER2119.dir00\Mini081908-01.dmp
C:\DOCUME~1\Omistaja\LOCALS~1\Temp\WER2119.dir00\sysdata.xml

mutta tuosta ei saanut oikein mitään irti. välillä myös svchost.exe leikkii jotain kun vie 100% suorittimesta ja kaataa internet selaimen ( muut netti ohjlemat [kuten skype/msn] toimivat kyllä)

ongelman ei pitäisi myöskään olla fyysinen sillä en ole muuttanut kokoonpanoa viimeaikoina (mitä nyt koppaa modannut, muttä vaikutti vain positiivisesti lämpöihin) ja lämmöt ovat olleet ihan kohillaan ( heti kaatumisen jälkeen mitattuna kaikki lämmöt alle 50 astetta)

Logfile of HijackThis v1.99.1
Scan saved at 10:55:23 PM, on 08/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\Ohjelmat\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\jami\ohjelmat\Comodo\Firewall\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Ohjelmat\ATITool\ATITool.exe
H:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\jami\ohjelmat\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox 3.1\firefox.exe
H:\Ohjelmat\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\jami\ohjelmat\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = H:\Ohjelmat\ATITool\ATITool.exe
O4 - Startup: TransBar.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jeke.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160500148218
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - H:\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\jami\ohjelmat\Comodo\Firewall\cmdagent.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

Poista lisää poista sovelutuksesta

Ask Toolbar
AVG Anti-Spyware 7.5

Poista kansio vikasiedossa

C:\Program Files\AskSBar
H:\Ohjelmat\AVG Anti-Spyware 7.5

================

scannaaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

miksi tuo AVG anti-spyware pitäisi poistaa? eikös tuo juuri estä spywareja tulemastA 0.O niin ja miten pääsen vikasietotilaan =)

 

niin ja tuo malwaren scannaus ei oikein onnistu kun anakin kahdesti nyt kun koittanut niin ei ole ehtinyt scannata loppuun asti bootin takia.

Malware nyt scannannut 2h ja scannattuja tiedostoja 200 000, tiedostoja koneella on jotain yli miljoona....

Ja nyt tuli uusi oire, äänet hävisi, ohjauspaneelista ei näy että olisi äänikortti kytkettynä ( vaikka on intergtoitu äänikortti..)

 

no niin ei mennytkään kun kom,isen tuntia _pika_ scannauksesse...päivällä avast! ehti scannata reilu 800k tiedostoa eikä löytänyt mitään..

Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1071
Windows 5.1.2600 Service Pack 3

10:44:38 PM 08/21/2008
mbam-log-08-21-2008 (22-44-33).txt

Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 219395
Kulunut aika: 2 hour(s), 38 minute(s), 40 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\WINDOWS\system32\HOSTS (Trojan.Agent) -> No action taken.

 

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

antteksi vain tapahtuneesta rikkeestä, AD:ssä voisi olla delete nappula niin voisis poistaa turhat viestit painamasta moderaattorin mieltä....

mutta tässä tämä scannaus tulos, näkyhän sitä muutama troijalainen löytyneen ;E :


SDFix: Version 1.218
Run by Omistaja on 08/22/2008 at 02:36 PM

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Omistaja\Ty”p”yt„\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\SETUP_~1.EXE - Deleted
C:\WINDOWS\system32\2BD.tmp - Deleted
C:\WINDOWS\system32\setup_46263.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 15:06:00
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:cd8375ec
"s2"=dword:574f1e1b
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:18,3b,6f,2a,b7,78,b1,b0,9e,39,10,6b,ea,88,e8,f8,30,10,3a,e4,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:86,ad,ee,af,d2,4c,65,9a,c3,15,7c,6a,58,66,05,5b,9a,d7,25,ee,5c,..
"p0"="H:\Ohjelmat\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,76,1a,3e,f6,5b,08,89,a2,66,50,aa,fe,f6,c4,8b,f0,..
"khjeh"=hex:e4,48,e3,30,a4,d1,e7,a2,da,e2,f5,04,b2,7e,52,ef,6e,50,58,6e,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fd,30,97,98,db,47,7a,6f,6e,0c,17,29,0a,6b,5c,07,79,24,ff,3b,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:76,93,c1,55,d1,fb,5c,f8,67,0e,da,80,ec,d6,c3,fd,62,04,79,c4,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:0b,6f,6c,29,0a,1e,32,41,12,22,7d,0d,27,c5,39,ac,42,6d,7a,cb,da,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:bf,d4,31,30,b3,bd,36,63,8a,5f,72,11,02,62,19,6e,71,2c,e5,69,c5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:18,3b,6f,2a,b7,78,b1,b0,9e,39,10,6b,ea,88,e8,f8,30,10,3a,e4,40,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:86,ad,ee,af,d2,4c,65,9a,c3,15,7c,6a,58,66,05,5b,9a,d7,25,ee,5c,..
"p0"="H:\Ohjelmat\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,76,1a,3e,f6,5b,08,89,a2,66,50,aa,fe,f6,c4,8b,f0,..
"khjeh"=hex:e4,48,e3,30,a4,d1,e7,a2,da,e2,f5,04,b2,7e,52,ef,6e,50,58,6e,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fd,30,97,98,db,47,7a,6f,6e,0c,17,29,0a,6b,5c,07,79,24,ff,3b,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:76,93,c1,55,d1,fb,5c,f8,67,0e,da,80,ec,d6,c3,fd,62,04,79,c4,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:0b,6f,6c,29,0a,1e,32,41,12,22,7d,0d,27,c5,39,ac,42,6d,7a,cb,da,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:bf,d4,31,30,b3,bd,36,63,8a,5f,72,11,02,62,19,6e,71,2c,e5,69,c5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:86,ad,ee,af,d2,4c,65,9a,c3,15,7c,6a,58,66,05,5b,9a,d7,25,ee,5c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ea,e0,5a,69,e3,d8,9b,a0,2e,a7,98,68,1a,35,8b,e6,cc,..
"khjeh"=hex:b7,88,45,d9,bc,be,f4,e1,b8,17,71,41,36,33,a9,d8,0b,de,22,6b,4b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1f,4c,1e,f1,5e,47,7f,e6,5d,fa,97,3b,9b,90,6a,f1,92,b9,50,6e,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:43,c5,67,c9,ea,a5,96,da,0f,5c,07,03,37,c5,89,1f,89,6b,14,3f,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:18,3b,6f,2a,b7,78,b1,b0,9e,39,10,6b,ea,88,e8,f8,30,10,3a,e4,40,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:86,ad,ee,af,d2,4c,65,9a,c3,15,7c,6a,58,66,05,5b,9a,d7,25,ee,5c,..
"p0"="H:\Ohjelmat\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7e,76,1a,3e,f6,5b,08,89,a2,66,50,aa,fe,f6,c4,8b,f0,..
"khjeh"=hex:e4,48,e3,30,a4,d1,e7,a2,da,e2,f5,04,b2,7e,52,ef,6e,50,58,6e,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fd,30,97,98,db,47,7a,6f,6e,0c,17,29,0a,6b,5c,07,79,24,ff,3b,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:76,93,c1,55,d1,fb,5c,f8,67,0e,da,80,ec,d6,c3,fd,62,04,79,c4,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:0b,6f,6c,29,0a,1e,32,41,12,22,7d,0d,27,c5,39,ac,42,6d,7a,cb,da,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:bf,d4,31,30,b3,bd,36,63,8a,5f,72,11,02,62,19,6e,71,2c,e5,69,c5,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Documents and Settings\\Jenna.YOUR-Y0OT6PR2EG.001\\Omat tiedostot\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Jenna.YOUR-Y0OT6PR2EG.001\\Omat tiedostot\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\FinnishIRC XP\\FIRC.exe"="C:\\Program Files\\FinnishIRC XP\\FIRC.exe:*:Enabled:FIRC"
"C:\\pelit ja muut roskat\\Pelit\\wolfenstein\\et.exe"="C:\\pelit ja muut roskat\\Pelit\\wolfenstein\\et.exe:*:Enabled:et"
"C:\\pelit ja muut roskat\\Ohjelmat\\bitTorrent\\bittorrent.exe"="C:\\pelit ja muut roskat\\Ohjelmat\\bitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\pelit ja muut roskat\\Ohjelmat\\LimeWire\\LimeWire.exe"="C:\\pelit ja muut roskat\\Ohjelmat\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Omistaja\\Ty”p”yt„\\xchat\\xchat.exe"="C:\\Documents and Settings\\Omistaja\\Ty”p”yt„\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe"="C:\\Program Files\\Elisa\\Avustaja\\Elisa.exe:*:Enabled:Elisa Avustaja"
"C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\xchat\\xchat.exe"="C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"C:\\pelit ja muut roskat\\Ohjelmat\\AVG\\avginet.exe"="C:\\pelit ja muut roskat\\Ohjelmat\\AVG\\avginet.exe:*:Enabled:avginet.exe"
"C:\\pelit ja muut roskat\\Ohjelmat\\AVG\\avgamsvr.exe"="C:\\pelit ja muut roskat\\Ohjelmat\\AVG\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\pelit ja muut roskat\\Ohjelmat\\AVG\\avgcc.exe"="C:\\pelit ja muut roskat\\Ohjelmat\\AVG\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"H:\\Ohjelmat\\uTorrent\\uTorrent.exe"="H:\\Ohjelmat\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"H:\\Ohjelmat\\xchat\\xchat.exe"="H:\\Ohjelmat\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"H:\\Ohjelmat\\X-Chat 2\\xchat.exe"="H:\\Ohjelmat\\X-Chat 2\\xchat.exe:*:Enabled:X-Chat IRC Client"
"C:\\Documents and Settings\\Omistaja\\Ty”p”yt„\\paskaa\\hl.exe"="C:\\Documents and Settings\\Omistaja\\Ty”p”yt„\\paskaa\\hl.exe:*:Enabled:Half-Life Launcher"
"H:\\Pelit\\flatout\\flatout.exe"="H:\\Pelit\\flatout\\flatout.exe:*:Enabled:flatout"
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Omistaja\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 26 Jun 2006 196 A.SHR --- "C:\BOOT.BAK"
Wed 20 Aug 2003 0 A.SHR --- "C:\RECYCLER\S-1-5-21-2900239971-2007124482-3480839996-1009\Dc54.SYS"
Wed 20 Aug 2003 0 A.SHR --- "C:\RECYCLER\S-1-5-21-2900239971-2007124482-3480839996-1009\Dc55.SYS"
Thu 14 Oct 2004 47,564 A.SHR --- "C:\RECYCLER\S-1-5-21-2900239971-2007124482-3480839996-1009\Dc56.COM"
Thu 3 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 29 May 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"
Tue 15 Nov 2005 78,104 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Tue 15 Nov 2005 12,912 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sat 17 Apr 2004 901 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti20.tmp"
Mon 9 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 29 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 29 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Thu 29 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"
Mon 3 Dec 2007 280 A..H. --- "C:\Documents and Settings\Žitee.YOUR-Y0OT6PR2EG.000\Local Settings\Temp\Free Download Manager\tic7.tmp"
Sat 28 Oct 2006 444 ...HR --- "C:\Documents and Settings\Omistaja\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 3:52:02 PM, on 08/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\Ohjelmat\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\jami\ohjelmat\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\jami\ohjelmat\Comodo\Firewall\cfp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Ohjelmat\ATITool\ATITool.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox 3.1\firefox.exe
H:\Ohjelmat\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\jami\ohjelmat\Comodo\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = H:\Ohjelmat\ATITool\ATITool.exe
O4 - Startup: TransBar.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jeke.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160500148218
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - H:\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\jami\ohjelmat\Comodo\Firewall\cmdagent.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 08-08-21.02 - Omistaja 2008-08-22 16:15:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.312 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Omistaja\Application Data\inst.exe
C:\Documents and Settings\Vieras\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR


((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-07-22 to 2008-08-22 )))))))))))))))))
.

2008-08-22 14:33 . 2008-08-22 14:33 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-22 14:28 . 2008-08-22 14:28 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-08-18 07:39 . 2008-08-18 07:44 <KANSIO> d-------- C:\WINDOWS\BDOSCAN8
2008-08-18 07:29 . 2008-06-23 19:29 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-18 07:29 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-18 07:29 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-18 07:29 . 2008-06-23 19:29 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-18 07:29 . 2008-06-23 19:29 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-18 07:29 . 2008-06-23 19:29 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-18 07:29 . 2008-06-23 19:29 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-18 07:29 . 2008-06-23 19:29 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-18 07:29 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-17 23:03 . 2008-08-17 23:08 <KANSIO> d-------- C:\5d953037eabed8b31b207f74a5ec
2008-08-17 17:11 . 2008-08-17 17:11 <KANSIO> d-------- C:\pelit ja muut roskat
2008-08-17 13:06 . 2008-08-17 13:14 5,536 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-16 22:31 . 2008-08-16 22:31 <KANSIO> d-------- C:\Program Files\COMODO
2008-08-16 22:31 . 2008-08-16 22:31 <KANSIO> d-------- C:\Program Files\AskSBar
2008-08-16 22:31 . 2008-08-16 22:31 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-08-16 22:30 . 2008-08-16 22:30 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Comodo
2008-08-16 22:30 . 2008-08-16 22:44 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-16 22:30 . 2008-08-16 22:30 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-16 22:30 . 2008-08-16 22:30 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-16 22:30 . 2008-08-16 22:30 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-16 21:51 . 2008-08-16 21:56 <KANSIO> d-------- C:\jami
2008-08-16 17:43 . 2008-08-16 17:43 <KANSIO> d-------- C:\Program Files\HDDlife 3
2008-08-16 17:43 . 2008-08-16 17:43 <KANSIO> d-------- C:\Program Files\Common Files\BinarySense
2008-08-16 17:43 . 2008-08-16 17:43 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BinarySense
2008-08-16 17:42 . 2008-08-16 17:42 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-08-16 17:41 . 2008-08-16 17:41 <KANSIO> d-------- C:\Program Files\Seagate
2008-08-14 23:32 . 2008-08-14 23:32 <KANSIO> d-------- C:\Program Files\Panda Security
2008-08-14 03:25 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 03:25 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 18:06 . 2008-08-12 18:06 <KANSIO> d-------- C:\Deckard
2008-08-12 17:20 . 2006-05-16 01:15 29,926 --a------ C:\WINDOWS\system32\osdrive.ico
2008-08-12 17:18 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2008-08-11 15:05 . 2008-08-11 15:05 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-08-11 15:05 . 2008-08-11 15:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 15:05 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-11 15:05 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-09 00:16 . 2008-08-22 16:37 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-08 23:51 . 2008-08-08 23:51 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Jetico Personal Firewall
2008-08-08 12:51 . 2008-08-11 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Filseclab
2008-08-08 12:26 . 2008-08-22 15:24 <KANSIO> d-------- C:\Program Files\Mozilla Firefox 3.1
2008-08-05 00:23 . 2008-08-05 00:24 <KANSIO> d-------- C:\Program Files\PartyGaming
2008-08-04 12:58 . 2008-08-18 17:13 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-08-04 12:58 . 2008-08-04 12:58 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-08-04 12:58 . 2008-08-04 12:58 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-08-04 01:32 . 2008-04-14 19:11 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-04 01:31 . 2008-04-14 19:11 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-04 01:30 . 2008-04-14 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-03 00:36 . 2008-08-03 00:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-02 17:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-22 01:36 . 2008-07-22 01:36 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 13:43 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-08-22 13:04 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\skypePM
2008-08-19 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 04:18 --------- d-----w C:\Program Files\mozilla firefox 3
2008-08-17 10:14 63,945 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-16 19:04 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-16 14:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-14 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-12 19:30 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\uTorrent
2008-08-12 14:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 12:00 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-11 11:55 --------- d-----w C:\Program Files\Java
2008-08-11 10:57 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-11 10:57 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-10 20:28 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\X-Chat 2
2008-08-10 19:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-05 09:58 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-08-04 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-20 12:52 --------- d-----w C:\Program Files\Betsson
2008-07-19 17:24 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-16 23:11 --------- d-----w C:\Program Files\NOS
2008-07-16 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-16 23:07 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-16 23:07 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-16 23:07 --------- d-----w C:\Program Files\Real
2008-07-16 23:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3.1
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-27 20:03 --------- d-----w C:\Program Files\Uusi kansio
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 16:12 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\vlc
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 21:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-10 13:26 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-23 12:40 125,112 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2007-11-21 19:41 94,208 ----a-w C:\Documents and Settings\Omistaja\Application Data\ezplay.sys
2007-11-21 19:40 47,360 ----a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys
2007-10-27 09:39 236 ----a-w C:\Documents and Settings\Omistaja\saversettings.dat
2007-09-07 21:01 22,328 ----a-w C:\Documents and Settings\Omistaja\Application Data\PnkBstrK.sys
2006-05-19 16:44 67,328 ----a-w C:\Documents and Settings\Anni.YOUR-Y0OT6PR2EG.000\Application Data\GDIPFONTCACHEV1.DAT
2004-05-20 10:55 33,584 -c--a-w C:\Documents and Settings\jenna\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2008-04-14 19:12 976384 14fbfcbe5235e0611f93841a56234fdd C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-09-15 02:12 3194880 fb928b17719c0700f60900051b7b9116 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 19:12 976384 14fbfcbe5235e0611f93841a56234fdd C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-09-06 12:52 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-08-16 22:31 278264]
"COMODO Firewall Pro"="C:\jami\ohjelmat\Comodo\Firewall\cfp.exe" [2008-08-16 22:30 1655552]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\xchat\\xchat.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"H:\\Ohjelmat\\uTorrent\\uTorrent.exe"=
"H:\\Ohjelmat\\X-Chat 2\\xchat.exe"=
"H:\\Pelit\\flatout\\flatout.exe"=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23568:TCP"= 23568:TCP:BitComet 23568 TCP
"23568:UDP"= 23568:UDP:BitComet 23568 UDP

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-16 22:30]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-16 22:30]
R1 ntiowp;ntiowp;C:\WINDOWS\system32\drivers\ntiowp.sys [2006-10-20 13:57]
R1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 16:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R2 HDDlife HDD Access service;HDDlife HDD Access service;C:\Program Files\Common Files\BinarySense\hldasvc.exe [2008-02-15 14:17]
R3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 11:11]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;H:\Ohjelmat\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 01:00]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:25]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2001-01-04 11:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1148e7ea-3b8f-11dc-8a75-000c764445a0}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
'Ajoitetut teht„v„t'-kansion sis„lt”
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\bb8mqsfn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - tribalwars.net
FF -: plugin - C:\Documents and Settings\Anni.YOUR-Y0OT6PR2EG.000\Omat tiedostot\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3.1\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3.1\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3.1\plugins\nppdf32.dll
FF -: plugin - H:\Ohjelmat\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 16:38:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\H:\Ohjelmat\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
H:\Ohjelmat\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\jami\ohjelmat\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Ohjelmat\ATITool\ATITool.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2008-08-22 16:51:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-22 13:51:18

Pre-Run: 14,496,313,344 tavua vapaana
Post-Run: 15,936,606,208 tavua vapaana

238 --- E O F --- 2008-08-18 14:13:36

Logfile of HijackThis v1.99.1
Scan saved at 5:01:40 PM, on 08/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\Ohjelmat\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\jami\ohjelmat\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\jami\ohjelmat\Comodo\Firewall\cfp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Ohjelmat\ATITool\ATITool.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox 3.1\firefox.exe
H:\Ohjelmat\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\jami\ohjelmat\Comodo\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = H:\Ohjelmat\ATITool\ATITool.exe
O4 - Startup: TransBar.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jeke.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160500148218
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - H:\Ohjelmat\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\jami\ohjelmat\Comodo\Firewall\cmdagent.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

muutoksia ei ole tapahtunut, kone edelleen boottaa itsestään sekä välillä svchosti pomppaa esiin.

jaahas ja nyt ei sitten enää toimi AVAST!:n....


vaihdoin virustorjunna bitdefenderiin löysi tämmöisen kasan viruksia

C:\Documents and Settings\All Users\Tiedostot\Omat musiikkitiedostot\Musiikkinäytteet\klite.zip=>klitekpp210e.exe=>(Instyler o)=>(Instyler Module 8) Infected: DeepScan:Generic.Malware.SFN!.8E6A178B
C:\Documents and Settings\All Users\Tiedostot\Omat musiikkitiedostot\Musiikkinäytteet\klite.zip=>klitekpp210e.exe=>(Instyler o)=>(Instyler Module 8) Disinfection failed
C:\Documents and Settings\All Users\Tiedostot\Omat musiikkitiedostot\Musiikkinäytteet\klite.zip=>klitekpp210e.exe=>(Instyler o)=>(Instyler Module 8) Move failed


ei voi poistaa noita enkä itse löydä tuollaista kansiota...




ComboFix 08-08-21.02 - Omistaja 2008-08-22 17:53:15.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.407 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\CFScript.txt
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\0089B0D7
C:\Program Files\AskSBar\bar\Cache\0089C837.bin
C:\Program Files\AskSBar\bar\Cache\0089D334.bin
C:\Program Files\AskSBar\bar\Cache\0089DB13.bin
C:\Program Files\AskSBar\bar\Cache\0089E535.bin
C:\Program Files\AskSBar\bar\Cache\0089F3AC.bin
C:\Program Files\AskSBar\bar\Cache\0089FEE7.bin
C:\Program Files\AskSBar\bar\Cache\008A05BD.bin
C:\Program Files\AskSBar\bar\Cache\008A0D3F.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-07-22 to 2008-08-22 )))))))))))))))))
.

2008-08-22 16:51 . 2008-08-22 16:51 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja.YOUR-Y0OT6PR2EG
2008-08-22 16:51 . 2008-08-22 16:51 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-08-22 16:51 . 2008-08-22 16:51 <KANSIO> d-------- C:\Documents and Settings\õitee.YOUR-Y0OT6PR2EG
2008-08-22 16:51 . <KANSIO> C:\Documents and Settings\-itee.YOUR-Y0OT6PR2EG.000
2008-08-22 16:51 . <KANSIO> C:\Documents and Settings\-itee
2008-08-22 14:33 . 2008-08-22 14:33 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-22 14:28 . 2008-08-22 14:28 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-08-18 07:39 . 2008-08-18 07:44 <KANSIO> d-------- C:\WINDOWS\BDOSCAN8
2008-08-18 07:29 . 2008-06-23 19:29 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-18 07:29 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-18 07:29 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-18 07:29 . 2008-06-23 19:29 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-18 07:29 . 2008-06-23 19:29 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-18 07:29 . 2008-06-23 19:29 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-18 07:29 . 2008-06-23 19:29 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-18 07:29 . 2008-06-23 19:29 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-18 07:29 . 2008-06-23 12:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-17 23:03 . 2008-08-17 23:08 <KANSIO> d-------- C:\5d953037eabed8b31b207f74a5ec
2008-08-17 17:11 . 2008-08-17 17:11 <KANSIO> d-------- C:\pelit ja muut roskat
2008-08-17 14:06 . 2008-08-17 14:06 <KANSIO> d-------- C:\Documents and Settings\Äitee.YOUR-Y0OT6PR2EG.000\Application Data\Comodo
2008-08-17 13:06 . 2008-08-17 13:14 5,536 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-16 22:31 . 2008-08-16 22:31 <KANSIO> d-------- C:\Program Files\COMODO
2008-08-16 22:31 . 2008-08-16 22:31 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-08-16 22:30 . 2008-08-16 22:30 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Comodo
2008-08-16 22:30 . 2008-08-16 22:44 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-16 22:30 . 2008-08-16 22:30 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-16 22:30 . 2008-08-16 22:30 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-16 22:30 . 2008-08-16 22:30 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-16 21:51 . 2008-08-16 21:56 <KANSIO> d-------- C:\jami
2008-08-16 17:43 . 2008-08-16 17:43 <KANSIO> d-------- C:\Program Files\HDDlife 3
2008-08-16 17:43 . 2008-08-16 17:43 <KANSIO> d-------- C:\Program Files\Common Files\BinarySense
2008-08-16 17:43 . 2008-08-16 17:43 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\BinarySense
2008-08-16 17:42 . 2008-08-16 17:42 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-08-16 17:41 . 2008-08-16 17:41 <KANSIO> d-------- C:\Program Files\Seagate
2008-08-14 23:32 . 2008-08-14 23:32 <KANSIO> d-------- C:\Program Files\Panda Security
2008-08-14 03:25 . 2008-04-11 22:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 03:25 . 2008-05-01 17:35 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 18:06 . 2008-08-12 18:06 <KANSIO> d-------- C:\Deckard
2008-08-12 17:20 . 2006-05-16 01:15 29,926 --a------ C:\WINDOWS\system32\osdrive.ico
2008-08-12 17:18 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2008-08-11 15:05 . 2008-08-11 15:05 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-08-11 15:05 . 2008-08-11 15:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 15:05 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-11 15:05 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-09 12:30 . 2008-08-09 12:30 <KANSIO> d-------- C:\Documents and Settings\Äitee.YOUR-Y0OT6PR2EG.000\Application Data\Jetico Personal Firewall
2008-08-09 12:30 . 2008-08-09 12:30 <KANSIO> d-------- C:\Documents and Settings\Äitee.YOUR-Y0OT6PR2EG.000\Application Data\Grisoft
2008-08-09 00:16 . 2008-08-22 16:37 <KANSIO> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-08 23:51 . 2008-08-08 23:51 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Jetico Personal Firewall
2008-08-08 12:51 . 2008-08-11 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Filseclab
2008-08-08 12:26 . 2008-08-22 17:48 <KANSIO> d-------- C:\Program Files\Mozilla Firefox 3.1
2008-08-05 00:23 . 2008-08-05 00:24 <KANSIO> d-------- C:\Program Files\PartyGaming
2008-08-04 12:58 . 2008-08-18 17:13 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-08-04 12:58 . 2008-08-04 12:58 <KANSIO> d-------- C:\WINDOWS\system32\fi
2008-08-04 12:58 . 2008-08-04 12:58 <KANSIO> d-------- C:\WINDOWS\l2schemas
2008-08-04 01:32 . 2008-04-14 19:11 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-04 01:31 . 2008-04-14 19:11 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-04 01:30 . 2008-04-14 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-03 00:36 . 2008-08-03 00:36 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-02 17:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-22 01:36 . 2008-07-22 01:36 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 14:51 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-08-22 13:04 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\skypePM
2008-08-19 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 04:18 --------- d-----w C:\Program Files\mozilla firefox 3
2008-08-17 10:14 63,945 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-16 19:04 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-16 14:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-14 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-12 19:30 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\uTorrent
2008-08-12 14:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 12:00 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-11 11:55 --------- d-----w C:\Program Files\Java
2008-08-11 10:57 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-11 10:57 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-10 20:28 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\X-Chat 2
2008-08-10 19:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-05 09:58 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-08-04 13:05 --------- d-----w C:\Documents and Settings\äitee.YOUR-Y0OT6PR2EG\Application Data\16 bore aim
2008-08-04 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-20 12:52 --------- d-----w C:\Program Files\Betsson
2008-07-19 17:24 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\dvdcss
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-16 23:11 --------- d-----w C:\Program Files\NOS
2008-07-16 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-16 23:07 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-16 23:07 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-16 23:07 --------- d-----w C:\Program Files\Real
2008-07-16 23:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3.1
2008-07-10 13:09 --------- d-----w C:\Documents and Settings\äitee.YOUR-Y0OT6PR2EG\Application Data\draw chic
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-27 20:03 --------- d-----w C:\Program Files\Uusi kansio
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 16:12 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\vlc
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 21:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-10 13:26 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-23 12:40 125,112 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2007-11-21 19:41 94,208 ----a-w C:\Documents and Settings\Omistaja\Application Data\ezplay.sys
2007-11-21 19:40 47,360 ----a-w C:\Documents and Settings\Omistaja\Application Data\pcouffin.sys
2007-10-27 09:39 236 ----a-w C:\Documents and Settings\Omistaja\saversettings.dat
2007-09-07 21:01 22,328 ----a-w C:\Documents and Settings\Omistaja\Application Data\PnkBstrK.sys
2006-05-19 16:44 67,328 ----a-w C:\Documents and Settings\Anni.YOUR-Y0OT6PR2EG.000\Application Data\GDIPFONTCACHEV1.DAT
2004-05-20 10:55 33,584 -c--a-w C:\Documents and Settings\jenna\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2008-04-14 19:12 976384 14fbfcbe5235e0611f93841a56234fdd C:\WINDOWS\explorer.exe
2007-06-13 16:10 1033728 fb53c3b1e17f62e8fcb07caaf4c4272e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 16:22 1033728 0f88a5b1ca666754c4c62ad3db4730ef C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-09-15 02:12 3194880 fb928b17719c0700f60900051b7b9116 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 19:12 976384 14fbfcbe5235e0611f93841a56234fdd C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-09-06 12:52 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-08-16 22:31 278264]
"COMODO Firewall Pro"="C:\jami\ohjelmat\Comodo\Firewall\cfp.exe" [2008-08-16 22:30 1655552]

C:\Documents and Settings\Jenna.YOUR-Y0OT6PR2EG.001\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-03-23 11:13:49 155648]

C:\Documents and Settings\J„rjestelm„nvalvoja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\J„rjestelm„nvalvoja.YOUR-Y0OT6PR2EG\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ATITool.lnk - H:\Ohjelmat\ATITool\ATITool.exe [2006-08-18 13:44:52 2713088]
TransBar.lnk - C:\jami\teems„„d”t\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 22:41:18 65536]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
ATITool.lnk - H:\Ohjelmat\ATITool\ATITool.exe [2006-08-18 13:44:52 2713088]
TransBar.lnk - C:\jami\teems„„d”t\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 22:41:18 65536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\xchat\\xchat.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"H:\\Ohjelmat\\uTorrent\\uTorrent.exe"=
"H:\\Ohjelmat\\X-Chat 2\\xchat.exe"=
"H:\\Pelit\\flatout\\flatout.exe"=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23568:TCP"= 23568:TCP:BitComet 23568 TCP
"23568:UDP"= 23568:UDP:BitComet 23568 UDP

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 17:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-16 22:30]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-16 22:30]
R1 ntiowp;ntiowp;C:\WINDOWS\system32\drivers\ntiowp.sys [2006-10-20 13:57]
R1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 16:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 17:37]
R2 HDDlife HDD Access service;HDDlife HDD Access service;C:\Program Files\Common Files\BinarySense\hldasvc.exe [2008-02-15 14:17]
R3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 11:11]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;H:\Ohjelmat\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 01:00]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:25]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2001-01-04 11:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1148e7ea-3b8f-11dc-8a75-000c764445a0}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
'Ajoitetut tehtävät'-kansion sisältö
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 18:01:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\H:\Ohjelmat\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2008-08-22 18:06:59
ComboFix-quarantined-files.txt 2008-08-22 15:06:08
ComboFix2.txt 2008-08-22 13:51:40

Pre-Run: 20,728,451,072 tavua vapaana
Post-Run: 21,817,257,984 tavua vapaana

236 --- E O F --- 2008-08-18 14:13:36