Virus, troijalainen APUA!!!??

Koneessani on mitä ilmeisemmin troijalainen, jota f-secure/adaware ei huomaa. Alapalkkiin tulee hälytyksiä viruksesta ja kehoitetaan lataamaan siihen sopivia viruksenpoisto ohjelmia/windows vistan päivityksiä. Lisäksi työpöydälle ilmestyy pikakuvakkeita. En ole ladannut päivityksiä, koska pelkään, että niistä saan vain lisää viruksia.
Mitä voisin tehdä ongelmien poistamiseksi??

 

Moi


Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

 

Sevä tarkoitatko uudella hjt-loki:lla sitä, että ajan läpi uuden tarkastuksen sen jälkeen kun olen kopioinut edellisen?

 

Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1241
Windows 6.0.6000

8.10.2008 15:25:48
mbam-log-2008-10-08 (15-25-48).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 179571
Kulunut aika: 1 hour(s), 30 minute(s), 43 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 4
Saastuneita rekisteriarvoja: 15
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 3
Saastuneita tiedostoja: 21

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9182.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur93b4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9836.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9e1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur381d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9182.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur93b4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9836.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9e1f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur381d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur66ae.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur61ce.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8297.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd27a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Users\Boogie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LUOLH5WJ\install_4683_MHwyOHwwfHx8fHx8fHw_[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\eldo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\7.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Windows\System32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Boogie\AppData\Roaming\Adobe\Player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Boogie\AppData\Local\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Boogie\AppData\Local\Temp\sft_ver1.1454.63.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

ja tässä tämä toinen...

Malwarebytes' Anti-Malware 1.28
Tietokantaversio: 1241
Windows 6.0.6000

8.10.2008 17:04:04
mbam-log-2008-10-08 (17-04-04).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 179787
Kulunut aika: 1 hour(s), 31 minute(s), 11 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

Kone taitaakin olla nyt kunnossaToimii nopeasti ja ainakin kaikenlaiset vilkkuvat varoitukset on hävinnyt!!!

 

Moi lisää ohjeita

Lataa CCleaner tästä

- Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
- Asennuksen jälkeen aukaise CCleaner.
- Valitse vasemmalta pystyrivistä Options.
- Valitse viereisestä pystyrivistä Settings.
- Language kohtaan valitse Suomi.

- Käynnistä CCleaner.
- Valitse Valinnat.
- Paina Lisäasetukset.
- Ota ruksi pois kohdasta "Poista vain yli 48 tuntia vanhat tiedostot Windowsin tilapäiskansioista".

Puhdistaja

- Valitse vasemmalta pystyrivistä Puhdistaja.
- Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
- Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus

- Valitse vasemmalta pystyrivistä Rekisteri.
- Paina alhaalta Etsi rekisterin virheitä.
- Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
- Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
- Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
- Saat vielä varmistus kysymyksen, paina Ok.
- Kun virheet on korjattu, paina Sulje.

Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

Tämän jälkeen lataa ja asenna Java Runtime Environment (JRE) 6 Update 7.

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

http://www.download.fi/tyopoytaohjelmat/haittaohjelmien_poisto/hijackthis.cfm

tuota ohjelmaa tarkoitin hjt:llä

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 8, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 08, 2008 16:01:37
Records in database: 1299961
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 142567
Threat name: 5
Infected objects: 18
Suspicious objects: 0
Duration of the scan: 02:33:56


File name / Threat name / Threats count
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\js 16.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\lights go wild js 16.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\lights go wild.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\pjanoo erick prydz.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\thriller richard grey.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\toca s miracle 2008 fragma.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\Boogie\Desktop\SmitfraudFix_v2.356.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Users\Boogie\Documents\LimeWire\Saved\Danny Tenaglia feat Liz Torres - Turn Me On (John Digweed & Nick Muir's Bedrock Mix).mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\Boogie\Documents\LimeWire\Saved\John Digweed - Live At Transitions.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Users\Boogie\Documents\LimeWire\Saved\John Digweed.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Users\Boogie\Documents\LimeWire\Saved\kaisa meni discoon.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\Boogie\Documents\LimeWire\Saved\taas nuori oon.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Windows\System32\YUR9182.0xe Infected: Backdoor.Win32.Frauder.kx 1
C:\Windows\System32\YUR93B4.0xe Infected: Backdoor.Win32.Frauder.kx 1
C:\x.0 Infected: Backdoor.Win32.Frauder.kx 1
D:\Music\Musiikki\01 Track 1 (dance).wma Infected: Trojan-Downloader.WMA.Wimad.l 1
D:\Music\Musiikki\06 Track 6 (dance).wma Infected: Trojan-Downloader.WMA.Wimad.l 1
D:\Music\Musiikki\07 Track 7 (dance).wma Infected: Trojan-Downloader.WMA.Wimad.l 1

The selected area was scanned.

 

Onhan tuolla kaikkea kuraa vielä:S

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:49, on 8.10.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Users\Boogie\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wuauclt.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919279
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {A953FEDA-6628-407D-8C24-8615076A9B56} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12511 bytes

 

Jooh näyttäis vähän olevan eli otetaan järeempi työkalu käyttöön.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

ComboFix 08-10-08.02 - Boogie 2008-10-09 15:58:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1012 [GMT 3:00]
Sijainti: C:\Users\Boogie\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Boogie\AppData\Roaming\Adobe\crc.dat

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-09 to 2008-10-09 )))))))))))))))))
.

2008-10-08 19:10 . 2008-10-08 19:10 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-10-08 18:27 . 2008-10-08 18:28 <KANSIO> d-------- C:\Program Files\CCleaner
2008-10-08 13:24 . 2008-10-08 13:24 <KANSIO> d-------- C:\Users\Boogie\AppData\Roaming\Malwarebytes
2008-10-08 13:24 . 2008-10-08 13:24 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-10-08 13:24 . 2008-10-08 13:24 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-10-08 13:24 . 2008-10-08 13:26 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 13:24 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-08 13:24 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-07 23:54 . 2008-10-07 23:56 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-10-07 23:54 . 2008-10-07 23:56 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-10-07 23:42 . 2008-10-07 08:14 25,088 --------- C:\Windows\System32\YUR93B4.0xe
2008-10-07 23:42 . 2008-10-07 08:14 25,088 --------- C:\Windows\System32\YUR9182.0xe
2008-10-07 23:42 . 2008-10-07 08:14 24,064 --a------ C:\x.0
2008-10-07 23:41 . 2008-10-07 23:45 <KANSIO> d-------- C:\Extracted
2008-09-29 19:49 . 2008-09-29 19:49 <KANSIO> d-------- C:\Program Files\Mv2Player
2008-09-29 19:25 . 2008-09-29 19:28 <KANSIO> d-------- C:\Program Files\Screamer Radio
2008-09-29 00:29 . 2008-10-06 17:01 2,828 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-09-29 00:29 . 2008-09-29 00:29 88 -r-hs---- C:\Windows\System32\B26C589BCB.sys
2008-09-29 00:28 . 2008-09-29 00:29 <KANSIO> d-------- C:\Users\Boogie\AppData\Roaming\Corel
2008-09-29 00:27 . 2008-09-29 00:27 <KANSIO> d-------- C:\Users\All Users\Corel
2008-09-29 00:27 . 2008-09-29 00:27 <KANSIO> d-------- C:\ProgramData\Corel
2008-09-29 00:23 . 2008-09-29 00:23 <KANSIO> d-------- C:\Program Files\Corel
2008-09-29 00:23 . 2008-09-29 00:25 <KANSIO> d-------- C:\Program Files\Common Files\Corel
2008-09-17 19:09 . 2008-09-17 19:25 <KANSIO> d-------- C:\Program Files\SopCast
2008-09-12 01:03 . 2008-09-12 01:03 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-09-12 00:16 . 2008-07-31 06:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-12 00:16 . 2008-07-31 06:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-12 00:15 . 2008-07-31 02:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-12 00:15 . 2008-06-26 06:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 09:20 --------- d-----w C:\Users\Boogie\AppData\Roaming\Skype
2008-10-09 07:50 --------- d-----w C:\Users\Boogie\AppData\Roaming\skypePM
2008-10-08 16:02 --------- d-----w C:\Program Files\Java
2008-10-08 14:59 --------- d-----w C:\Users\Boogie\AppData\Roaming\LimeWire
2008-10-08 14:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 20:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-07 16:37 --------- d-----w C:\Program Files\B2BPOKER
2008-09-21 22:40 --------- d-----w C:\Program Files\PAFPoker
2008-09-16 10:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-13 01:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 22:04 --------- d-----w C:\Program Files\DAP
2008-09-11 21:13 --------- d-----w C:\ProgramData\SpeedBit
2008-09-11 21:12 --------- d---a-w C:\ProgramData\TEMP
2008-09-06 05:59 --------- d-----w C:\Users\Boogie\AppData\Roaming\Jasc
2008-09-02 16:40 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-08-15 14:33 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 16:52 174 --sha-w C:\Program Files\desktop.ini
2008-01-14 15:37 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-14 15:37 32 ----a-w C:\ProgramData\ezsid.dat
2006-10-21 11:29 314,177,167 ----a-w C:\Users\Boogie\Counter Strike 1.6 (LAN version).exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-12-18 471040]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-13 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2007-08-27 182952]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 895600]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-18 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-04 C:\Windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 535336]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-01-10 864256]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{265273E2-EC71-45F7-A1BB-964F5C39FAD4}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8E66EED3-EAC6-44CE-8D4B-2B3B93A998E8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6FE87BD1-D19B-48FE-AEE0-AC39E0D25415}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3C40956E-D762-4EDB-BF0E-A34C54790997}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{BE81EFE9-C94A-4A6A-9AAE-B253E854E7A7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{39237EA3-6092-4E6B-8A14-F2A35A38827A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{56472A0E-F1E5-44CC-9262-BDD60FEBB048}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{EBAD0E66-1730-4185-848E-A43C521B2D6D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{78E1A611-DFBB-4F5D-8F0D-C315639FF681}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{A1720EB0-615F-4D4E-83A9-2C35CECF37D7}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{51ECAEE9-4196-47F4-B387-816C845D370F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B1E71442-6A1A-438D-91B2-E212A342159D}"= UDP:9420:Red Swoosh
"{77F8701A-C12A-4976-BF6C-5DD8A3C03D9D}"= TCP:5000:Red Swoosh

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 35712]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 70768]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 69136]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 12912]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]
R2 BcmSqlStartupSvc;Business Contact Managerin SQL Server -käynnistyspalvelu;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 ctad;Cisco Trust Agent;C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe [2004-10-22 553035]
R2 ctalogd;Cisco Trust Agent Event Logging Service;C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe [2004-10-22 90112]
R2 GtDetectSc;GtDetectSc;C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 2930176]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 62064]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 240128]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 39792]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 25200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ca252f-c135-11dc-98be-000000000000}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43ae4888-4d0a-11dd-b558-000000000000}]
\shell\AutoRun\command - G:\setup.exe AUTORUN=1

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - POISTETUT JÄMÄRIVIT - - - -

Toolbar-{A953FEDA-6628-407D-8C24-8615076A9B56} - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Täydentävä tarkistus -------
.
FireFox -: Profile - C:\Users\Boogie\AppData\Roaming\Mozilla\Firefox\Profiles\h4o5pi2q.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.utu.fi/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 16:04:54
Windows 6.0.6000 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-10-09 16:08:13
ComboFix-quarantined-files.txt 2008-10-09 13:08:04

Ennen ajoa: 17 009 131 520 tavua vapaana
Ajon jälkeen: 15,656,538,112 tavua vapaana

216 --- E O F --- 2008-10-08 14:24:14

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:49, on 8.10.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Users\Boogie\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wuauclt.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919279
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {A953FEDA-6628-407D-8C24-8615076A9B56} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12511 bytes

 

Avaa Muistio ja kopioi seuraavat rivit siihen:

Koodi:

@echo off
sc stop LiveUpdate
sc delete LiveUpdate
sc stop "LiveUpdate Notice Ex"
sc delete "LiveUpdate Notice Ex"
sc stop "LiveUpdate Notice Service"
sc delete "LiveUpdate Notice Service"

Sitten documentti tallennetaan työpöydälle nimellä Poisto.bat ja tiedostotyypiksi: All Files.
Sitten ajetaan työpöydällä oleva Poisto.bat-tiedosto.


1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)




Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {A953FEDA-6628-407D-8C24-8615076A9B56} - (no file)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"


Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:49, on 8.10.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Users\Boogie\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wuauclt.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919279
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {A953FEDA-6628-407D-8C24-8615076A9B56} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12511 bytes

 

ComboFix 08-10-08.02 - Boogie 2008-10-09 21:34:40.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1180 [GMT 3:00]
Sijainti: C:\Users\Boogie\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: C:\Users\Boogie\Desktop\CFScript.txt
* Uusi palautuspiste luotu

FILE ::
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\js 16.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\lights go wild js 16.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\lights go wild.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\pjanoo erick prydz.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\thriller richard grey.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\toca s miracle 2008 fragma.mp3
C:\Users\Boogie\Documents\LimeWire\Saved\Danny Tenaglia feat Liz Torres - Turn Me On (John Digweed & Nick Muir's Bedrock Mix).mp3
C:\Users\Boogie\Documents\LimeWire\Saved\John Digweed - Live At Transitions.wma
C:\Users\Boogie\Documents\LimeWire\Saved\John Digweed.wma
C:\Users\Boogie\Documents\LimeWire\Saved\kaisa meni discoon.mp3
C:\Users\Boogie\Documents\LimeWire\Saved\taas nuori oon.mp3
C:\Windows\System32\YUR9182.0xe
C:\Windows\System32\YUR93B4.0xe
C:\x.0
D:\Music\Musiikki\01 Track 1 (dance).wma
D:\Music\Musiikki\06 Track 6 (dance).wma
D:\Music\Musiikki\07 Track 7 (dance).wma
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-09 to 2008-10-09 )))))))))))))))))
.

2008-10-09 21:33 . 2008-10-09 21:33 <KANSIO> d-------- C:\32788R22FWJFW
2008-10-08 19:10 . 2008-10-08 19:10 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-10-08 18:27 . 2008-10-08 18:28 <KANSIO> d-------- C:\Program Files\CCleaner
2008-10-08 13:24 . 2008-10-08 13:24 <KANSIO> d-------- C:\Users\Boogie\AppData\Roaming\Malwarebytes
2008-10-08 13:24 . 2008-10-08 13:24 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-10-08 13:24 . 2008-10-08 13:24 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-10-08 13:24 . 2008-10-08 13:26 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 13:24 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-08 13:24 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-07 23:54 . 2008-10-07 23:56 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-10-07 23:54 . 2008-10-07 23:56 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-10-07 23:41 . 2008-10-07 23:45 <KANSIO> d-------- C:\Extracted
2008-09-29 19:49 . 2008-09-29 19:49 <KANSIO> d-------- C:\Program Files\Mv2Player
2008-09-29 19:25 . 2008-09-29 19:28 <KANSIO> d-------- C:\Program Files\Screamer Radio
2008-09-29 00:29 . 2008-10-06 17:01 2,828 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-09-29 00:29 . 2008-09-29 00:29 88 -r-hs---- C:\Windows\System32\B26C589BCB.sys
2008-09-29 00:28 . 2008-09-29 00:29 <KANSIO> d-------- C:\Users\Boogie\AppData\Roaming\Corel
2008-09-29 00:27 . 2008-09-29 00:27 <KANSIO> d-------- C:\Users\All Users\Corel
2008-09-29 00:27 . 2008-09-29 00:27 <KANSIO> d-------- C:\ProgramData\Corel
2008-09-29 00:23 . 2008-09-29 00:23 <KANSIO> d-------- C:\Program Files\Corel
2008-09-29 00:23 . 2008-09-29 00:25 <KANSIO> d-------- C:\Program Files\Common Files\Corel
2008-09-17 19:09 . 2008-09-17 19:25 <KANSIO> d-------- C:\Program Files\SopCast
2008-09-12 01:03 . 2008-09-12 01:03 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-09-12 00:16 . 2008-07-31 06:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-12 00:16 . 2008-07-31 06:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-12 00:15 . 2008-07-31 02:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-12 00:15 . 2008-06-26 06:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 18:32 --------- d-----w C:\Users\Boogie\AppData\Roaming\Skype
2008-10-09 16:11 --------- d-----w C:\Users\Boogie\AppData\Roaming\skypePM
2008-10-08 16:02 --------- d-----w C:\Program Files\Java
2008-10-08 14:59 --------- d-----w C:\Users\Boogie\AppData\Roaming\LimeWire
2008-10-08 14:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 20:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-07 16:37 --------- d-----w C:\Program Files\B2BPOKER
2008-09-21 22:40 --------- d-----w C:\Program Files\PAFPoker
2008-09-16 10:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-13 01:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 22:04 --------- d-----w C:\Program Files\DAP
2008-09-11 21:13 --------- d-----w C:\ProgramData\SpeedBit
2008-09-11 21:12 --------- d---a-w C:\ProgramData\TEMP
2008-09-06 05:59 --------- d-----w C:\Users\Boogie\AppData\Roaming\Jasc
2008-09-02 16:40 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-08-15 14:33 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 16:52 174 --sha-w C:\Program Files\desktop.ini
2008-01-14 15:37 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-14 15:37 32 ----a-w C:\ProgramData\ezsid.dat
2006-10-21 11:29 314,177,167 ----a-w C:\Users\Boogie\Counter Strike 1.6 (LAN version).exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-09_16.06.27.83 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-09 09:16:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-09 16:09:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-09 09:16:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-09 16:09:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-09 09:17:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-09 16:11:17 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-09 09:18:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-09 16:11:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-09 16:11:22 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-09 09:16:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-09 18:25:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-09 09:16:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-09 18:25:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-09 09:16:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-09 18:25:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-09 09:23:52 123,556 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-09 16:15:02 123,556 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-09 09:23:52 103,528 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-10-09 16:15:02 103,528 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-10-09 09:23:52 661,906 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-09 16:15:02 661,906 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-09 09:23:52 511,306 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-10-09 16:15:03 511,306 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-10-09 09:18:17 14,144 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3428213550-882490319-1881101620-1003_UserData.bin
+ 2008-10-09 16:11:43 14,160 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3428213550-882490319-1881101620-1003_UserData.bin
- 2008-10-09 09:18:14 86,152 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-09 16:11:43 86,238 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-09 07:48:19 66,460 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-09 16:11:38 66,748 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-12-18 471040]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-13 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2007-08-27 182952]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 895600]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-18 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-04 C:\Windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 535336]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-01-10 864256]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{265273E2-EC71-45F7-A1BB-964F5C39FAD4}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8E66EED3-EAC6-44CE-8D4B-2B3B93A998E8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6FE87BD1-D19B-48FE-AEE0-AC39E0D25415}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3C40956E-D762-4EDB-BF0E-A34C54790997}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{BE81EFE9-C94A-4A6A-9AAE-B253E854E7A7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{39237EA3-6092-4E6B-8A14-F2A35A38827A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{56472A0E-F1E5-44CC-9262-BDD60FEBB048}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{EBAD0E66-1730-4185-848E-A43C521B2D6D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{78E1A611-DFBB-4F5D-8F0D-C315639FF681}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{A1720EB0-615F-4D4E-83A9-2C35CECF37D7}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{51ECAEE9-4196-47F4-B387-816C845D370F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B1E71442-6A1A-438D-91B2-E212A342159D}"= UDP:9420:Red Swoosh
"{77F8701A-C12A-4976-BF6C-5DD8A3C03D9D}"= TCP:5000:Red Swoosh

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 35712]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 70768]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 69136]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 12912]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]
R2 BcmSqlStartupSvc;Business Contact Managerin SQL Server -käynnistyspalvelu;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 ctad;Cisco Trust Agent;C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe [2004-10-22 553035]
R2 ctalogd;Cisco Trust Agent Event Logging Service;C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe [2004-10-22 90112]
R2 GtDetectSc;GtDetectSc;C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 2930176]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 62064]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 240128]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 39792]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 25200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ca252f-c135-11dc-98be-000000000000}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43ae4888-4d0a-11dd-b558-000000000000}]
\shell\AutoRun\command - G:\setup.exe AUTORUN=1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 21:37:16
Windows 6.0.6000 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-10-09 21:38:28
ComboFix-quarantined-files.txt 2008-10-09 18:38:23
ComboFix2.txt 2008-10-09 16:01:22
ComboFix3.txt 2008-10-09 13:08:18

Ennen ajoa: 18 274 848 768 tavua vapaana
Ajon jälkeen: 18,134,319,104 tavua vapaana

249 --- E O F --- 2008-10-08 14:24:14

 

jostain syystä en löytäny näitä neljää ollenkaan:
O3 - Toolbar: (no name) - {A953FEDA-6628-407D-8C24-8615076A9B56} - (no file)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

se 02 löytyi vaan, mutta sekin on tullut takaisin tuossa uudessa scannissa.

 

Suorita edelliset toimenpiteet Järjestelmänvalvojana eli paina oikeata hiiren nappia ohjelman kohdalla ja valitse suorita järjestelmänvalvojana

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:51, on 10.10.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/fi/index.php?rvs=hompag&d=79919279
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10955 bytes

 

Jaahas ei meinaa lähteä nuo symanteckin jämät pois.

Suorita Poisto.bat järjestelmänvalvojana

Avaa Muistio ja kopioi seuraavat rivit siihen:

Koodi:

@echo off
sc stop "Automatic LiveUpdate Scheduler"
sc delete "Automatic LiveUpdate Scheduler"
sc stop CLTNetCnService
sc delete CLTNetCnService
sc stop "LiveUpdate Notice Ex"
sc delete "LiveUpdate Notice Ex"
sc stop "LiveUpdate Notice Service"
sc delete "LiveUpdate Notice Service"

Sitten documentti tallennetaan työpöydälle nimellä Poisto.bat ja tiedostotyypiksi: All Files.
Sitten ajetaan työpöydällä oleva Poisto.bat-tiedosto.

Poista seuraavat kansiot.

C:\Program Files\Common Files\Symantec Shared\
C:\Program Files\Symantec\

Tyhjennä roskakori.

Lähetä uusi Hijackthis loki.

 

ComboFix 08-10-08.02 - Boogie 2008-10-10 15:24:17.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1001 [GMT 3:00]
Sijainti: C:\Users\Boogie\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: C:\Users\Boogie\Desktop\CFScript.txt
* Uusi palautuspiste luotu

FILE ::
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\js 16.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\lights go wild js 16.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\lights go wild.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\pjanoo erick prydz.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\thriller richard grey.mp3
C:\Users\Boogie\AppData\Local\Microsoft\Messenger\booksteri@hotmail.com\Sharing Folders\leiska90@hotmail.com\CD levykke\toca s miracle 2008 fragma.mp3
C:\Users\Boogie\Documents\LimeWire\Saved\Danny Tenaglia feat Liz Torres - Turn Me On (John Digweed & Nick Muir's Bedrock Mix).mp3
C:\Users\Boogie\Documents\LimeWire\Saved\John Digweed - Live At Transitions.wma
C:\Users\Boogie\Documents\LimeWire\Saved\John Digweed.wma
C:\Users\Boogie\Documents\LimeWire\Saved\kaisa meni discoon.mp3
C:\Users\Boogie\Documents\LimeWire\Saved\taas nuori oon.mp3
C:\Windows\System32\YUR9182.0xe
C:\Windows\System32\YUR93B4.0xe
C:\x.0
D:\Music\Musiikki\01 Track 1 (dance).wma
D:\Music\Musiikki\06 Track 6 (dance).wma
D:\Music\Musiikki\07 Track 7 (dance).wma
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-10 to 2008-10-10 )))))))))))))))))
.

2008-10-08 19:10 . 2008-10-08 19:10 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-10-08 18:27 . 2008-10-08 18:28 <KANSIO> d-------- C:\Program Files\CCleaner
2008-10-08 13:24 . 2008-10-08 13:24 <KANSIO> d-------- C:\Users\Boogie\AppData\Roaming\Malwarebytes
2008-10-08 13:24 . 2008-10-08 13:24 <KANSIO> d-------- C:\Users\All Users\Malwarebytes
2008-10-08 13:24 . 2008-10-08 13:24 <KANSIO> d-------- C:\ProgramData\Malwarebytes
2008-10-08 13:24 . 2008-10-08 13:26 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 13:24 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-08 13:24 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-07 23:54 . 2008-10-07 23:56 <KANSIO> d-------- C:\Users\All Users\Lavasoft
2008-10-07 23:54 . 2008-10-07 23:56 <KANSIO> d-------- C:\ProgramData\Lavasoft
2008-10-07 23:41 . 2008-10-07 23:45 <KANSIO> d-------- C:\Extracted
2008-09-29 19:49 . 2008-09-29 19:49 <KANSIO> d-------- C:\Program Files\Mv2Player
2008-09-29 19:25 . 2008-09-29 19:28 <KANSIO> d-------- C:\Program Files\Screamer Radio
2008-09-29 00:29 . 2008-10-06 17:01 2,828 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-09-29 00:29 . 2008-09-29 00:29 88 -r-hs---- C:\Windows\System32\B26C589BCB.sys
2008-09-29 00:28 . 2008-09-29 00:29 <KANSIO> d-------- C:\Users\Boogie\AppData\Roaming\Corel
2008-09-29 00:27 . 2008-09-29 00:27 <KANSIO> d-------- C:\Users\All Users\Corel
2008-09-29 00:27 . 2008-09-29 00:27 <KANSIO> d-------- C:\ProgramData\Corel
2008-09-29 00:23 . 2008-09-29 00:23 <KANSIO> d-------- C:\Program Files\Corel
2008-09-29 00:23 . 2008-09-29 00:25 <KANSIO> d-------- C:\Program Files\Common Files\Corel
2008-09-17 19:09 . 2008-09-17 19:25 <KANSIO> d-------- C:\Program Files\SopCast
2008-09-12 01:03 . 2008-09-12 01:03 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-09-12 00:16 . 2008-07-31 06:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-12 00:16 . 2008-07-31 06:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-12 00:15 . 2008-07-31 02:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-12 00:15 . 2008-06-26 06:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 12:17 --------- d-----w C:\ProgramData\Skype
2008-10-10 11:18 --------- d-----w C:\Users\Boogie\AppData\Roaming\skypePM
2008-10-08 16:02 --------- d-----w C:\Program Files\Java
2008-10-08 14:59 --------- d-----w C:\Users\Boogie\AppData\Roaming\LimeWire
2008-10-08 14:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 20:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-07 16:37 --------- d-----w C:\Program Files\B2BPOKER
2008-09-21 22:40 --------- d-----w C:\Program Files\PAFPoker
2008-09-16 10:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-13 01:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 22:04 --------- d-----w C:\Program Files\DAP
2008-09-11 21:13 --------- d-----w C:\ProgramData\SpeedBit
2008-09-11 21:12 --------- d---a-w C:\ProgramData\TEMP
2008-09-06 05:59 --------- d-----w C:\Users\Boogie\AppData\Roaming\Jasc
2008-09-02 16:40 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-08-15 14:33 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 16:52 174 --sha-w C:\Program Files\desktop.ini
2008-01-14 15:37 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-14 15:37 32 ----a-w C:\ProgramData\ezsid.dat
2006-10-21 11:29 314,177,167 ----a-w C:\Users\Boogie\Counter Strike 1.6 (LAN version).exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-09_16.06.27.83 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-09 09:16:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-10 11:15:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-09 09:16:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-10 11:15:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-09 09:17:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-10 11:17:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-10 11:17:21 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-09 09:18:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-10 11:17:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-10 11:17:27 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-09 09:16:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-10 11:20:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-09 09:16:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-10 11:20:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-09 09:16:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-10 11:20:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-09 09:23:52 123,556 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-10 11:22:08 123,556 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-09 09:23:52 103,528 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-10-10 11:22:09 103,528 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-10-09 09:23:52 661,906 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-10 11:22:09 661,906 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-09 09:23:52 511,306 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-10-10 11:22:09 511,306 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-10-09 09:18:17 14,144 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3428213550-882490319-1881101620-1003_UserData.bin
+ 2008-10-10 11:17:37 14,168 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3428213550-882490319-1881101620-1003_UserData.bin
- 2008-10-09 09:18:14 86,152 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-10 11:17:37 86,238 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-09 07:48:19 66,460 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-10 11:17:36 66,764 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-12-18 471040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-13 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2007-08-27 182952]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 895600]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-18 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-04 C:\Windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 535336]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-01-10 864256]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{265273E2-EC71-45F7-A1BB-964F5C39FAD4}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8E66EED3-EAC6-44CE-8D4B-2B3B93A998E8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6FE87BD1-D19B-48FE-AEE0-AC39E0D25415}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3C40956E-D762-4EDB-BF0E-A34C54790997}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{BE81EFE9-C94A-4A6A-9AAE-B253E854E7A7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{39237EA3-6092-4E6B-8A14-F2A35A38827A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{56472A0E-F1E5-44CC-9262-BDD60FEBB048}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{EBAD0E66-1730-4185-848E-A43C521B2D6D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{78E1A611-DFBB-4F5D-8F0D-C315639FF681}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{A1720EB0-615F-4D4E-83A9-2C35CECF37D7}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{51ECAEE9-4196-47F4-B387-816C845D370F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B1E71442-6A1A-438D-91B2-E212A342159D}"= UDP:9420:Red Swoosh
"{77F8701A-C12A-4976-BF6C-5DD8A3C03D9D}"= TCP:5000:Red Swoosh

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 35712]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 70768]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 69136]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 12912]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]
R2 BcmSqlStartupSvc;Business Contact Managerin SQL Server -käynnistyspalvelu;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 ctad;Cisco Trust Agent;C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe [2004-10-22 553035]
R2 ctalogd;Cisco Trust Agent Event Logging Service;C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe [2004-10-22 90112]
R2 GtDetectSc;GtDetectSc;C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 2930176]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 62064]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 240128]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 39792]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 25200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ca252f-c135-11dc-98be-000000000000}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43ae4888-4d0a-11dd-b558-000000000000}]
\shell\AutoRun\command - G:\setup.exe AUTORUN=1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 15:26:18
Windows 6.0.6000 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-10-10 15:27:37
ComboFix-quarantined-files.txt 2008-10-10 12:27:27
ComboFix2.txt 2008-10-09 18:38:29
ComboFix3.txt 2008-10-09 16:01:22
ComboFix4.txt 2008-10-09 13:08:18

Ennen ajoa: 16 102 850 560 tavua vapaana
Ajon jälkeen: 15,962,808,320 tavua vapaana

251 --- E O F --- 2008-10-10 11:22:35