Infected: Backdoor.Win32.Small.gii

Kaspersky online scanneri löysi trojalaisen, miten sen saa pois.
Tässä hijackThis logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:01, on 1.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\scanneri.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9335 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw

=================

Koneella avg8 ja avast poista toinen

 

Tässä uusi logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:52, on 1.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\scanneri.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8361 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Malwarebytes' Anti-Malware 1.33
Tietokantaversio: 1713
Windows 6.0.6001 Service Pack 1

1.2.2009 18:49:50
mbam-log-2009-02-01 (18-49-50).txt

Tarkistustyyppi: Täysi tarkistus (C:\|F:\|)
Tarkistetut kohteet: 137342
Kulunut aika: 1 hour(s), 21 minute(s), 14 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

Avaa Windows Defender.
Klikkaa Tools ja General Settings.
Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
Tämän jälkeen klikkaa Save ja sulje Windows Defender.

äläkkä laita päälle

================

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

===========

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

=============

sitten tuon voispoistaa lisää poista sovelutuksesta

Yahoo!

ja kansio pois

C:\Program Files\Yahoo!

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:55, on 1.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\scanneri.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8028 bytes

 

eipä ne lähteneet vieläkään pois mutta eipä ne siellä haittaa.
turhaa vain on käynnistyvissä.

 

eipä ole troijalainenkaan lähtenyt.Scannasin uudestaan Kasperskilla ja tossa sen logi:


KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 2, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 02, 2009 17:21:09
Records in database: 1737914


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics
Files scanned 119953
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 02:45:16

File name Threat name Threats count
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BH23PKX9\ASENNA_NEWS_TO_SCREEN_(FM)[1].0XE Infected: Backdoor.Win32.Small.gii 1

The selected area was scanned.

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 09-02-02.04 - Timo 2009-02-03 16:57:08.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2047.1311 [GMT 2:00]
Sijainti: c:\users\Timo\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated)
* Uusi palautuspiste luotu
.
ADS - Windows: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Timo\AppData\Roaming\inst.exe
c:\windows\system32\pthreadGC2.dll
F:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-03 to 2009-02-03 )))))))))))))))))
.

2009-02-01 11:26 . 2009-02-01 11:26 <KANSIO> d-------- c:\program files\SpeedFan
2009-02-01 11:26 . 2009-02-01 11:26 45 --a------ c:\windows\System32\initdebug.nfo
2009-01-29 21:50 . 2009-01-29 22:28 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\dvdcss
2009-01-29 21:48 . 2009-01-29 21:57 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\vlc
2009-01-29 21:46 . 2009-01-29 21:46 <KANSIO> d-------- c:\program files\VideoLAN
2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\AVS4YOU
2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\users\All Users\AVS4YOU
2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\programdata\AVS4YOU
2009-01-29 21:31 . 2009-01-29 21:32 <KANSIO> d-------- c:\program files\Common Files\AVSMedia
2009-01-29 21:31 . 2009-01-29 21:32 <KANSIO> d-------- c:\program files\AVS4YOU
2009-01-29 21:31 . 2008-08-13 10:22 1,700,352 --a------ c:\windows\System32\GdiPlus.dll
2009-01-29 21:31 . 2008-08-13 10:22 974,848 --a------ c:\windows\System32\mfc70.dll
2009-01-29 21:31 . 2008-08-13 10:22 487,424 --a------ c:\windows\System32\msvcp70.dll
2009-01-29 21:31 . 2008-08-13 10:22 344,064 --a------ c:\windows\System32\msvcr70.dll
2009-01-29 21:09 . 2009-01-29 21:09 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\GRETECH
2009-01-29 21:09 . 2009-01-29 21:09 <KANSIO> d-------- c:\program files\GRETECH
2009-01-24 14:15 . 2009-01-24 17:48 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Ashampoo
2009-01-24 14:13 . 2009-01-24 14:13 <KANSIO> d-------- c:\users\All Users\ashampoo
2009-01-24 14:13 . 2009-01-24 14:13 <KANSIO> d-------- c:\programdata\ashampoo
2009-01-24 14:13 . 2009-01-24 14:24 <KANSIO> d-------- c:\program files\Ashampoo
2009-01-23 17:00 . 2009-01-23 17:12 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Audacity
2009-01-22 21:59 . 2009-01-22 21:59 <KANSIO> d-------- c:\program files\winLAME
2009-01-22 19:42 . 2009-01-22 19:43 <KANSIO> d--h----- c:\users\Timo\PP_MOTION.TMP
2009-01-22 19:41 . 2009-01-22 19:41 <KANSIO> d--h----- c:\users\Timo\PP_ROTATE_SLIDE.TMP
2009-01-22 19:41 . 2009-01-22 19:41 <KANSIO> d-------- c:\users\Timo\CyberLink
2009-01-19 21:45 . 2009-01-19 21:45 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\PC Suite
2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Nokia
2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\All Users\PC Suite
2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\programdata\PC Suite
2009-01-19 21:42 . 2009-01-19 21:42 <KANSIO> d-------- c:\program files\Common Files\PCSuite
2009-01-19 21:41 . 2009-01-19 21:41 <KANSIO> d-------- c:\program files\DIFX
2009-01-19 21:41 . 2008-08-26 09:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2009-01-19 21:39 . 2009-01-19 21:40 <KANSIO> d-------- c:\program files\PC Connectivity Solution
2009-01-15 21:22 . 2009-01-15 21:22 <KANSIO> d-------- c:\users\Timo\Kesä 2008
2009-01-14 21:15 . 2009-01-14 21:15 <KANSIO> d-------- c:\program files\Bonjour
2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\program files\iTunes
2009-01-14 21:14 . 2009-01-14 21:14 <KANSIO> d-------- c:\program files\iPod
2009-01-14 21:12 . 2009-01-14 21:12 <KANSIO> d-------- c:\program files\QuickTime
2009-01-14 17:00 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-07 18:37 . 2009-01-07 18:37 40 --ah----- c:\windows\System32\ivireg.ivr
2009-01-06 13:49 . 2009-01-06 13:50 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Corel
2009-01-06 13:49 . 2009-01-06 14:13 2,516 --ahs---- c:\users\All Users\KGyGaAvL.sys
2009-01-06 13:49 . 2009-01-06 14:13 2,516 --ahs---- c:\programdata\KGyGaAvL.sys
2009-01-06 13:49 . 2009-01-06 14:13 88 -r-hs---- c:\users\All Users\8A40BDA798.sys
2009-01-06 13:49 . 2009-01-06 14:13 88 -r-hs---- c:\programdata\8A40BDA798.sys
2009-01-05 11:58 . 2009-01-05 11:58 <KANSIO> d-------- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 21:31 --------- d-----w c:\users\Timo\AppData\Roaming\uTorrent
2009-02-01 09:26 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
2009-01-29 19:57 --------- d-----w c:\users\Timo\AppData\Roaming\vlc
2009-01-22 17:43 --------- d-----w c:\users\Timo\AppData\Roaming\CyberLink
2009-01-22 17:41 --------- d-----w c:\programdata\CyberLink
2009-01-20 19:22 --------- d---a-w c:\programdata\TEMP
2009-01-20 19:20 --------- d-----w c:\program files\SpywareBlaster
2009-01-20 18:00 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-19 19:42 --------- d-----w c:\program files\Nokia
2009-01-19 19:42 --------- d-----w c:\program files\Common Files\Nokia
2009-01-19 19:38 --------- d-----w c:\programdata\Installations
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-14 19:14 --------- d-----w c:\programdata\Apple Computer
2009-01-14 19:14 --------- d-----w c:\program files\Common Files\Apple
2009-01-14 19:07 --------- d-----w c:\program files\Safari
2009-01-14 15:42 --------- d-----w c:\programdata\Microsoft Help
2009-01-14 15:42 --------- d-----w c:\program files\Windows Mail
2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-07 19:32 47,360 ----a-w c:\users\Timo\AppData\Roaming\pcouffin.sys
2009-01-07 19:32 --------- d-----w c:\users\Timo\AppData\Roaming\Vso
2009-01-06 11:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 12:26 --------- d-----w c:\programdata\SlySoft
2008-12-28 12:26 --------- d-----w c:\program files\SlySoft
2008-12-28 10:33 --------- d-----w c:\program files\Seagate
2008-12-28 10:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-26 19:30 --------- d-----w c:\programdata\VistaCodecs
2008-12-26 15:52 --------- d-----w c:\programdata\vsosdk
2008-12-26 14:07 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-12-25 13:53 --------- d-----w c:\programdata\WindowsSearch
2008-12-25 12:56 --------- d-----w c:\program files\CCleaner
2008-12-25 12:46 --------- d-----w c:\programdata\DVD Shrink
2008-12-22 14:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-22 13:36 --------- d-----w c:\programdata\Nokia
2008-12-21 09:31 --------- d-----w c:\program files\IrfanView
2008-12-20 11:59 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-20 11:58 --------- d-----w c:\users\Timo\AppData\Roaming\SystemRequirementsLab
2008-12-20 11:02 --------- d-----w c:\program files\Java
2008-12-15 17:55 --------- d-----w c:\program files\CyberLink
2008-12-15 17:50 --------- d-----w c:\program files\Common Files\CyberLink
2008-12-15 17:30 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-13 00:07 --------- d-----w c:\programdata\Nero
2008-12-13 00:07 --------- d-----w c:\program files\Common Files\Nero
2008-12-12 21:36 --------- d-----w c:\programdata\WinZip
2008-12-12 21:32 --------- d-----w c:\users\Timo\AppData\Roaming\Uniblue
2008-12-12 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 09:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-08 10:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-04 19:48 --------- d-----w c:\users\Timo\AppData\Roaming\Canneverbe_Limited
2008-12-04 11:11 43,520 ----a-w c:\windows\system32\drivers\fetnd6v.sys
2008-11-10 03:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-04-16 19:10 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-14 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDRShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-29 210216]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-12-03 75048]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-09 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-09 7741440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-09 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SoundMan"="SOUNDMAN.EXE" [2008-09-10 c:\windows\SOUNDMAN.EXE]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0A930A80-489C-4005-B55B-69FE54BFF007}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A69319FB-6FB3-4879-8E80-1A48AA7EBAB7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{18AF2190-AD75-47DA-BC01-3480DB0BECD3}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1A8D8595-1E25-4B41-A578-B8B3C0510C26}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{91FA9597-81CD-4DC0-9825-9EB0D000A920}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3C354CFE-9834-44D1-8E13-6266FDF85FF1}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2FBACC84-C354-4E3E-B321-999217F26948}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{8008D284-696A-4D98-8516-864C37F00CC4}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1D455224-FAE5-4F6D-8D00-BE2794C29209}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{2750003C-945C-4A92-92F2-436BC4BC6FAF}c:\\users\\timo\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\timo\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{A72FCBE3-94CD-4EDE-A143-D10CFDBC17FC}c:\\users\\timo\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\timo\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{E6C95802-52DD-4D01-BECE-D90FF2123503}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{0AD0F34E-C739-413D-A98F-6BBC43335719}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{1BC54E8B-59B0-49D0-8F17-657DAB3128EB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{57A1E5B2-31C6-42C3-8748-1F6F5906DC3E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{F4800462-8B5E-4865-8B87-9FCD86A92952}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{75904A3D-2CAC-48FB-8C10-96FBEA2FAFEE}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{33DE5784-D683-4915-8E0D-7CF8F86A088B}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{511EC3EE-4983-4217-BD09-DB67646F9B73}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{CCEAA39B-AFC1-4B31-8272-4DED25649A03}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{9B5798BB-BAD1-4E12-BE48-3A31CAFE9E85}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{B26E4A4A-22E9-4CB6-ACE3-AAF8A973CA25}c:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
"UDP Query User{8280C7EC-70A7-4AFA-8D77-40F1ABA5701C}c:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
"TCP Query User{CBC98F0D-41D0-4EE6-8F34-70BCA7DAE018}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{25E66763-0207-4F00-93DB-B321AF7EEA20}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{85E218A7-221E-4803-AE27-501037EF8085}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{8D363356-8058-4AA7-89E2-64EB9FA0CD88}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{60ECAACB-2334-4B62-9920-B754840FFEAA}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{0394EB07-2BD2-4573-A549-1A010C43C48E}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{9B668597-BE27-42BD-A0D2-33A227E942B6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{785981E8-7D87-42A6-8B26-DC21BAAEA13D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{18721E67-5D0A-4D70-BD2A-32AA450CBACF}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{2B8000E8-CC54-4EEB-987D-793FCF457620}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{F63A325C-ACD7-41F0-A5BE-BDA9ED904A43}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D0FF01FF-F192-4DFA-9EE9-E95621EA508A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0D3F22C5-E33C-4113-90EC-62163FDE8339}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A8980747-8B94-44E7-AA25-78747AA10376}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-05 111184]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-11-21 21:37:24 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-02-03 51792]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\System32\drivers\bender.sys [2006-11-21 203264]
R3 ctxS51;Creatix V.9X DSP Data Fax Modem;c:\windows\System32\drivers\ctxS51.sys [2006-05-01 1903646]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-12-04 43520]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [2008-04-13 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-02 c:\windows\Tasks\User_Feed_Synchronization-{6DDDB379-C441-4F13-A305-B41C202D29A1}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 12:01]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

ShellIconOverlayIdentifiers-{8D2223A2-B3C6-4e32-B096-CDD11F628C60} - (no file)


.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\3tokuz8a.default\
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 2\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\3tokuz8a.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 17:02:35
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-02-03 17:05:19
ComboFix-quarantined-files.txt 2009-02-03 15:05:16

Ennen ajoa: 90 078 736 384 tavua vapaana
Ajon jälkeen: 89,798,164,480 tavua vapaana

260 --- E O F --- 2009-02-02 16:27:08

 

Nyt tuon alla olevan lainauksen Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna se nimellä CFScript.txt työpöydälle

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

En voi raahata muistiota koska compofixi logoa ei tule työpöydälle eikä mihinkään muuallekkaan.
Kun klikkaan combofix exe niin se alkaa heti asentamaan sitä eikä kysy mitään vaihtoehtoja muuta kuin sammuttamaan avastin.

 

c:\users\Timo\Downloads\ComboFix.exe
ei pää niin kun se on tuolla

ei ole asennettu työpöydälle

 

no siellähän se pää oli,tässä uus logi:

ComboFix 09-02-02.04 - Timo 2009-02-03 20:10:34.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2047.1343 [GMT 2:00]
Sijainti: c:\users\Timo\Downloads\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Timo\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated)
* Uusi palautuspiste luotu
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-03 to 2009-02-03 )))))))))))))))))
.

2009-02-01 11:26 . 2009-02-01 11:26 <KANSIO> d-------- c:\program files\SpeedFan
2009-02-01 11:26 . 2009-02-01 11:26 45 --a------ c:\windows\System32\initdebug.nfo
2009-01-29 21:50 . 2009-01-29 22:28 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\dvdcss
2009-01-29 21:48 . 2009-01-29 21:57 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\vlc
2009-01-29 21:46 . 2009-01-29 21:46 <KANSIO> d-------- c:\program files\VideoLAN
2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\AVS4YOU
2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\users\All Users\AVS4YOU
2009-01-29 21:33 . 2009-01-29 21:33 <KANSIO> d-------- c:\programdata\AVS4YOU
2009-01-29 21:31 . 2009-01-29 21:32 <KANSIO> d-------- c:\program files\Common Files\AVSMedia
2009-01-29 21:31 . 2009-01-29 21:32 <KANSIO> d-------- c:\program files\AVS4YOU
2009-01-29 21:31 . 2008-08-13 10:22 1,700,352 --a------ c:\windows\System32\GdiPlus.dll
2009-01-29 21:31 . 2008-08-13 10:22 974,848 --a------ c:\windows\System32\mfc70.dll
2009-01-29 21:31 . 2008-08-13 10:22 487,424 --a------ c:\windows\System32\msvcp70.dll
2009-01-29 21:31 . 2008-08-13 10:22 344,064 --a------ c:\windows\System32\msvcr70.dll
2009-01-29 21:09 . 2009-01-29 21:09 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\GRETECH
2009-01-29 21:09 . 2009-01-29 21:09 <KANSIO> d-------- c:\program files\GRETECH
2009-01-24 14:15 . 2009-01-24 17:48 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Ashampoo
2009-01-24 14:13 . 2009-01-24 14:13 <KANSIO> d-------- c:\users\All Users\ashampoo
2009-01-24 14:13 . 2009-01-24 14:13 <KANSIO> d-------- c:\programdata\ashampoo
2009-01-24 14:13 . 2009-01-24 14:24 <KANSIO> d-------- c:\program files\Ashampoo
2009-01-23 17:00 . 2009-01-23 17:12 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Audacity
2009-01-22 21:59 . 2009-01-22 21:59 <KANSIO> d-------- c:\program files\winLAME
2009-01-22 19:42 . 2009-01-22 19:43 <KANSIO> d--h----- c:\users\Timo\PP_MOTION.TMP
2009-01-22 19:41 . 2009-01-22 19:41 <KANSIO> d--h----- c:\users\Timo\PP_ROTATE_SLIDE.TMP
2009-01-22 19:41 . 2009-01-22 19:41 <KANSIO> d-------- c:\users\Timo\CyberLink
2009-01-19 21:45 . 2009-01-19 21:45 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\PC Suite
2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Nokia
2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\users\All Users\PC Suite
2009-01-19 21:44 . 2009-01-19 21:45 <KANSIO> d-------- c:\programdata\PC Suite
2009-01-19 21:42 . 2009-01-19 21:42 <KANSIO> d-------- c:\program files\Common Files\PCSuite
2009-01-19 21:41 . 2009-01-19 21:41 <KANSIO> d-------- c:\program files\DIFX
2009-01-19 21:41 . 2008-08-26 09:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2009-01-19 21:39 . 2009-01-19 21:40 <KANSIO> d-------- c:\program files\PC Connectivity Solution
2009-01-15 21:22 . 2009-01-15 21:22 <KANSIO> d-------- c:\users\Timo\Kesä 2008
2009-01-14 21:15 . 2009-01-14 21:15 <KANSIO> d-------- c:\program files\Bonjour
2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-14 21:14 . 2009-01-14 21:15 <KANSIO> d-------- c:\program files\iTunes
2009-01-14 21:14 . 2009-01-14 21:14 <KANSIO> d-------- c:\program files\iPod
2009-01-14 21:12 . 2009-01-14 21:12 <KANSIO> d-------- c:\program files\QuickTime
2009-01-14 17:00 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-07 18:37 . 2009-01-07 18:37 40 --ah----- c:\windows\System32\ivireg.ivr
2009-01-06 13:49 . 2009-01-06 13:50 <KANSIO> d-------- c:\users\Timo\AppData\Roaming\Corel
2009-01-06 13:49 . 2009-01-06 14:13 2,516 --ahs---- c:\users\All Users\KGyGaAvL.sys
2009-01-06 13:49 . 2009-01-06 14:13 2,516 --ahs---- c:\programdata\KGyGaAvL.sys
2009-01-06 13:49 . 2009-01-06 14:13 88 -r-hs---- c:\users\All Users\8A40BDA798.sys
2009-01-06 13:49 . 2009-01-06 14:13 88 -r-hs---- c:\programdata\8A40BDA798.sys
2009-01-05 11:58 . 2009-01-05 11:58 <KANSIO> d-------- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 16:31 --------- d-----w c:\users\Timo\AppData\Roaming\uTorrent
2009-02-01 09:26 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
2009-01-29 19:57 --------- d-----w c:\users\Timo\AppData\Roaming\vlc
2009-01-22 17:43 --------- d-----w c:\users\Timo\AppData\Roaming\CyberLink
2009-01-22 17:41 --------- d-----w c:\programdata\CyberLink
2009-01-20 19:22 --------- d---a-w c:\programdata\TEMP
2009-01-20 19:20 --------- d-----w c:\program files\SpywareBlaster
2009-01-20 18:00 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-19 19:42 --------- d-----w c:\program files\Nokia
2009-01-19 19:42 --------- d-----w c:\program files\Common Files\Nokia
2009-01-19 19:38 --------- d-----w c:\programdata\Installations
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-14 19:14 --------- d-----w c:\programdata\Apple Computer
2009-01-14 19:14 --------- d-----w c:\program files\Common Files\Apple
2009-01-14 19:07 --------- d-----w c:\program files\Safari
2009-01-14 15:42 --------- d-----w c:\programdata\Microsoft Help
2009-01-14 15:42 --------- d-----w c:\program files\Windows Mail
2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-07 19:32 47,360 ----a-w c:\users\Timo\AppData\Roaming\pcouffin.sys
2009-01-07 19:32 --------- d-----w c:\users\Timo\AppData\Roaming\Vso
2009-01-06 11:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 12:26 --------- d-----w c:\programdata\SlySoft
2008-12-28 12:26 --------- d-----w c:\program files\SlySoft
2008-12-28 10:33 --------- d-----w c:\program files\Seagate
2008-12-28 10:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-26 19:30 --------- d-----w c:\programdata\VistaCodecs
2008-12-26 15:52 --------- d-----w c:\programdata\vsosdk
2008-12-26 14:07 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-12-25 13:53 --------- d-----w c:\programdata\WindowsSearch
2008-12-25 12:56 --------- d-----w c:\program files\CCleaner
2008-12-25 12:46 --------- d-----w c:\programdata\DVD Shrink
2008-12-22 14:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-22 13:36 --------- d-----w c:\programdata\Nokia
2008-12-21 09:31 --------- d-----w c:\program files\IrfanView
2008-12-20 11:59 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-20 11:58 --------- d-----w c:\users\Timo\AppData\Roaming\SystemRequirementsLab
2008-12-20 11:02 --------- d-----w c:\program files\Java
2008-12-15 17:55 --------- d-----w c:\program files\CyberLink
2008-12-15 17:50 --------- d-----w c:\program files\Common Files\CyberLink
2008-12-15 17:30 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-13 00:07 --------- d-----w c:\programdata\Nero
2008-12-13 00:07 --------- d-----w c:\program files\Common Files\Nero
2008-12-12 21:36 --------- d-----w c:\programdata\WinZip
2008-12-12 21:32 --------- d-----w c:\users\Timo\AppData\Roaming\Uniblue
2008-12-12 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 09:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-08 10:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-04 19:48 --------- d-----w c:\users\Timo\AppData\Roaming\Canneverbe_Limited
2008-12-04 11:11 43,520 ----a-w c:\windows\system32\drivers\fetnd6v.sys
2008-11-10 03:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-04-16 19:10 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_17.03.41,04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 14:32:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-03 17:38:51 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-03 14:32:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-03 17:38:51 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-03 14:33:58 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-03 17:40:01 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-03 17:40:01 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-03 15:02:17 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-03 18:12:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-03 18:12:50 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-03 14:35:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 17:40:09 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-03 14:35:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-03 17:40:09 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-03 14:35:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-03 17:40:09 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-03 14:35:10 10,408 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-726910424-4287619793-38094487-1000_UserData.bin
+ 2009-02-03 17:41:09 10,408 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-726910424-4287619793-38094487-1000_UserData.bin
- 2009-02-03 14:35:09 64,788 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-03 17:41:09 64,970 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-03 14:35:07 46,582 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-03 17:41:07 46,582 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-14 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDRShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-29 210216]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-12-03 75048]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-09 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-09 7741440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-09 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SoundMan"="SOUNDMAN.EXE" [2008-09-10 c:\windows\SOUNDMAN.EXE]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0A930A80-489C-4005-B55B-69FE54BFF007}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A69319FB-6FB3-4879-8E80-1A48AA7EBAB7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{18AF2190-AD75-47DA-BC01-3480DB0BECD3}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1A8D8595-1E25-4B41-A578-B8B3C0510C26}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{91FA9597-81CD-4DC0-9825-9EB0D000A920}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3C354CFE-9834-44D1-8E13-6266FDF85FF1}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2FBACC84-C354-4E3E-B321-999217F26948}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{8008D284-696A-4D98-8516-864C37F00CC4}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1D455224-FAE5-4F6D-8D00-BE2794C29209}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{2750003C-945C-4A92-92F2-436BC4BC6FAF}c:\\users\\timo\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\timo\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{A72FCBE3-94CD-4EDE-A143-D10CFDBC17FC}c:\\users\\timo\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\timo\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{E6C95802-52DD-4D01-BECE-D90FF2123503}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{0AD0F34E-C739-413D-A98F-6BBC43335719}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{1BC54E8B-59B0-49D0-8F17-657DAB3128EB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{57A1E5B2-31C6-42C3-8748-1F6F5906DC3E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{F4800462-8B5E-4865-8B87-9FCD86A92952}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{75904A3D-2CAC-48FB-8C10-96FBEA2FAFEE}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{33DE5784-D683-4915-8E0D-7CF8F86A088B}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{511EC3EE-4983-4217-BD09-DB67646F9B73}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{CCEAA39B-AFC1-4B31-8272-4DED25649A03}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{9B5798BB-BAD1-4E12-BE48-3A31CAFE9E85}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{B26E4A4A-22E9-4CB6-ACE3-AAF8A973CA25}c:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
"UDP Query User{8280C7EC-70A7-4AFA-8D77-40F1ABA5701C}c:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
"TCP Query User{CBC98F0D-41D0-4EE6-8F34-70BCA7DAE018}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{25E66763-0207-4F00-93DB-B321AF7EEA20}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{85E218A7-221E-4803-AE27-501037EF8085}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{8D363356-8058-4AA7-89E2-64EB9FA0CD88}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{60ECAACB-2334-4B62-9920-B754840FFEAA}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{0394EB07-2BD2-4573-A549-1A010C43C48E}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{9B668597-BE27-42BD-A0D2-33A227E942B6}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{785981E8-7D87-42A6-8B26-DC21BAAEA13D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{18721E67-5D0A-4D70-BD2A-32AA450CBACF}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{2B8000E8-CC54-4EEB-987D-793FCF457620}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{F63A325C-ACD7-41F0-A5BE-BDA9ED904A43}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D0FF01FF-F192-4DFA-9EE9-E95621EA508A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0D3F22C5-E33C-4113-90EC-62163FDE8339}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A8980747-8B94-44E7-AA25-78747AA10376}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-05 111184]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-11-21 21:37:24 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-02-03 51792]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\System32\drivers\bender.sys [2006-11-21 203264]
R3 ctxS51;Creatix V.9X DSP Data Fax Modem;c:\windows\System32\drivers\ctxS51.sys [2006-05-01 1903646]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-12-04 43520]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [2008-04-13 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-03 c:\windows\Tasks\User_Feed_Synchronization-{6DDDB379-C441-4F13-A305-B41C202D29A1}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 12:01]
.
.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\3tokuz8a.default\
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 2\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\3tokuz8a.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 20:13:41
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-02-03 20:16:21
ComboFix-quarantined-files.txt 2009-02-03 18:16:14
ComboFix2.txt 2009-02-03 15:05:21

Ennen ajoa: 95 371 145 216 tavua vapaana
Ajon jälkeen: 95,338,213,376 tavua vapaana

278 --- E O F --- 2009-02-02 16:27:08

 

Kirjoita suorita luukkuun

ComboFix /u

Klikkaa OK

============

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

 

eipä näyttänyt lähtevän vieläkään.

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 4, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, February 03, 2009 19:47:19
Records in database: 1741020


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics
Files scanned 119741
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 02:37:32

File name Threat name Threats count
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BH23PKX9\ASENNA_NEWS_TO_SCREEN_(FM)[1].0XE Infected: Backdoor.Win32.Small.gii 1

The selected area was scanned.