Hijackthis-logi ja ilmeisesti sama messenger-virus kuin joillain muilla

Nyrre · 27.05.2008

Tässä HjT-logi ja se mesevirus oli se "oletko tässä"-juttu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:48, on 27.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\D-Link\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\D-Link\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\D-Link\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-21-1004336348-117609710-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Hannu')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1004336348-117609710-725345543-1005 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Hannu')
O4 - S-1-5-21-1004336348-117609710-725345543-1005 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Hannu')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191617622031
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10097 bytes

AfterDawn

Nyrre · 28.05.2008

Saisiko tähän vastausta kun on tavallista kinkkisempi pulma. Ilmeisesti virus myös yrittää saastuttaa kaikki koneeseen kytketyt tikut / ulkoiset kiintolevytkin.

kalminen · 28.05.2008

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\winudspm.exe

Laajenna...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Nyrre · 28.05.2008

Joku kusee kyllä nyt pahemman kerran sillä en saa edes combofix.exeä avattua.

Nyrre · 28.05.2008

Ei mitään, sain jo.

Nyrre · 28.05.2008

Hijackthis-logi (juuri ennen postitusta otettuna)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:35, on 28.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\D-Link\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\D-Link\Bluetooth-ohjelmisto\BTTray.exe
C:\PROGRA~1\D-Link\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\D-Link\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191617622031
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: geBUMCsq - C:\WINDOWS\SYSTEM32\geBUMCsq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10396 bytes

Combofixin antama raportti

ComboFix 08-05-27.4 - Leevi 2008-05-28 18:11:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.588 [GMT 3:00]
Running from: C:\Documents and Settings\Leevi\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Leevi\Työpöytä\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\winudspm.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Hannu\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\winudspm.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-28 )))))))))))))))))
.

2008-12-10 14:46 . 2008-12-10 14:46 <KANSIO> d-------- C:\Program Files\PIXELA
2008-12-10 14:44 . 2008-12-10 14:44 <KANSIO> d-------- C:\Program Files\Sony Corporation
2008-12-10 14:44 . 2008-12-10 14:44 <KANSIO> d-------- C:\Program Files\Common Files\muvee Technologies
2008-05-28 07:42 . 2008-05-28 07:42 57,344 --a------ C:\WINDOWS\system32\geBUMCsq.dll
2008-05-27 22:03 . 2008-05-27 22:03 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-26 17:49 . 2008-05-26 17:51 <KANSIO> d-------- C:\Documents and Settings\Leevi\Application Data\GetRightToGo
2008-05-14 04:29 . 2008-05-14 04:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-10 17:18 . 2008-05-10 17:18 20,480 --a------ C:\t2lg.i
2008-05-10 15:50 . 2008-05-10 15:50 <KANSIO> d-------- C:\WINDOWS\solcache
2008-05-10 15:48 . 2008-05-10 15:50 <KANSIO> d-------- C:\SIERRA
2008-05-10 15:48 . 2008-05-10 15:50 <KANSIO> d-------- C:\Program Files\Sierra On-Line
2008-05-10 15:48 . 2008-05-10 15:48 <KANSIO> d-------- C:\Documents and Settings\Leevi\WINDOWS
2008-05-10 15:48 . 1998-10-30 23:21 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2008-05-10 15:48 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-10 15:48 . 1998-10-30 23:21 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-05-10 15:48 . 2008-05-10 15:50 341 --a------ C:\WINDOWS\SIERRA.INI
2008-05-07 18:25 . 2008-05-07 18:25 <KANSIO> d-------- C:\Documents and Settings\Leevi\Application Data\SmartFTP
2008-05-07 18:24 . 2008-05-07 18:24 <KANSIO> d-------- C:\Program Files\SmartFTP Client
2008-05-07 18:23 . 2008-05-07 18:23 <KANSIO> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-04 12:30 . 2008-05-04 12:30 <KANSIO> d-------- C:\Program Files\Sonic Foundry
2008-05-04 12:30 . 2008-05-04 12:30 <KANSIO> d-------- C:\Program Files\Pure Motion
2008-05-04 12:29 . 2008-05-04 12:29 <KANSIO> d-------- C:\Program Files\DebugMode
2008-05-04 11:37 . 2008-05-04 11:37 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-03 00:19 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-03 00:19 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-03 00:19 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-03 00:19 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-03 00:19 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-03 00:19 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-03 00:19 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-03 00:19 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-03 00:19 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-03 00:15 . 2008-05-03 00:20 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-05-03 00:06 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-30 15:16 . 2004-08-04 09:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-30 15:16 . 2004-08-04 09:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-30 15:16 . 2008-04-30 15:16 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-30 15:16 . 2008-04-30 15:16 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-30 15:12 . 2008-04-30 15:12 <KANSIO> d-------- C:\Documents and Settings\Päivi\Application Data\Sony Corporation
2008-04-29 14:58 . 2008-04-29 14:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-29 14:57 . 2008-04-29 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-28 14:58 . 2008-04-28 14:58 <KANSIO> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 13:35 --------- d-----w C:\Documents and Settings\Hannu\Application Data\OpenOffice.org2
2008-05-28 10:24 --------- d-----w C:\Documents and Settings\Leevi\Application Data\uTorrent
2008-05-27 18:39 --------- d-----w C:\Documents and Settings\Hermanni\Application Data\OpenOffice.org2
2008-05-25 10:32 --------- d-----w C:\Program Files\RevConnect
2008-05-23 22:41 --------- d-----w C:\Documents and Settings\Leevi\Application Data\mIRC
2008-05-23 18:22 --------- d-----w C:\Program Files\mIRC
2008-05-23 12:53 --------- d-----w C:\Program Files\Xfire
2008-05-20 05:03 --------- d-----w C:\Documents and Settings\Leevi\Application Data\Xfire
2008-05-15 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 14:33 --------- d-----w C:\Program Files\UltraStar
2008-05-02 10:56 --------- d-----w C:\Program Files\Winamp
2008-04-29 11:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-28 11:59 --------- d-----w C:\Program Files\Safari
2008-04-27 09:41 --------- d-----w C:\Documents and Settings\Hermanni\Application Data\Nexon
2008-04-26 15:08 --------- d-----w C:\Documents and Settings\Hannu\Application Data\r2 Studios
2008-04-17 05:46 --------- d-----w C:\Program Files\MSBuild
2008-04-17 05:46 --------- d-----w C:\Program Files\Microsoft Works
2008-04-17 05:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-17 05:38 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-17 05:26 --------- d-----w C:\Program Files\MagicISO
2008-04-15 04:51 --------- d-----w C:\Program Files\Nokia
2008-04-15 04:51 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-15 04:51 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-15 04:50 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-15 04:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-14 19:04 --------- d-----w C:\Documents and Settings\Leevi\Application Data\OpenOffice.org2
2008-04-14 11:33 --------- d-----w C:\Program Files\Java
2008-04-14 11:24 --------- d-----w C:\Documents and Settings\Leevi\Application Data\Apple Computer
2008-04-13 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 13:34 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-13 13:34 --------- d-----w C:\Documents and Settings\Leevi\Application Data\InstallShield
2008-04-13 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-04-13 08:55 --------- d-----w C:\Program Files\iTunes
2008-04-13 08:55 --------- d-----w C:\Program Files\iPod
2008-04-13 08:52 --------- d-----w C:\Program Files\QuickTime
2008-04-04 17:15 --------- d-----w C:\Documents and Settings\Hannu\Application Data\.purple
2008-04-03 19:14 --------- d-----w C:\Program Files\Total Video Converter
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 08:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-11 14:54 22,328 ----a-w C:\Documents and Settings\Leevi\Application Data\PnkBstrK.sys
2004-07-22 07:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 19:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 19:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 11:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 06:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 06:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 01:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 01:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 00:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-02-19 20:01 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 02:09 486856]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 00:14 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartupDelayer"="C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2006-08-03 13:21 16896]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-11-06 19:53 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-11-06 19:53 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-11-06 19:53 455168]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 03:36 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Windows UDP Control"="winudspm.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\Hannu\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 05:43:54 393216]

C:\Documents and Settings\Hermanni\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 05:43:54 393216]

C:\Documents and Settings\Leevi\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-14 04:29:28 3007824]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - C:\Program Files\D-Link\Bluetooth-ohjelmisto\BTTray.exe [2005-07-26 15:28:52 577597]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{06E12C36-760F-4D92-8509-5E5DBF12C423}"= C:\WINDOWS\system32\geBUMCsq.dll [2008-05-28 07:42 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBUMCsq]
geBUMCsq.dll 2008-05-28 07:42 57344 C:\WINDOWS\system32\geBUMCsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 10:21]
S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e299597-7381-11dc-bfed-886cde9c1c7b}]
\Shell\AutoRun\command - E:\Launcher.exe

*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-27 16:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 18:16:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-28 18:18:17
ComboFix-quarantined-files.txt 2008-05-28 15:18:10

Pre-Run: 85,458,358,272 tavua vapaana
Post-Run: 85,548,421,120 tavua vapaana

211 --- E O F --- 2008-05-16 21:18:02

kalminen · 28.05.2008

Yksi jäi vielä:
Nuo muut piristää konetta.

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\SYSTEM32\geBUMCsq.dll

Laajenna...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
------------------------------------------------------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O20 - Winlogon Notify: geBUMCsq - C:\WINDOWS\SYSTEM32\geBUMCsq.dll

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Nyrre · 28.05.2008

Ajoin tuon Combofixin ja se onnistui, mutta Hijack Thisilla en löydä tätä poistettavaksi merkkaamaasi kohdetta.

O20 - Winlogon Notify: geBUMCsq - C:\WINDOWS\SYSTEM32\geBUMCsq.dll

Vaikuttaako siihen se että olen eri käyttäjätunnuksella vai onko sillä mitään väliä? Poistanko ne muut mitkä löytyy?

Nyrre · 28.05.2008

On sen verran kiire että laitan nyt vain combofixin login tänne ja HjT:n login sitten huomenna kun olen saanut kalmiselta tai joltain muulta tarkempaa tietoa.

ComboFix 08-05-27.4 - Hermanni 2008-05-28 22:51:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.481 [GMT 3:00]
Running from: C:\Documents and Settings\Leevi\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Leevi\Työpöytä\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\SYSTEM32\geBUMCsq.dll
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-28 to 2008-05-28 )))))))))))))))))
.

2008-12-10 14:46 . 2008-12-10 14:46 <KANSIO> d-------- C:\Program Files\PIXELA
2008-12-10 14:44 . 2008-12-10 14:44 <KANSIO> d-------- C:\Program Files\Sony Corporation
2008-12-10 14:44 . 2008-12-10 14:44 <KANSIO> d-------- C:\Program Files\Common Files\muvee Technologies
2008-05-28 21:17 . 2008-05-28 21:17 <KANSIO> d-------- C:\Documents and Settings\Hermanni\Application Data\Apple Computer
2008-05-27 22:03 . 2008-05-27 22:03 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-26 17:49 . 2008-05-26 17:51 <KANSIO> d-------- C:\Documents and Settings\Leevi\Application Data\GetRightToGo
2008-05-14 04:29 . 2008-05-14 04:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-10 17:18 . 2008-05-10 17:18 20,480 --a------ C:\t2lg.i
2008-05-10 15:50 . 2008-05-10 15:50 <KANSIO> d-------- C:\WINDOWS\solcache
2008-05-10 15:48 . 2008-05-10 15:50 <KANSIO> d-------- C:\SIERRA
2008-05-10 15:48 . 2008-05-10 15:50 <KANSIO> d-------- C:\Program Files\Sierra On-Line
2008-05-10 15:48 . 2008-05-10 15:48 <KANSIO> d-------- C:\Documents and Settings\Leevi\WINDOWS
2008-05-10 15:48 . 1998-10-30 23:21 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2008-05-10 15:48 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-10 15:48 . 1998-10-30 23:21 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-05-10 15:48 . 2008-05-10 15:50 341 --a------ C:\WINDOWS\SIERRA.INI
2008-05-07 18:25 . 2008-05-07 18:25 <KANSIO> d-------- C:\Documents and Settings\Leevi\Application Data\SmartFTP
2008-05-07 18:24 . 2008-05-07 18:24 <KANSIO> d-------- C:\Program Files\SmartFTP Client
2008-05-07 18:23 . 2008-05-07 18:23 <KANSIO> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-04 12:30 . 2008-05-04 12:30 <KANSIO> d-------- C:\Program Files\Sonic Foundry
2008-05-04 12:30 . 2008-05-04 12:30 <KANSIO> d-------- C:\Program Files\Pure Motion
2008-05-04 12:29 . 2008-05-04 12:29 <KANSIO> d-------- C:\Program Files\DebugMode
2008-05-04 11:37 . 2008-05-04 11:37 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-03 00:19 . 2008-03-01 16:01 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-03 00:19 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-03 00:19 . 2007-03-08 08:10 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-03 00:19 . 2008-03-01 16:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-03 00:19 . 2008-03-01 16:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-03 00:19 . 2008-03-01 16:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-03 00:19 . 2008-03-01 16:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-03 00:19 . 2008-03-01 16:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-03 00:19 . 2008-02-22 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-03 00:15 . 2008-05-03 00:20 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2008-05-03 00:06 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-30 15:16 . 2004-08-04 09:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-30 15:16 . 2004-08-04 09:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-30 15:16 . 2008-04-30 15:16 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-30 15:16 . 2008-04-30 15:16 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-30 15:12 . 2008-04-30 15:12 <KANSIO> d-------- C:\Documents and Settings\Päivi\Application Data\Sony Corporation
2008-04-29 14:58 . 2008-04-29 14:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-29 14:57 . 2008-04-29 14:57 <KANSIO> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-28 14:58 . 2008-04-28 14:58 <KANSIO> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 17:42 --------- d-----w C:\Documents and Settings\Hermanni\Application Data\OpenOffice.org2
2008-05-28 16:18 --------- d-----w C:\Documents and Settings\Hannu\Application Data\OpenOffice.org2
2008-05-28 15:30 --------- d-----w C:\Documents and Settings\Leevi\Application Data\Xfire
2008-05-28 10:24 --------- d-----w C:\Documents and Settings\Leevi\Application Data\uTorrent
2008-05-25 10:32 --------- d-----w C:\Program Files\RevConnect
2008-05-23 22:41 --------- d-----w C:\Documents and Settings\Leevi\Application Data\mIRC
2008-05-23 18:22 --------- d-----w C:\Program Files\mIRC
2008-05-23 12:53 --------- d-----w C:\Program Files\Xfire
2008-05-15 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 14:33 --------- d-----w C:\Program Files\UltraStar
2008-05-02 10:56 --------- d-----w C:\Program Files\Winamp
2008-04-29 11:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-28 11:59 --------- d-----w C:\Program Files\Safari
2008-04-27 09:41 --------- d-----w C:\Documents and Settings\Hermanni\Application Data\Nexon
2008-04-26 15:08 --------- d-----w C:\Documents and Settings\Hannu\Application Data\r2 Studios
2008-04-17 05:46 --------- d-----w C:\Program Files\MSBuild
2008-04-17 05:46 --------- d-----w C:\Program Files\Microsoft Works
2008-04-17 05:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-17 05:38 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-17 05:26 --------- d-----w C:\Program Files\MagicISO
2008-04-15 04:51 --------- d-----w C:\Program Files\Nokia
2008-04-15 04:51 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-15 04:51 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-15 04:50 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-15 04:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-14 19:04 --------- d-----w C:\Documents and Settings\Leevi\Application Data\OpenOffice.org2
2008-04-14 11:33 --------- d-----w C:\Program Files\Java
2008-04-14 11:24 --------- d-----w C:\Documents and Settings\Leevi\Application Data\Apple Computer
2008-04-13 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 13:34 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-13 13:34 --------- d-----w C:\Documents and Settings\Leevi\Application Data\InstallShield
2008-04-13 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-04-13 08:55 --------- d-----w C:\Program Files\iTunes
2008-04-13 08:55 --------- d-----w C:\Program Files\iPod
2008-04-13 08:52 --------- d-----w C:\Program Files\QuickTime
2008-04-04 17:15 --------- d-----w C:\Documents and Settings\Hannu\Application Data\.purple
2008-04-03 19:14 --------- d-----w C:\Program Files\Total Video Converter
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 08:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-11 14:54 22,328 ----a-w C:\Documents and Settings\Leevi\Application Data\PnkBstrK.sys
2004-07-22 07:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 19:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 19:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 11:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 06:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 06:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 01:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 01:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 00:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-28_18.17.23,73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 14:26:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 15:28:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 15:28:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-02-19 20:01 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 00:14 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartupDelayer"="C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2006-08-03 13:21 16896]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-11-06 19:53 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-11-06 19:53 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-11-06 19:53 455168]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 03:36 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\Hannu\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 05:43:54 393216]

C:\Documents and Settings\Hermanni\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 05:43:54 393216]

C:\Documents and Settings\Leevi\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-14 04:29:28 3007824]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
BTTray.lnk - C:\Program Files\D-Link\Bluetooth-ohjelmisto\BTTray.exe [2005-07-26 15:28:52 577597]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 10:21]
S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e299597-7381-11dc-bfed-886cde9c1c7b}]
\Shell\AutoRun\command - E:\Launcher.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-27 16:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 22:56:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-28 22:58:55
ComboFix-quarantined-files.txt 2008-05-28 19:58:42
ComboFix2.txt 2008-05-28 15:18:20

Pre-Run: 85,463,490,560 tavua vapaana
Post-Run: 85,455,638,528 tavua vapaana

206 --- E O F --- 2008-05-16 21:18:02

DarkFade · 28.05.2008

HUOMIO!

Älkää avatko oheista linkkiä, se on suora latausosoite tiedostolle
photo95.JPG-www.msnimages.com (.exe)
jos joku haluaa tutkia asiaa tarkemmin. Itse vähän selvittelin, ja hyvin vähällä asiantuntemuksella uskallan väittää, että ohjelma on jonkun vähemmän osaavan yksilön harjoituskappale, jolla kerätään Messenger-tunnuksia myytäväksi eteenpäin. Poistaminen oli suhteettoman helppoa ja yksinkertaista, koska tiedoston osat ovat loogisesti nimetty (halpaa tekoa koko "virus") naamioitumaan Windowsin geneeriseksi järjestelmätyökaluksi. Levitys tapahtuu kaapatuilla tunnuksilla lähetettävillä linkkiviesteillä.

Passiivisen haittaojelmienmetsästäjän pitäisi huomata muutokset rekisteriin ja prosessin käynnistyminen. Symantec AntiVirus (def.280508) ei löydä ohjelmasta virusta.

Rekisteristä löytää hakemalla tiedostonimeä vastaavan merkinnän, jonka arvo viittaa avaamaan ohjelman käynnistettäessä kaikilla käyttäjillä. Tämän merkinnän poistamalla ohjelma ei enää käynnisty.

Varsinaisen .exen löytää C:\WINDOWS-kansion sisältä etsimällä.

Ohjelman pystyy poistamaan täysin manuaalisesti. Olennaista on vain olla antamatta ohjelmalle lupaa ottaa yhteyttä hostiin.

Yksinkertaiset ohjeet, koska tämä sivu näkyy Googlella ensimmäisissä hakutuloksissa.

Haittaohjelman latauslinkki:
http://mitglied.lycos.de/cheatguard/photo95.JPG-www.msnimages.com

kalminen · 29.05.2008

DarkFadelle
TNX ja OK

kalminen · 29.05.2008

==>> Nyrrelle
Combo hoiti sen 020 rivin.
Muut punaiset rivit voit Fixata ohjelmat säilyy silti
entisenlaisina.
-----------------------------------
Varmistetaan:
Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

Koppis1 · 29.05.2008

Minullakin on sama viirus. En tiedä onko lähtenyt jo tosin...
Tässä Htj loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Octoshape Streaming Services\Koppis\OctoshapeClient.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [dcca0e9c] rundll32.exe "C:\WINDOWS\system32\xdukdwft.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Koppis\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162297554309
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF416D88-D8DA-40DC-A196-4F3A1F7E69A4}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 11429 bytes

Ja ComboFix loki
ComboFix 08-05-27.4 - Koppis 2008-05-28 22:27:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.803 [GMT 3:00]
Running from: C:\Documents and Settings\Koppis\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Koppis\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\SYSTEM32\geBUMCsq.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\eLmUuBeg.ini
C:\WINDOWS\system32\eLmUuBeg.ini2
C:\WINDOWS\system32\geBuUmLe.dll
C:\WINDOWS\system32\hmvlqqfw.dll
C:\WINDOWS\system32\wfqqlvmh.ini

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-28 to 2008-05-28 )))))))))))))))))
.

2008-05-28 22:22 . 2008-05-28 22:22 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-28 21:41 . 2008-05-28 21:41 2,855 --a------ C:\ComboFix.PIF
2008-05-28 21:31 . 2008-05-28 21:31 0 --a------ C:\ComboFix.exe
2008-05-28 21:08 . 2008-05-28 21:08 57,344 --a------ C:\WINDOWS\system32\qoMgeEut.dll
2008-05-28 20:30 . 2008-05-28 21:09 40,960 --a------ C:\dci.exe
2008-05-28 20:29 . 2008-05-28 22:24 <KANSIO> d-------- C:\Program Files\HiJackThis_v2
2008-05-28 20:16 . 2008-05-28 20:28 <KANSIO> d-------- C:\WINDOWS\BDOSCAN8
2008-05-28 20:15 . 2008-05-28 20:15 57,344 --a------ C:\WINDOWS\system32\ssqNEuVo.dll
2008-05-28 19:47 . 2008-05-28 19:47 57,344 --a------ C:\WINDOWS\system32\nnnoMfgE.dll
2008-05-28 18:05 . 2008-05-28 18:05 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\DigitalPersona
2008-05-28 18:05 . 2008-05-28 18:05 57,344 --a------ C:\WINDOWS\system32\ddcBQgFV.dll
2008-05-28 17:58 . 2008-05-28 17:58 <KANSIO> d-------- C:\WINDOWS\DPDrv
2008-05-28 17:58 . 2008-05-28 17:58 <KANSIO> d-------- C:\Program Files\DigitalPersona
2008-05-28 17:54 . 2008-05-28 17:54 57,344 --a------ C:\WINDOWS\system32\geBrpppq.dll
2008-05-28 17:31 . 2008-05-28 17:31 57,344 --a------ C:\WINDOWS\system32\qoMfFvVm.dll
2008-05-28 17:26 . 2008-05-28 17:26 <KANSIO> d-------- C:\Program Files\DP10-002
2008-05-28 17:26 . 2008-05-28 17:26 2,334,453 --a------ C:\Program Files\DP10-002.zip
2008-05-28 17:11 . 2008-05-28 17:11 57,344 --a------ C:\WINDOWS\system32\ljJYQIXn.dll
2008-05-28 16:55 . 2008-05-28 16:55 57,344 --a------ C:\WINDOWS\system32\efcCuVoP.dll
2008-05-28 16:48 . 2008-05-28 16:48 57,344 --a------ C:\WINDOWS\system32\cbXNEurp.dll
2008-05-28 16:43 . 2008-05-28 16:43 8,579,136 --a------ C:\Program Files\DPPM_201_ENG.exe
2008-05-28 16:31 . 2008-05-28 16:31 57,344 --a------ C:\WINDOWS\system32\yayvWOHY.dll
2008-05-28 16:03 . 2008-05-28 16:39 <KANSIO> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-05-28 16:02 . 2008-05-28 16:02 57,344 --a------ C:\WINDOWS\system32\fccdeddE.dll
2008-05-28 15:48 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-28 15:48 . 2004-09-14 16:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-28 13:11 . 2008-05-28 13:11 57,344 --a------ C:\WINDOWS\system32\nnnnLcby.dll
2008-05-27 21:48 . 2008-05-27 21:48 3,510,857 --a------ C:\SMB2AV.MP3
2008-05-27 21:48 . 2008-05-27 21:48 2,069,315 --a------ C:\FB.MP3
2008-05-27 21:47 . 2008-05-27 21:48 3,554,742 --a------ C:\SMBAV.MP3
2008-05-27 08:32 . 2008-05-27 08:32 <KANSIO> d-------- C:\Documents and Settings\Mirja Vilpponen\Application Data\ATI
2008-05-25 21:05 . 2008-05-26 17:07 <KANSIO> d-------- C:\Program Files\Cheat Engine
2008-05-25 21:05 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-05-25 21:05 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-05-22 22:13 . 2008-05-22 22:13 <KANSIO> d-------- C:\Program Files\Octoshape Streaming Services
2008-05-22 15:11 . 2008-05-22 17:12 <KANSIO> d-------- C:\Program Files\mIRC
2008-05-22 15:11 . 2008-05-22 17:16 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\mIRC
2008-05-21 14:57 . 2008-05-28 21:10 31 --a------ C:\WINDOWS\system32\bbcap.err
2008-05-21 14:56 . 2008-05-21 14:56 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\ATI
2008-05-21 14:56 . 2008-05-21 14:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-18 18:49 . 2008-05-18 18:49 <KANSIO> d-------- C:\Program Files\Mioplanet
2008-05-18 18:49 . 2008-05-18 18:49 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\mioObjects
2008-05-18 18:49 . 2008-05-18 18:49 407,047 --a------ C:\WINDOWS\system32\mioengine.exe
2008-05-18 12:30 . 2008-05-18 12:30 <KANSIO> d-------- C:\Program Files\eRightSoft
2008-05-18 12:30 . 2006-09-12 14:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-05-18 12:30 . 2006-05-03 13:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-05-18 12:30 . 2008-02-04 22:26 151,040 ---hs---- C:\WINDOWS\system32\VistaUltm.dll
2008-05-18 12:30 . 2006-01-13 02:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-05-18 12:30 . 2003-11-21 02:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-05-18 12:30 . 2004-04-27 02:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-05-18 12:30 . 2007-02-21 14:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-05-18 12:30 . 2007-12-17 16:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-05-18 12:30 . 2008-02-05 20:04 9,884 ---h----- C:\WINDOWS\super.chm
2008-05-18 12:07 . 2008-05-18 12:07 <KANSIO> d-------- C:\Program Files\NCH Software
2008-05-18 12:07 . 2008-05-18 12:07 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\NCH Swift Sound
2008-05-18 12:07 . 2008-05-18 12:07 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\NCH Software
2008-05-18 12:07 . 2008-05-18 12:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-05-17 22:48 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-13 07:34 . 2008-05-13 07:34 <KANSIO> d-------- C:\Program Files\Screen Recorder Gold
2008-04-30 20:22 . 2008-04-30 20:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 19:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-28 19:40 --------- d-----w C:\Documents and Settings\Koppis\Application Data\Skype
2008-05-28 17:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 16:10 --------- d-----w C:\Program Files\RevConnect
2008-05-28 14:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 11:36 --------- d-----w C:\Program Files\ATI
2008-05-21 11:51 --------- d-----w C:\Program Files\ATI Technologies
2008-05-21 11:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 09:07 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-18 09:00 --------- d-----w C:\Program Files\CamStudio
2008-05-17 19:48 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-17 19:48 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-06 18:30 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-26 09:33 --------- d-----w C:\Program Files\Java
2008-04-21 14:35 --------- d-----w C:\Program Files\HardCopy Pro
2008-04-21 14:35 --------- d-----w C:\Documents and Settings\Koppis\Application Data\DeskSoft
2008-04-16 13:40 --------- d-----w C:\Program Files\Winamp
2008-04-16 13:29 --------- d-----w C:\Program Files\Game_Maker7
2008-04-16 12:54 8,990,072 ----a-w C:\Program Files\winamp5531_full_emusic-7plus_en-us.exe
2008-04-15 18:59 --------- d-----w C:\Program Files\Lavalys
2008-04-15 16:12 --------- d-----w C:\Documents and Settings\Vilpponen\Application Data\The Hobbit
2008-04-12 19:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-12 16:25 --------- d-----w C:\Program Files\Guitar Pro 5
2008-04-09 13:49 --------- d-----w C:\Documents and Settings\Vilpponen\Application Data\Skype
2008-04-06 15:42 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\Skype
2008-04-04 13:14 227,211 ----a-w C:\WINDOWS\Fonts\pointy.zip
2008-03-29 18:44 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\DivX
2008-03-29 08:40 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\vlc
2008-03-29 07:45 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\Sonic
2008-03-29 07:45 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\Leadertech
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-28 18:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 22:48 219 ----a-w C:\Documents and Settings\Vilpponen\hsqlprefs.dat
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 13:16 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-10 18:16 22,328 ----a-w C:\Documents and Settings\Koppis\Application Data\PnkBstrK.sys
2008-03-10 18:15 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-10 18:15 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-10 18:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-04 21:06 24 ----a-w C:\juttelitoimii.bat
2008-03-04 20:59 56 ----a-w C:\jutteli.bat
2008-03-04 20:57 185 ----a-w C:\Copybmp.bat
2008-03-04 11:31 84,526,232 ----a-w C:\Program Files\moviestudio80c-trial_enu.exe
2008-03-02 18:51 2,699,171 ----a-w C:\Program Files\ccleaner_v2.05.555.zip
2008-01-05 20:09 630,768 ----a-w C:\Program Files\eval-nwc.exe
2007-12-15 11:37 8,454,584 ----a-w C:\Program Files\winamp55_full_emusic-7plus_en-us.exe
2007-11-30 12:40 34,556,560 ----a-w C:\Program Files\QCCSENU.EXE
2007-11-05 12:11 5,858 ----a-w C:\Program Files\install.log
2007-11-05 12:10 487,377 ----a-w C:\Program Files\GameSpot_Download_Manager.exe
2007-08-02 08:39 6,221,304 ----a-w C:\Program Files\winamp535_full_emusic-7plus.exe
2007-07-10 08:50 1 ----a-w C:\Documents and Settings\Koppis\SI.bin
2007-06-03 16:33 2,601,692 ----a-w C:\Program Files\mp3wavconverter.exe
2007-06-01 12:28 1,980,533 ----a-w C:\Program Files\registrymedic.exe
2007-04-27 14:23 1,205,365 ----a-w C:\Program Files\wrar37b7.exe
2007-02-13 14:00 19,666,504 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-02-07 19:11 643,144 ----a-w C:\Program Files\XviD-1.1.2-01112006.exe
2007-01-27 20:20 1,063,810 ----a-w C:\Program Files\subedit.zip
2006-11-30 12:46 1,410,680 ----a-w C:\Program Files\install_flash_player.exe
2006-11-28 15:57 6,052,528 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
2006-11-26 16:21 29,172 -c--a-w C:\Program Files\Da-Vinci-Tour.kmz
2006-11-26 15:52 14,879,120 ----a-w C:\Program Files\GoogleEarthWin.exe
2006-11-25 18:05 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2006-11-23 13:07 362,496 ----a-w C:\Program Files\switchsetup.exe
2006-11-10 14:15 11,284,970 ----a-w C:\Program Files\cdbxp_setup_3.0.116.zip
2006-11-08 17:19 16,198,952 ----a-w C:\Program Files\Install_Messenger.exe
2006-11-04 15:57 6,624,984 ----a-w C:\Program Files\winamp531_full_emusic-7plus.exe
2006-11-04 15:52 3,262,369 ----a-w C:\Program Files\ALZip.exe
2006-11-04 14:08 6,579,696 ----a-w C:\Program Files\Opera_9.02_International_Setup.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-28_22.14.10.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 19:02:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 19:34:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-28 18:11:40 69,076 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-28 19:07:26 69,076 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-28 18:11:40 82,362 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-05-28 19:07:26 82,362 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-05-28 18:11:40 435,338 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-28 19:07:26 435,338 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-28 18:11:40 410,336 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-05-28 19:07:26 410,336 ----a-w C:\WINDOWS\system32\perfh00B.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06E12C36-760F-4D92-8509-5E5DBF12C423}]
2008-05-28 13:11 57344 --a------ C:\WINDOWS\system32\nnnnLcby.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-11 21:41 25343016]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-06 00:57 1103480]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Koppis\OctoshapeClient.exe" [2006-02-13 19:33 214648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-08-14 15:39 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-08-14 15:41 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-08-14 15:38 94208]
"High Definition Audio -ominaisuussivun pikakuvake"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 04:51 122929]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 11:57 684032]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-28 06:10 122940]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 16267776 C:\WINDOWS\RTHDCPL.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 23:09 157592]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 16:27 807440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{06E12C36-760F-4D92-8509-5E5DBF12C423}"= C:\WINDOWS\system32\nnnnLcby.dll [2008-05-28 13:11 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2005-03-01 20:49 24672 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2006-10-09 16:27 99856 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnLcby]
nnnnLcby.dll 2008-05-28 13:11 57344 C:\WINDOWS\system32\nnnnLcby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Pelit\\Settlers3\\s3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Pelit\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Pelit\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9278:TCP"= 9278:TCP:BitComet 9278 TCP
"9278:UDP"= 9278:UDP:BitComet 9278 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-31 13:01]
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-06-24 23:03]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-31 16:53]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 16:37]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 17:30]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 16:37]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2005-03-01 20:49]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-06-01 15:28]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-03-02 15:00]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 17:25]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2005-03-01 20:49]
R3 usbdpfp;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\usbdpfp.sys [2006-09-16 17:23]
S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 13:39]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-16 21:03]
S3 gsplittm;gsplittm;C:\DOCUME~1\Koppis\LOCALS~1\Temp\gsplittm.sys []
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2005-03-01 20:49]
S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 12:43]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 10:42]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86167224-b6ba-11dc-8548-0016350dc46d}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

*Newly Created Service* - PGFILTER
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-23 14:35:20 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-02-13 14:00:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-28 18:15:40 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 22:36:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nnnnLcby.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\common\FSMA32.EXE
C:\Program Files\F-Secure\common\FSMB32.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\F-Secure\common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\F-Secure\common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\F-Secure\Anti-Virus\FSRW.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\F-Secure\Anti-Virus\FSAV32.exe
C:\Program Files\F-Secure\common\FNRB32.exe
C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
C:\Program Files\F-Secure\common\FIH32.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\FSAW.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-28 22:45:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 19:45:33
ComboFix2.txt 2008-05-28 19:15:55

Pre-Run: 27,177,984,000 tavua vapaana
Post-Run: 27,221,811,200 tavua vapaana

362 --- E O F --- 2008-05-16 21:03:47

Teen juuri nyt malware scannia.

kalminen · 29.05.2008

==>> Koppis
Sulla on täällä muitakin viruksia !!!!

******************'****
Vundolle:
Tämmöisessä hakemistossa:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Hiiren oikealla napilla pääset nimeämään HijackThis.exe uudelleen vaikka hoojiitee.exe
Scannaa koneesi sillä ja lähetä logi tänne.
****************
Lähetä se
MalvareByteksen logi myös.

Koppis1 · 29.05.2008

jahas, mitä teen???
Tässä on malware loki:

Malwarebytes' Anti-Malware 1.12
Tietokantaversio: 797

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 302277
Kulunut aika: 1 hour(s), 39 minute(s), 44 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 3
Saastuneita rekisteriavaimia: 12
Saastuneita rekisteriarvoja: 4
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 27

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
C:\WINDOWS\system32\tuvUKArr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\xdukdwft.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\nnnnLcby.dll (Trojan.Vundo) -> Unloaded module successfully.

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e02a21b-0396-40e2-8370-197f9d273be4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e02a21b-0396-40e2-8370-197f9d273be4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{06e12c36-760f-4d92-8509-5e5dbf12c423} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e12c36-760f-4d92-8509-5e5dbf12c423} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnlcby (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dcca0e9c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06e12c36-760f-4d92-8509-5e5dbf12c423} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMdff93d00 (Trojan.Agent) -> Delete on reboot.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvukarr -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvukarr -> Delete on reboot.

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\WINDOWS\system32\tuvUKArr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rrAKUvut.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rrAKUvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xdukdwft.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tfwdkudx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnLcby.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Koppis\Local Settings\Temporary Internet Files\Content.IE5\AQ6B915R\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koppis\Local Settings\Temporary Internet Files\Content.IE5\VO5TZ8KW\CAABMN65 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\geBuUmLe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hmvlqqfw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84BAE593-4252-4F5F-9FBA-F19648C5B781}\RP5\A0000095.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{84BAE593-4252-4F5F-9FBA-F19648C5B781}\RP5\A0000096.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qfssroml.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aricdnrv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ookthisd.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Fonts\pointy.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMfFvVm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgeEut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNEurp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBrpppq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBQgFV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnoMfgE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCuVoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvWOHY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqNEuVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJYQIXn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccdeddE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Ja vielä Hijackthis loi (nimi vaihdettu)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:09, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Octoshape Streaming Services\Koppis\OctoshapeClient.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\HiJackThis_v2\hoojiitee.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {5fa07ce0-0fa8-150b-def4-a7352d36db4d} - {d4bd63d2-537a-4fed-b051-8af00ec70af5} - C:\WINDOWS\system32\afnogukh.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Koppis\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162297554309
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF416D88-D8DA-40DC-A196-4F3A1F7E69A4}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 13520 bytes

kalminen · 29.05.2008

==>> Koppis1lle
Olipa Tauhkaa !!!
--------------------------------------------------------
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\system32\afnogukh.dll

Laajenna...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
-----------------------------------------
******************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
***************************************************************************
----------------------------------------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: {5fa07ce0-0fa8-150b-def4-a7352d36db4d} - {d4bd63d2-537a-4fed-b051-8af00ec70af5} - C:\WINDOWS\system32\afnogukh.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
*

Koppis1 · 29.05.2008

Tässä on combofix loki.
Pitikö se malware jättää jotenkin auki?
Jätin sen karanteeni välilehden auki mutta se sammui rebootissa.

ComboFix 08-05-27.4 - Koppis 2008-05-29 13:42:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.861 [GMT 3:00]
Running from: C:\Documents and Settings\Koppis\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Koppis\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\afnogukh.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMdff93d00.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afnogukh.dll
C:\WINDOWS\system32\aricdnrv.dll
C:\WINDOWS\system32\ookthisd.dll
C:\WINDOWS\system32\rrAKUvut.ini
C:\WINDOWS\system32\rrAKUvut.ini2
C:\WINDOWS\system32\tuvUKArr.dll
C:\WINDOWS\system32\vrndcira.ini
C:\WINDOWS\system32\xdukdwft.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-28 to 2008-05-29 )))))))))))))))))
.

2008-05-29 10:32 . 2008-05-29 12:50 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 10:32 . 2008-05-29 10:32 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\Malwarebytes
2008-05-29 10:32 . 2008-05-29 10:32 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-29 10:32 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 10:32 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 22:22 . 2008-05-28 22:22 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-28 21:41 . 2008-05-28 21:41 2,855 --a------ C:\ComboFix.PIF
2008-05-28 21:31 . 2008-05-28 21:31 0 --a------ C:\ComboFix.exe
2008-05-28 20:30 . 2008-05-28 21:09 40,960 --a------ C:\dci.exe
2008-05-28 20:29 . 2008-05-29 13:09 <KANSIO> d-------- C:\Program Files\HiJackThis_v2
2008-05-28 20:16 . 2008-05-28 20:28 <KANSIO> d-------- C:\WINDOWS\BDOSCAN8
2008-05-28 18:05 . 2008-05-28 18:05 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\DigitalPersona
2008-05-28 17:58 . 2008-05-28 17:58 <KANSIO> d-------- C:\WINDOWS\DPDrv
2008-05-28 17:58 . 2008-05-28 17:58 <KANSIO> d-------- C:\Program Files\DigitalPersona
2008-05-28 17:26 . 2008-05-28 17:26 <KANSIO> d-------- C:\Program Files\DP10-002
2008-05-28 17:26 . 2008-05-28 17:26 2,334,453 --a------ C:\Program Files\DP10-002.zip
2008-05-28 16:43 . 2008-05-28 16:43 8,579,136 --a------ C:\Program Files\DPPM_201_ENG.exe
2008-05-28 16:03 . 2008-05-28 16:39 <KANSIO> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-05-28 15:48 . 2004-09-14 16:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-28 15:48 . 2004-09-14 16:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-28 13:11 . 2008-05-29 12:51 57,344 --------- C:\WINDOWS\system32\nnnnLcby.dll
2008-05-27 21:48 . 2008-05-27 21:48 3,510,857 --a------ C:\SMB2AV.MP3
2008-05-27 21:48 . 2008-05-27 21:48 2,069,315 --a------ C:\FB.MP3
2008-05-27 21:47 . 2008-05-27 21:48 3,554,742 --a------ C:\SMBAV.MP3
2008-05-27 08:32 . 2008-05-27 08:32 <KANSIO> d-------- C:\Documents and Settings\Mirja Vilpponen\Application Data\ATI
2008-05-25 21:05 . 2008-05-26 17:07 <KANSIO> d-------- C:\Program Files\Cheat Engine
2008-05-25 21:05 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-05-25 21:05 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-05-22 22:13 . 2008-05-22 22:13 <KANSIO> d-------- C:\Program Files\Octoshape Streaming Services
2008-05-22 15:11 . 2008-05-22 17:12 <KANSIO> d-------- C:\Program Files\mIRC
2008-05-22 15:11 . 2008-05-22 17:16 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\mIRC
2008-05-21 14:57 . 2008-05-29 12:58 31 --a------ C:\WINDOWS\system32\bbcap.err
2008-05-21 14:56 . 2008-05-21 14:56 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\ATI
2008-05-21 14:56 . 2008-05-21 14:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-18 18:49 . 2008-05-18 18:49 <KANSIO> d-------- C:\Program Files\Mioplanet
2008-05-18 18:49 . 2008-05-18 18:49 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\mioObjects
2008-05-18 18:49 . 2008-05-18 18:49 407,047 --a------ C:\WINDOWS\system32\mioengine.exe
2008-05-18 12:30 . 2008-05-18 12:30 <KANSIO> d-------- C:\Program Files\eRightSoft
2008-05-18 12:30 . 2006-09-12 14:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-05-18 12:30 . 2006-05-03 13:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-05-18 12:30 . 2008-02-04 22:26 151,040 ---hs---- C:\WINDOWS\system32\VistaUltm.dll
2008-05-18 12:30 . 2006-01-13 02:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-05-18 12:30 . 2003-11-21 02:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-05-18 12:30 . 2004-04-27 02:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-05-18 12:30 . 2007-02-21 14:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-05-18 12:30 . 2007-12-17 16:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-05-18 12:30 . 2008-02-05 20:04 9,884 ---h----- C:\WINDOWS\super.chm
2008-05-18 12:07 . 2008-05-18 12:07 <KANSIO> d-------- C:\Program Files\NCH Software
2008-05-18 12:07 . 2008-05-18 12:07 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\NCH Swift Sound
2008-05-18 12:07 . 2008-05-18 12:07 <KANSIO> d-------- C:\Documents and Settings\Koppis\Application Data\NCH Software
2008-05-18 12:07 . 2008-05-18 12:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-05-17 22:48 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-13 07:34 . 2008-05-13 07:34 <KANSIO> d-------- C:\Program Files\Screen Recorder Gold
2008-04-30 20:22 . 2008-04-30 20:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 10:46 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-29 10:42 --------- d-----w C:\Documents and Settings\Koppis\Application Data\Skype
2008-05-29 08:48 --------- d-----w C:\Program Files\RevConnect
2008-05-28 17:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 14:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 11:36 --------- d-----w C:\Program Files\ATI
2008-05-21 11:51 --------- d-----w C:\Program Files\ATI Technologies
2008-05-21 11:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 09:07 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-18 09:00 --------- d-----w C:\Program Files\CamStudio
2008-05-06 18:30 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-26 09:33 --------- d-----w C:\Program Files\Java
2008-04-21 14:35 --------- d-----w C:\Program Files\HardCopy Pro
2008-04-21 14:35 --------- d-----w C:\Documents and Settings\Koppis\Application Data\DeskSoft
2008-04-16 13:40 --------- d-----w C:\Program Files\Winamp
2008-04-16 13:29 --------- d-----w C:\Program Files\Game_Maker7
2008-04-16 12:54 8,990,072 ----a-w C:\Program Files\winamp5531_full_emusic-7plus_en-us.exe
2008-04-15 18:59 --------- d-----w C:\Program Files\Lavalys
2008-04-15 16:12 --------- d-----w C:\Documents and Settings\Vilpponen\Application Data\The Hobbit
2008-04-12 16:25 --------- d-----w C:\Program Files\Guitar Pro 5
2008-04-09 13:49 --------- d-----w C:\Documents and Settings\Vilpponen\Application Data\Skype
2008-04-06 15:42 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\Skype
2008-03-29 18:44 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\DivX
2008-03-29 08:40 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\vlc
2008-03-29 07:45 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\Sonic
2008-03-29 07:45 --------- d-----w C:\Documents and Settings\Mirja Vilpponen\Application Data\Leadertech
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-23 22:48 219 ----a-w C:\Documents and Settings\Vilpponen\hsqlprefs.dat
2008-03-10 18:16 22,328 ----a-w C:\Documents and Settings\Koppis\Application Data\PnkBstrK.sys
2008-03-04 21:06 24 ----a-w C:\juttelitoimii.bat
2008-03-04 20:59 56 ----a-w C:\jutteli.bat
2008-03-04 20:57 185 ----a-w C:\Copybmp.bat
2008-03-04 11:31 84,526,232 ----a-w C:\Program Files\moviestudio80c-trial_enu.exe
2008-03-02 18:51 2,699,171 ----a-w C:\Program Files\ccleaner_v2.05.555.zip
2008-01-05 20:09 630,768 ----a-w C:\Program Files\eval-nwc.exe
2007-12-15 11:37 8,454,584 ----a-w C:\Program Files\winamp55_full_emusic-7plus_en-us.exe
2007-11-30 12:40 34,556,560 ----a-w C:\Program Files\QCCSENU.EXE
2007-11-05 12:11 5,858 ----a-w C:\Program Files\install.log
2007-11-05 12:10 487,377 ----a-w C:\Program Files\GameSpot_Download_Manager.exe
2007-08-02 08:39 6,221,304 ----a-w C:\Program Files\winamp535_full_emusic-7plus.exe
2007-07-10 08:50 1 ----a-w C:\Documents and Settings\Koppis\SI.bin
2007-06-03 16:33 2,601,692 ----a-w C:\Program Files\mp3wavconverter.exe
2007-06-01 12:28 1,980,533 ----a-w C:\Program Files\registrymedic.exe
2007-04-27 14:23 1,205,365 ----a-w C:\Program Files\wrar37b7.exe
2007-02-13 14:00 19,666,504 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-02-07 19:11 643,144 ----a-w C:\Program Files\XviD-1.1.2-01112006.exe
2007-01-27 20:20 1,063,810 ----a-w C:\Program Files\subedit.zip
2006-11-30 12:46 1,410,680 ----a-w C:\Program Files\install_flash_player.exe
2006-11-28 15:57 6,052,528 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
2006-11-26 16:21 29,172 -c--a-w C:\Program Files\Da-Vinci-Tour.kmz
2006-11-26 15:52 14,879,120 ----a-w C:\Program Files\GoogleEarthWin.exe
2006-11-25 18:05 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2006-11-23 13:07 362,496 ----a-w C:\Program Files\switchsetup.exe
2006-11-10 14:15 11,284,970 ----a-w C:\Program Files\cdbxp_setup_3.0.116.zip
2006-11-08 17:19 16,198,952 ----a-w C:\Program Files\Install_Messenger.exe
2006-11-04 15:57 6,624,984 ----a-w C:\Program Files\winamp531_full_emusic-7plus.exe
2006-11-04 15:52 3,262,369 ----a-w C:\Program Files\ALZip.exe
2006-11-04 14:08 6,579,696 ----a-w C:\Program Files\Opera_9.02_International_Setup.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-28_22.14.10.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 19:02:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 10:51:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-28 18:11:40 69,076 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-28 19:40:17 69,076 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-28 18:11:40 82,362 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-05-28 19:40:18 82,362 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-05-28 18:11:40 435,338 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-28 19:40:18 435,338 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-28 18:11:40 410,336 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-05-28 19:40:18 410,336 ----a-w C:\WINDOWS\system32\perfh00B.dat
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-11 21:41 25343016]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-06 00:57 1103480]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Koppis\OctoshapeClient.exe" [2006-02-13 19:33 214648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-08-14 15:39 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-08-14 15:41 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-08-14 15:38 94208]
"High Definition Audio -ominaisuussivun pikakuvake"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 04:51 122929]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 11:57 684032]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-28 06:10 122940]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 16267776 C:\WINDOWS\RTHDCPL.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 23:09 157592]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 16:27 807440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2005-03-01 20:49 24672 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2006-10-09 16:27 99856 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Pelit\\Settlers3\\s3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Pelit\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Pelit\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9278:TCP"= 9278:TCP:BitComet 9278 TCP
"9278:UDP"= 9278:UDP:BitComet 9278 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-31 13:01]
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-06-24 23:03]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-10-31 16:53]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 16:37]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 17:30]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 16:37]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2005-03-01 20:49]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-06-01 15:28]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-03-02 15:00]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 17:25]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2005-03-01 20:49]
R3 usbdpfp;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\usbdpfp.sys [2006-09-16 17:23]
S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 13:39]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-16 21:03]
S3 gsplittm;gsplittm;C:\DOCUME~1\Koppis\LOCALS~1\Temp\gsplittm.sys []
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2005-03-01 20:49]
S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 12:43]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 10:42]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86167224-b6ba-11dc-8548-0016350dc46d}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

*Newly Created Service* - PGFILTER
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-23 14:35:20 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-02-13 14:00:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-29 07:21:55 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 13:53:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\common\FSMA32.EXE
C:\Program Files\F-Secure\common\FSMB32.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\common\FCH32.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\F-Secure\common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\FSRW.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\F-Secure\Anti-Virus\FSAV32.exe
C:\Program Files\F-Secure\common\FNRB32.exe
C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
C:\Program Files\F-Secure\common\FIH32.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\FSAW.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-05-29 14:02:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 11:02:23
ComboFix2.txt 2008-05-28 19:45:45
ComboFix3.txt 2008-05-28 19:15:55

Pre-Run: 27,057,131,520 tavua vapaana
Post-Run: 27,047,747,584 tavua vapaana

321 --- E O F --- 2008-05-16 21:03:47

Vielä Hijack loki:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:22, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Octoshape Streaming Services\Koppis\OctoshapeClient.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis_v2\hoojiitee.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Koppis\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162297554309
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF416D88-D8DA-40DC-A196-4F3A1F7E69A4}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 12592 bytes

Vieläkö pitää paljon sorkkia?

Nyrre · 29.05.2008

Malwarebytes' Anti-Malwaren logi

Malwarebytes' Anti-Malware 1.12
Tietokantaversio: 797

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 157189
Kulunut aika: 47 minute(s), 40 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\CLSID\{06e12c36-760f-4d92-8509-5e5dbf12c423} (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Ja Hjt-logi tässä:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:10, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\D-Link\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\D-Link\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\D-Link\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191617622031
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8454 bytes

kalminen · 29.05.2008

==>> Koppis1:lle

Poista tämä tiedosto:
C:\dci.exe
vaikka vikasiedossa jos ei muutoon lähre.
------------------------------------------------------
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
***************************************************************************

Puhdasta on !!!

Tyhjennät vain sen Malvaren karanteenin.
Hyvä työkalu aja kerran kuussa.

Ei kummempia tällä kertaa.

kalminen · 29.05.2008

==>> Nyrre:lle

Puhdasta on !!!!
Roskat vain pois, ettei virustutkat suotta vingu.
***********************************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
***************************************************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
***************************************************************************

Kirjaudu tai liity jäseneksi

Hijackthis-logi ja ilmeisesti sama messenger-virus kuin joillain muilla

Nyrre Member

Nyrre Member

kalminen Regular member

Nyrre Member

Nyrre Member

Nyrre Member

kalminen Regular member

Nyrre Member

Nyrre Member

DarkFade Member

kalminen Regular member

kalminen Regular member

Koppis1 Member

kalminen Regular member

Koppis1 Member

kalminen Regular member

Koppis1 Member

Nyrre Member

kalminen Regular member

kalminen Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Hijackthis-logi ja ilmeisesti sama messenger-virus kuin joillain muilla

Nyrre Member

Nyrre Member

kalminen Regular member

Nyrre Member

Nyrre Member

Nyrre Member

kalminen Regular member

Nyrre Member

Nyrre Member

DarkFade Member

kalminen Regular member

kalminen Regular member

Koppis1 Member

kalminen Regular member

Koppis1 Member

kalminen Regular member

Koppis1 Member

Nyrre Member

kalminen Regular member

kalminen Regular member

Jaa tämä sivu

Hyödyllisiä hakuja