Hjt-login tarkastus

aleksi336 · 27.06.2007

Kone on pitemmän aikaa toiminut hitaasti. Tässä olisi Hjt-logi, jos joku viitsisi tarkistaa sen.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:23:21, on 27.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Documents and Settings\käyttäjä\Työpöytä\Ohjelmia\utorrent.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Documents and Settings\käyttäjä\Työpöytä\HiJackThis_v2.0.0.0.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F3 - REG:win.ini: run=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\System32\bvnsaqbe.dll
O2 - BHO: (no name) - {2A374F5B-2BFF-4C86-9D2F-D113BEDF9EDC} - C:\WINDOWS\System32\jkkjg.dll
O2 - BHO: (no name) - {6B212877-BD8F-40B8-8846-CFC9549C83E2} - C:\WINDOWS\System32\ddccc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\System32\yayyxyv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\System32\nhsmssem.dll",forkonce
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://www.capital-systems.net//browser.exe
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120462482515
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.237.18.99/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6C3B51-5BDC-4A8C-ADD7-51A0E8D55231}: NameServer = 192.168.0.254
O20 - Winlogon Notify: ddccc - C:\WINDOWS\System32\ddccc.dll (file missing)
O20 - Winlogon Notify: jkkjg - C:\WINDOWS\System32\jkkjg.dll
O20 - Winlogon Notify: yayyxyv - C:\WINDOWS\SYSTEM32\yayyxyv.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SNMP-palvelu (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://img.mtv3.fi/mn_kuvat/mtv3/urheilu/ralli/84559.jpg

--
End of file - 11482 bytes

AfterDawn

Auttaja · 27.06.2007

Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin:
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.

2. Valitse Uudelleennineä/ Rename.

3. Kirjoita scanner.exe

Vaihtamalla HJT:n nimeä saamme varmuuden, onko koneellasi Vundo-infektiota.

==========

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

==========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Laita uusi HijackThis logi sekä tämän tiedoston sisältö C:\vundofix.txt ja tämän C:\ComboFix.txt

aleksi336 · 27.06.2007

Uusi hjt-logi:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:35:07, on 27.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Documents and Settings\käyttäjä\Työpöytä\scanner.exe.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F3 - REG:win.ini: run=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\System32\bvnsaqbe.dll
O2 - BHO: (no name) - {2A374F5B-2BFF-4C86-9D2F-D113BEDF9EDC} - C:\WINDOWS\System32\jkkjg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\System32\yayyxyv.dll
O2 - BHO: (no name) - {A14FF742-283F-4BB4-BB97-89E3D886EE91} - C:\WINDOWS\System32\jkhfe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\System32\nhsmssem.dll",forkonce
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://www.capital-systems.net//browser.exe
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120462482515
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.237.18.99/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6C3B51-5BDC-4A8C-ADD7-51A0E8D55231}: NameServer = 192.168.0.254
O20 - Winlogon Notify: ddccc - C:\WINDOWS\System32\ddccc.dll (file missing)
O20 - Winlogon Notify: jkhfe - C:\WINDOWS\System32\jkhfe.dll
O20 - Winlogon Notify: yayyxyv - C:\WINDOWS\SYSTEM32\yayyxyv.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SNMP-palvelu (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://img.mtv3.fi/mn_kuvat/mtv3/urheilu/ralli/84559.jpg

--
End of file - 11375 bytes

vundofix.txt:

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 20:58:10 26.6.2007

Listing files found while scanning....

C:\WINDOWS\System32\kjjlm.bak1
C:\WINDOWS\System32\kjjlm.bak2
C:\WINDOWS\System32\kjjlm.ini
C:\WINDOWS\System32\mljjk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\kjjlm.bak1
C:\WINDOWS\System32\kjjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjjlm.bak2
C:\WINDOWS\System32\kjjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjjlm.ini
C:\WINDOWS\System32\kjjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\mljjk.dll
C:\WINDOWS\System32\mljjk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 15:57:41 27.6.2007

Listing files found while scanning....

C:\WINDOWS\System32\cccdd.bak1
C:\WINDOWS\System32\cccdd.bak2
C:\WINDOWS\System32\cccdd.ini2
C:\WINDOWS\System32\cccdd.tmp
C:\windows\system32\cfasnxky.dll
C:\WINDOWS\System32\ddccc.dll
C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\pxbnmgxg.dll
C:\windows\system32\vrowsxby.ini
C:\windows\system32\ybxsworv.dll
C:\windows\system32\ykxnsafc.ini

Beginning removal...

Attempting to delete C:\WINDOWS\System32\cccdd.bak1
C:\WINDOWS\System32\cccdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\cccdd.bak2
C:\WINDOWS\System32\cccdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\cccdd.ini2
C:\WINDOWS\System32\cccdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\cccdd.tmp
C:\WINDOWS\System32\cccdd.tmp Has been deleted!

Attempting to delete C:\windows\system32\cfasnxky.dll
C:\windows\system32\cfasnxky.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\jkkjg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\pxbnmgxg.dll
C:\WINDOWS\System32\pxbnmgxg.dll Has been deleted!

Attempting to delete C:\windows\system32\vrowsxby.ini
C:\windows\system32\vrowsxby.ini Has been deleted!

Attempting to delete C:\windows\system32\ybxsworv.dll
C:\windows\system32\ybxsworv.dll Has been deleted!

Attempting to delete C:\windows\system32\ykxnsafc.ini
C:\windows\system32\ykxnsafc.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\jkkjg.dll Has been deleted!

Performing Repairs to the registry.
Done!

Sen ComboFixin latasin ja ajoin, muttei se tehnyt sitä logia, niin en sitä tähän nyt saa.

Auttaja · 27.06.2007

tehää tää seuraavaks

merkkaa nää rivit ja paina fix checked (hijackthissilla)

O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://www.capital-systems.net//browser.exe

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 3 riviä KOLMEEN ylimmäiseen boksiin
[*]C:\WINDOWS\System32\bvnsaqbe.dll
[*]C:\WINDOWS\System32\yayyxyv.dll
[*]C:\WINDOWS\System32\jkhfe.dll
[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt lokin sisältö

=====

Lataa Dr.Web CureIt työpöydälle:

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

Myos uusi Hijackthislogi

aleksi336 · 28.06.2007

VundoFix loki:

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 20:58:10 26.6.2007

Listing files found while scanning....

C:\WINDOWS\System32\kjjlm.bak1
C:\WINDOWS\System32\kjjlm.bak2
C:\WINDOWS\System32\kjjlm.ini
C:\WINDOWS\System32\mljjk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\kjjlm.bak1
C:\WINDOWS\System32\kjjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjjlm.bak2
C:\WINDOWS\System32\kjjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjjlm.ini
C:\WINDOWS\System32\kjjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\mljjk.dll
C:\WINDOWS\System32\mljjk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 15:57:41 27.6.2007

Listing files found while scanning....

C:\WINDOWS\System32\cccdd.bak1
C:\WINDOWS\System32\cccdd.bak2
C:\WINDOWS\System32\cccdd.ini2
C:\WINDOWS\System32\cccdd.tmp
C:\windows\system32\cfasnxky.dll
C:\WINDOWS\System32\ddccc.dll
C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\pxbnmgxg.dll
C:\windows\system32\vrowsxby.ini
C:\windows\system32\ybxsworv.dll
C:\windows\system32\ykxnsafc.ini

Beginning removal...

Attempting to delete C:\WINDOWS\System32\cccdd.bak1
C:\WINDOWS\System32\cccdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\cccdd.bak2
C:\WINDOWS\System32\cccdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\cccdd.ini2
C:\WINDOWS\System32\cccdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\cccdd.tmp
C:\WINDOWS\System32\cccdd.tmp Has been deleted!

Attempting to delete C:\windows\system32\cfasnxky.dll
C:\windows\system32\cfasnxky.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\jkkjg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\pxbnmgxg.dll
C:\WINDOWS\System32\pxbnmgxg.dll Has been deleted!

Attempting to delete C:\windows\system32\vrowsxby.ini
C:\windows\system32\vrowsxby.ini Has been deleted!

Attempting to delete C:\windows\system32\ybxsworv.dll
C:\windows\system32\ybxsworv.dll Has been deleted!

Attempting to delete C:\windows\system32\ykxnsafc.ini
C:\windows\system32\ykxnsafc.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\jkkjg.dll
C:\WINDOWS\System32\jkkjg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 16:52:30 27.6.2007

Listing files found while scanning....

C:\WINDOWS\System32\efhkj.bak1
C:\WINDOWS\System32\efhkj.ini
C:\WINDOWS\System32\jkhfe.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\bvnsaqbe.dll
C:\WINDOWS\System32\bvnsaqbe.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\efhkj.bak1
C:\WINDOWS\System32\efhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\efhkj.ini
C:\WINDOWS\System32\efhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\jkhfe.dll
C:\WINDOWS\System32\jkhfe.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\jkhfe.dll
C:\WINDOWS\System32\jkhfe.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\yayyxyv.dll
C:\WINDOWS\System32\yayyxyv.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\bvnsaqbe.dll
C:\WINDOWS\System32\bvnsaqbe.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\jkhfe.dll
C:\WINDOWS\System32\jkhfe.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\yayyxyv.dll
C:\WINDOWS\System32\yayyxyv.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Dr.Web-loki:

koocwolla_20070601[1];C:\Documents and Settings\käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\MNDQKGLT;Trojan.LowZones.233;Deleted.;
tob_snd_20070616[1];C:\Documents and Settings\käyttäjä\Local Settings\Temporary Internet Files\Content.IE5\R1NK1ERA;Trojan.EzulaAd;Deleted.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.617;Will be moved after reboot.;
A0437320.dll;C:\System Volume Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1134;Trojan.Virtumod;Deleted.;
A0438320.dll;C:\System Volume Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1135;Trojan.Virtumod;Deleted.;
A0438405.dll;C:\System Volume Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1136;Trojan.Virtumod;Deleted.;
A0440547.dll;C:\System Volume Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1138;Adware.MediaBack;Incurable.Moved.;
A0440575.dll;C:\System Volume Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1138;Trojan.Virtumod;Deleted.;
A0440576.dll;C:\System Volume Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1138;Trojan.Virtumod;Deleted.;
A0440578.dll;C:\System Volume Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1138;Trojan.Virtumod;Deleted.;
cfasnxky.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
pxbnmgxg.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ybxsworv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
in10b6.dll;C:\WINDOWS\system32;Trojan.MulDrop.1565;Deleted.;
lmsrtfhk.exe;C:\WINDOWS\system32;Trojan.Click.2799;Deleted.;

Uusi Hjt-loki:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:17:35, on 28.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\käyttäjä\Työpöytä\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F3 - REG:win.ini: run=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A1B64EC-740F-4DC7-8C25-B22E5B292D5E} - C:\WINDOWS\System32\ssqpp.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\System32\bvnsaqbe.dll (file missing)
O2 - BHO: (no name) - {2A374F5B-2BFF-4C86-9D2F-D113BEDF9EDC} - C:\WINDOWS\System32\jkkjg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\System32\yayyxyv.dll
O2 - BHO: (no name) - {A14FF742-283F-4BB4-BB97-89E3D886EE91} - C:\WINDOWS\System32\jkhfe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\System32\pehvhryj.dll",forkonce
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120462482515
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.237.18.99/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6C3B51-5BDC-4A8C-ADD7-51A0E8D55231}: NameServer = 192.168.0.254
O20 - Winlogon Notify: ddccc - C:\WINDOWS\System32\ddccc.dll (file missing)
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\System32\ssqpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SNMP-palvelu (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://img.mtv3.fi/mn_kuvat/mtv3/urheilu/ralli/84559.jpg

--
End of file - 10600 bytes

Auttaja · 28.06.2007

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

========

Avaa hijackthis, merkkaa nämä rivit ja paina fix checked

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\System32\pehvhryj.dll",forkonce

=======

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
[*]C:\WINDOWS\System32\yayyxyv.dll
[*]C:\WINDOWS\System32\ssqpp.dll
[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.

========

1. Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokoneesi vikasietotilaan

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

==========

Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille

==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

aleksi336 · 28.06.2007

Tuo AVG löys yli 600 objektia, jotka pistin sitten karanteeniin. Siellä oli joukossa 2 troijjalaista, jotka se poisti. En saanu sitä lokitiedostoa kuitenkaan tehtyä, ku ei siitä "Save Report as" napista voinu painaa.

Tuota DSS:ää en saanu toimimaan, ku se vaan pukkas erroria ku käynnisti.

Tässä uus Hjt-loki, jos siitä vielä jotain saisi irti.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:37:31, on 28.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\käyttäjä\Työpöytä\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A1B64EC-740F-4DC7-8C25-B22E5B292D5E} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)
O2 - BHO: (no name) - {2A374F5B-2BFF-4C86-9D2F-D113BEDF9EDC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - (no file)
O2 - BHO: (no name) - {A14FF742-283F-4BB4-BB97-89E3D886EE91} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120462482515
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.237.18.99/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6C3B51-5BDC-4A8C-ADD7-51A0E8D55231}: NameServer = 192.168.0.254
O20 - Winlogon Notify: ddccc - C:\WINDOWS\System32\ddccc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SNMP-palvelu (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://img.mtv3.fi/mn_kuvat/mtv3/urheilu/ralli/84559.jpg

--
End of file - 10582 bytes

Auttaja · 28.06.2007

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {0A1B64EC-740F-4DC7-8C25-B22E5B292D5E} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)
O2 - BHO: (no name) - {2A374F5B-2BFF-4C86-9D2F-D113BEDF9EDC} - (no file)
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - (no file
O2 - BHO: (no name) - {A14FF742-283F-4BB4-BB97-89E3D886EE91} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\System32\ddccc.dll (file missing)

merkkaa naa rivit ja paina fix checked

========

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

myos uusi hijackthis logi

aleksi336 · 29.06.2007

F-securen loki:

Scanning Report
Friday, June 29, 2007 08:38:21 - 16:43:04

Computer name: YOUR-381S7BAPMV
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 16 malware found
Vundo.dam (virus)

* C:\VundoFix Backups\jkhfe.dll .bad (Submitted)
* C:\VundoFix Backups\jkhfe.dll.bad (Submitted)
* C:\VundoFix Backups\jkkjg.dll.bad (Submitted)
* C:\VundoFix Backups\mljjk.dll.bad (Submitted)
* C:\VundoFix Backups\ssqpp.dll.bad (Submitted)
* C:\System Volume
Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1139\A0442675.dll
(Submitted)
* C:\System Volume
Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1138\A0440546.dll
(Submitted)
* C:\System Volume
Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1138\A0440587.dll
(Submitted)
* C:\System Volume
Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1138\A0440609.dll
(Submitted)
* C:\System Volume
Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1137\A0440461.dll
(Submitted)

W32/Agent.BEPW (virus)

* C:\Buziol Games\Mario Forever\CCTrans.dll (Submitted)
* C:\Aleksin Pelit\Buziol Games\Mario Forever\CCTrans.dll (Submitted)

W32/Malware (virus)

* C:\System Volume
Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1139\A0442694.EXE
(Submitted)

W32/Smalltroj.dam (virus)

* C:\WINDOWS\system32\qaxggkra.dll (Submitted)
* C:\System Volume
Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1139\A0442651.dll
(Submitted)
* C:\System Volume
Information\_restore{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1138\A0442610.dll
(Submitted)

Statistics
Scanned:

* Files: 526624
* System: 6272
* Not scanned: 141

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 16
* Submitted: 16

Files not scanned:

* @??x2IBERFIL.SYS C:\PAGEFILE.SYS
* C:\WINDOWS\ULEAD.DAT\U32BASE.CFG
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_7DC.DAT
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
*
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{8604B681-15DA-494D-BE50-B5
16584FD72B}.BIN
* bios1.rom
* C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
* C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.IDX4
* C:\SYSTEM VOLUME
INFORMATION\_RESTORE{0A621EFD-B5B2-431F-AC3D-38A8A8FF3DD5}\RP1137\A04394
24.OLD
* C:\PROGRAM FILES\REGISTRY MECHANIC\LOG\BINARYENTRIES.LOG
* C:\PROGRAM FILES\MATHSOFT\MATHCAD 2000
PROFESSIONAL\MAPLE\LIBRARY\MATHCAD\MAPLE.IND
* C:\PROGRAM FILES\JESKOLA BUZZ\TOOLS\CHORDSWIZARD\TMPMACH.NAM
* C:\PROGRAM FILES\JESKOLA
BUZZ\GEAR\GENERATORS\ADDITIVEWAVES\SAWFADE.RAW
* C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
* C:\PROGRAM
FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
* C:\PROGRAM
FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
* C:\PROGRAM
FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000033.FCS
* C:\PROGRAM
FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
* C:\PROGRAM
FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
* C:\Program Files\DCPlusPlus\Ladatut tiedostot\Nokia Java Games.zip\Nokia Java
Games\N3510i_Shooter.rar\shooter.jar\META-INF/MANIFEST.MF
* C:\Program Files\DCPlusPlus\Ladatut tiedostot\Nokia Java
Games\N3510i_Shooter.rar\shooter.jar\META-INF/MANIFEST.MF
* C:\PROGRAM FILES\AHEAD\INCD\DMA.BIN
* C:\PROGRAM FILES\AHEAD\INCD\GAA.BIN
* C:\PROGRAM FILES\AHEAD\INCD\LGC.BIN
* C:\DRIVERS\NEROBTC\INCD\GAA.BIN
* C:\DRIVERS\NEROBENQ\INCD\GAA.BIN
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION
DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\NTUSER.DAT
* C:\DOCUMENTS AND
SETTINGS\K?YTT?J?\TY?P?YT?\UBUNTU-7.04-DESKTOP-I386.ISO
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\ANTTI TUISKU - EN
HALUA TIET??.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\EGOTRIPPI -
MATKUSTAJA.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\GUNAWAN - NUBLES
DEL FIRMAMENTO - CLOUDS FROM HEAVEN.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\GUNAWANA - JAH
CHILDREN (NYAHBINGHI DUB VERSION).MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\GUNAWANA -
PIDIG?E?O - BEGGAR BOY.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\GUNAWANA - PINCOYA
CALIPSO - PINCOYA CALYPSO.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\GUNAWANA - SMILE
SOULING.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\HELENE SEGARA -
L'AMOUR EST UN SOLEIL.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\RED HOT CHILI
PEPPERS-READY MADE.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\TIK TAK - 07
HEILUTAAN.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\VAN HALEN - THE BEST
OF BOTH WORLDS\101 - ERUPTION.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\VAN HALEN - THE BEST
OF BOTH WORLDS\102 - ITS ABOUT TIME.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\VAN HALEN - THE BEST
OF BOTH WORLDS\103 - UP FOR BREAKFAST.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\VAN HALEN - THE BEST
OF BOTH WORLDS\104 - LEARNING TO SEE.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\VAN HALEN - THE BEST
OF BOTH WORLDS\105 - AINT TALKIN BOUT LOVE.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\VAN HALEN - THE BEST
OF BOTH WORLDS\106 - FINISH WHAT YA STARTED.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP3\VAN HALEN - THE BEST
OF BOTH WORLDS\107 - YOU REALLY GOT ME.MP3
* C:\DOCUMENTS AND SETTINGS\K?YTT?J?\TY?P?YT?\MP?

Options
Scanning engines:

* F-Secure AVP: 7.0.171, 2007-06-28
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 2007-06-25
* F-Secure Libra: 2.4.2, 2007-06-28
* F-Secure Orion: 1.2.37, 2007-06-29
* F-Secure Pegasus: 1.19.0, 2007-05-28

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that
F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by
submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail,
you agree that the material you make available may be published in the F-Secure World Wide Pages
or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links.
While doing this, your access will be logged to our private access statistics with your domain
name.This information will not be given to any third party. You agree not to take action against us
in relation to material that you submit. Unless you have clearly stated otherwise, by submitting
material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure
products/publications without liability.

Uus hjt-loki:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:13:44, on 29.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\mIRC\mirc.exe
C:\DOCUME~1\käyttäjä\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\käyttäjä\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\käyttäjä\Työpöytä\Ohjelmia\Puhdistusohjelmat\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Paikallinen palve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120462482515
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.237.18.99/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6C3B51-5BDC-4A8C-ADD7-51A0E8D55231}: NameServer = 192.168.0.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SNMP-palvelu (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://img.mtv3.fi/mn_kuvat/mtv3/urheilu/ralli/84559.jpg

--
End of file - 10377 bytes

Auttaja · 30.06.2007

Lataa WinPFind3 http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe työpöydällesi ja tuplaklikkaa exeä purkaaksesi sen. Kansio nimeltä WinPFind3u luodaan työpöydällesi.

* Avaa WinPFind3u-kansio ja tuplaklikkaa WinPFind3U.exe käynnistääksesi ohjelman.

o Files Created Within-kohdassa klikkaa30 days
o Files Modified Within-kohdassa klikkaa30 days
o File String Search -kohdassa klikkaaNon-Microsoft

* Nyt klikkaa Run Scan-nappulaa työkalupalkissa.
* Kun skanni on valmis, raportti avautuu muistioon.
* Klikkaa Muotoile ja varmistu ettei automaattinen rivitys ole valittuna. Jos on, ota valinta pois.

Lähetä loki seuraavassa vastauksessasi. Voit tarvita siihen useita vastauksia, ettei se jää vaillinaiseksi.

aleksi336 · 03.07.2007

WinPFind3 logfile created on: 3.7.2007 9:44:22
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\käyttäjä\Työpöytä\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

511,49 Mb Total Physical Memory | 155,77 Mb Available Physical Memory | 30,45% Memory free
1,20 Gb Paging File | 0,89 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,33 Gb Total Space | 19,58 Gb Free Space | 25,65% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-381S7BAPMV
Current User Name: käyttäjä
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
cappswk.exe -> %System32%\spool\drivers\w32x86\3\CAPPSWK.EXE -> CANON INC. [Ver = 1.00.1.012 | Size = 113664 bytes | Modified Date = 15.2.2001 12:00:00 | Attr = ]
caprpcsk.exe -> %System32%\CAPRPCSK.EXE -> CANON INC. [Ver = 1.00.1.012 | Size = 28160 bytes | Modified Date = 15.2.2001 12:00:00 | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.030 | Size = 54784 bytes | Modified Date = 24.6.2004 21:39:42 | Attr = ]
datalayer.exe -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 60, 109, 2 | Size = 819712 bytes | Modified Date = 7.6.2005 11:31:00 | Attr = ]
easyclea.exe -> %ProgramFiles%\ToniArts\EasyCleaner\EasyClea.exe -> ToniArts [Ver = 2.0.6.380 | Size = 2117632 bytes | Modified Date = 15.1.2005 0:38:02 | Attr = ]
f-secure automatic update.exe -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe -> F-Secure Automatic Update [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 29.8.2005 18:47:46 | Attr = ]
fameh32.exe -> %ProgramFiles%\F-Secure\Common\FAMEH32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 270387 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fch32.exe -> %ProgramFiles%\F-Secure\Common\FCH32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 65585 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fih32.exe -> %ProgramFiles%\F-Secure\Common\FIH32.exe -> F-Secure Corporation [Ver = 6.0.8314 | Size = 57393 bytes | Modified Date = 3.6.2005 1:39:40 | Attr = ]
fnrb32.exe -> %ProgramFiles%\F-Secure\Common\FNRB32.exe -> F-Secure Corporation [Ver = 6.0.8314 | Size = 110642 bytes | Modified Date = 3.6.2005 1:39:40 | Attr = ]
fsav32.exe -> %ProgramFiles%\F-Secure\Anti-Virus\FSAV32.exe -> F-Secure Corporation [Ver = 6.00.11210 | Size = 176128 bytes | Modified Date = 24.5.2005 18:24:28 | Attr = ]
fsaw.exe -> %ProgramFiles%\F-Secure\Anti-Spyware\FSAW.exe -> F-Secure Corporation [Ver = 1.1.192 | Size = 86064 bytes | Modified Date = 9.5.2005 11:52:52 | Attr = ]
fsbwsys.exe -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\fsbwsys.exe -> F-Secure Corp. [Ver = 7.00.1 | Size = 270411 bytes | Modified Date = 22.6.2005 20:09:14 | Attr = ]
fsdfwd.exe -> %ProgramFiles%\F-Secure\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 6.00.480 | Size = 208959 bytes | Modified Date = 21.6.2005 18:31:18 | Attr = ]
fsgk32.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 6.00.11191 | Size = 239104 bytes | Modified Date = 10.5.2005 18:44:52 | Attr = ]
fsgk32st.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 4.9.2001 12:15:22 | Attr = ]
fsguidll.exe -> %ProgramFiles%\F-Secure\FSGUI\fsguidll.exe -> F-Secure Corporation [Ver = 6, 20, 11, 0 | Size = 233538 bytes | Modified Date = 15.6.2005 13:30:02 | Attr = ]
fsm32.exe -> %ProgramFiles%\F-Secure\Common\FSM32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 122929 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fsma32.exe -> %ProgramFiles%\F-Secure\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 61490 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fsmb32.exe -> %ProgramFiles%\F-Secure\Common\FSMB32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 180274 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fsqh.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsqh.exe -> F-Secure Corporation [Ver = 6.00.6.00.11150 | Size = 32826 bytes | Modified Date = 13.4.2005 16:02:40 | Attr = ]
fsrw.exe -> %ProgramFiles%\F-Secure\Anti-Virus\FSRW.exe -> F-Secure Corporation [Ver = 1.1.216 | Size = 159792 bytes | Modified Date = 27.5.2005 8:47:36 | Attr = ]
fssm32.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 6.00.11200 | Size = 183296 bytes | Modified Date = 19.5.2005 15:10:52 | Attr = ]
fwupdate.exe -> %ProgramFiles%\lg_fwupdate\fwupdate.exe -> CST [Ver = 1.00 | Size = 229376 bytes | Modified Date = 12.4.2005 11:11:26 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30.5.2007 15:31:10 | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 18, 0 | Size = 871424 bytes | Modified Date = 8.7.2005 18:24:46 | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 60, 25, 5 | Size = 176128 bytes | Modified Date = 29.6.2005 15:29:26 | Attr = ]
mirc.exe -> %ProgramFiles%\mIRC\mirc.exe -> mIRC Co. Ltd. [Ver = 6.17 | Size = 2023424 bytes | Modified Date = 28.6.2007 22:05:26 | Attr = ]
mmerefresh.exe -> %ProgramFiles%\Digidesign\Drivers\MMERefresh.exe -> Digidesign, A Division of Avid Technology, Inc. [Ver = 6.1.1.53 | Size = 45056 bytes | Modified Date = 2.9.2003 1:00:00 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 69632 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
servic~1.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 60, 33, 1 | Size = 103424 bytes | Modified Date = 31.5.2005 14:32:28 | Attr = ]
servic~1.exe -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\ServiceWrapper-7681197.exe -> F-Secure Automatic Update [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 29.8.2005 18:47:46 | Attr = ]
utorrent.exe -> %UserDesktop%\Ohjelmia\utorrent.exe -> [Ver = | Size = 177152 bytes | Modified Date = 16.2.2007 17:55:18 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 23.6.2007 15:15:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 22.7.2005 10:33:22 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30.5.2007 15:31:10 | Attr = ]
(BackWeb Plug-in - 7681197) F-Secure Automatic Update [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\ServiceWrapper-7681197.exe -> F-Secure Automatic Update [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 29.8.2005 18:47:46 | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.030 | Size = 54784 bytes | Modified Date = 24.6.2004 21:39:42 | Attr = ]
(DigiRefresh) Digidesign MME Refresh Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\Digidesign\Drivers\MMERefresh.exe -> Digidesign, A Division of Avid Technology, Inc. [Ver = 6.1.1.53 | Size = 45056 bytes | Modified Date = 2.9.2003 1:00:00 | Attr = ]
(dmadmin) Loogisen levyn hallinnan valvontapalvelu [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 16.9.2002 15:00:00 | Attr = ]
(F-Secure Gatekeeper Handler Starter) FSGKHS [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 4.9.2001 12:15:22 | Attr = ]
(F-Secure Network Request Broker) F-Secure Network Request Broker [Win32_Own | On_Demand | Running] -> %ProgramFiles%\F-Secure\Common\FNRB32.exe -> F-Secure Corporation [Ver = 6.0.8314 | Size = 110642 bytes | Modified Date = 3.6.2005 1:39:40 | Attr = ]
(fsbwsys) fsbwsys [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\fsbwsys.exe -> F-Secure Corp. [Ver = 7.00.1 | Size = 270411 bytes | Modified Date = 22.6.2005 20:09:14 | Attr = ]
(FSDFWD) F-Secure Anti-Virus Firewall Daemon [Win32_Own | On_Demand | Running] -> %ProgramFiles%\F-Secure\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 6.00.480 | Size = 208959 bytes | Modified Date = 21.6.2005 18:31:18 | Attr = ]
(FSMA) F-Secure Management Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 61490 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 18, 0 | Size = 871424 bytes | Modified Date = 8.7.2005 18:24:46 | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 69632 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
(StyleXPService) StyleXPService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CAPON -> %System32%\spool\drivers\w32x86\3\CAPONN.EXE -> CANON INC. [Ver = 1.00.1.012 | Size = 22528 bytes | Modified Date = 15.2.2001 12:00:00 | Attr = ]
DataLayer -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 60, 109, 2 | Size = 819712 bytes | Modified Date = 7.6.2005 11:31:00 | Attr = ]
F-Secure Manager -> %ProgramFiles%\F-Secure\Common\FSM32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 122929 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
F-Secure TNB -> %ProgramFiles%\F-Secure\TNB\tnbutil.exe -> F-Secure Corporation [Ver = 1.05.014 | Size = 684032 bytes | Modified Date = 27.5.2004 11:57:00 | Attr = ]
LGODDFU -> %ProgramFiles%\lg_fwupdate\fwupdate.exe -> CST [Ver = 1.00 | Size = 229376 bytes | Modified Date = 12.4.2005 11:11:26 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9.7.2001 12:50:42 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 4616192 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 323584 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 49152 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 60, 25, 5 | Size = 176128 bytes | Modified Date = 29.6.2005 15:29:26 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14.3.2007 3:43:44 | Attr = ]
ToniArts EasyCleaner -> %ProgramFiles%\ToniArts\EasyCleaner\EasyClea.exe -> ToniArts [Ver = 2.0.6.380 | Size = 2117632 bytes | Modified Date = 15.1.2005 0:38:02 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Common Startup > -> C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys ->
%AllUsersStartup%\F-Secure Automatic Update.lnk -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe -> F-Secure Automatic Update [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 29.8.2005 18:47:46 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
PAVWAIT.DLL -> PAVWAIT.DLL -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30.5.2007 15:29:58 | Attr = ]
{7C24493F-3D23-4258-9426-42C5FC3B8211} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (731 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Bar -> ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.fi/ ->
HKCU: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
koti_mbnet.fi [https] -> ->
www_mtv3.fi [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12.1.2006 21:38:22 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14.3.2007 3:43:40 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{70DE7956-479D-4EB7-8641-2B45774C350E} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14.3.2007 3:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14.3.2007 3:43:40 | Attr = ]
{300DB664-75B5-47c0-8B45-A44ACCF73C00} -> Reg Data - Value does not exist [ButtonText: IE Shield] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Block this popup -> %ProgramFiles%\F-Secure\Anti-Spyware\blockpopups.htm -> [Ver = | Size = 380 bytes | Modified Date = 18.11.2004 15:51:56 | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 1.8.2001 18:05:42 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
-> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0ACBACAA-E615-423B-949E-F20237FDAB65} -> () ->
{9E6C3B51-5BDC-4A8C-ADD7-51A0E8D55231} -> 192.168.0.254 (VIA PCI 10/100Mb Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0B79F48A-E8D6-11DB-9283-E25056D89593} -> F-Secure Online Scanner 3.1 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{483912CF-8995-4434-AD61-6163756E05DF} -> AXTNS Control - CodeBase = http://download.livemath.com/activex/AXTNS.ocx ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120462482515 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.4180439815 ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{DE625294-70E6-45ED-B895-CFFA13AEB044} -> AxisMediaControlEmb Class - CodeBase = http://195.237.18.99/activex/AMC.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
combo.vbs -> %SystemDrive%\combo.vbs -> [Ver = | Size = 170 bytes | Created Date = 27.6.2007 15:29:43 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 27.6.2007 15:29:40 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 28.6.2007 17:31:06 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536403968 bytes | Created Date = 2.1.1601 22:00:00 | Attr = HS]
loc.cf -> %SystemDrive%\loc.cf -> [Ver = | Size = 0 bytes | Created Date = 27.6.2007 15:29:44 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 26.6.2007 19:58:10 | Attr = ]
arkggxaq.ini -> %System32%\arkggxaq.ini -> [Ver = | Size = 960404 bytes | Created Date = 28.6.2007 7:04:55 | Attr = HS]
gjkkj.bak1 -> %System32%\gjkkj.bak1 -> [Ver = | Size = 6369 bytes | Created Date = 27.6.2007 14:10:16 | Attr = HS]
gjkkj.ini2 -> %System32%\gjkkj.ini2 -> [Ver = | Size = 15860 bytes | Created Date = 27.6.2007 15:00:49 | Attr = HS]
gjkkj.tmp -> %System32%\gjkkj.tmp -> [Ver = | Size = 15860 bytes | Created Date = 27.6.2007 14:12:45 | Attr = HS]
jyrhvhep.ini -> %System32%\jyrhvhep.ini -> [Ver = | Size = 960135 bytes | Created Date = 28.6.2007 13:10:33 | Attr = HS]
kmrtncnx.ini -> %System32%\kmrtncnx.ini -> [Ver = | Size = 960119 bytes | Created Date = 28.6.2007 7:21:01 | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 0 bytes | Created Date = 27.6.2007 21:41:56 | Attr = ]
messmshn.ini -> %System32%\messmshn.ini -> [Ver = | Size = 930122 bytes | Created Date = 27.6.2007 8:18:15 | Attr = HS]
pehvhryj.dll -> %System32%\pehvhryj.dll -> [Ver = | Size = 128576 bytes | Created Date = 28.6.2007 13:10:31 | Attr = ]
tuvwtrp.dll -> %System32%\tuvwtrp.dll -> [Ver = | Size = 31254 bytes | Created Date = 23.6.2007 11:35:19 | Attr = ]
txabovkw.ini -> %System32%\txabovkw.ini -> [Ver = | Size = 959999 bytes | Created Date = 28.6.2007 7:14:21 | Attr = HS]
vorbis.acm -> %System32%\vorbis.acm -> HMS http://hp.vector.co.jp/authors/VA012897/ [Ver = 0, 0, 3, 6 | Size = 1294336 bytes | Created Date = 22.6.2007 17:16:42 | Attr = ]
xoeukbwb.ini -> %System32%\xoeukbwb.ini -> [Ver = | Size = 914647 bytes | Created Date = 24.6.2007 19:44:45 | Attr = HS]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 28.6.2007 13:48:23 | Attr = ]

[Files/Folders - Modified Within 30 days]
combo.vbs -> %SystemDrive%\combo.vbs -> [Ver = | Size = 170 bytes | Modified Date = 27.6.2007 16:40:20 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 27.6.2007 16:40:22 | Attr = ]
DC jako -> %SystemDrive%\DC jako -> [Folder | Modified Date = 30.6.2007 15:31:02 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 28.6.2007 18:31:08 | Attr = ]
DeusEx -> %SystemDrive%\DeusEx -> [Folder | Modified Date = 19.6.2007 20:04:02 | Attr = ]
loc.cf -> %SystemDrive%\loc.cf -> [Ver = | Size = 0 bytes | Modified Date = 27.6.2007 16:40:20 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2.7.2007 13:58:48 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 30.6.2007 16:00:52 | Attr = HS]
Tabs -> %SystemDrive%\Tabs -> [Folder | Modified Date = 30.6.2007 17:17:18 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 28.6.2007 12:50:26 | Attr = ]
Wincam -> %SystemDrive%\Wincam -> [Folder | Modified Date = 2.7.2007 18:42:54 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2.7.2007 11:31:54 | Attr = ]
cncscore.ini -> %SystemRoot%\cncscore.ini -> [Ver = | Size = 785 bytes | Modified Date = 30.6.2007 21:05:36 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 28.6.2007 18:27:32 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 29.6.2007 8:38:22 | Attr = S]
goldwave.ini -> %SystemRoot%\goldwave.ini -> [Ver = | Size = 2017 bytes | Modified Date = 25.6.2007 18:40:24 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 21.6.2007 8:57:40 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 24.6.2007 21:05:26 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 28.6.2007 19:20:42 | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 28.6.2007 19:34:22 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 20.6.2007 8:34:00 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 21.6.2007 8:57:40 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3.7.2007 9:40:16 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3.7.2007 9:44:18 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1567 bytes | Modified Date = 26.6.2007 15:36:06 | Attr = ]
arkggxaq.ini -> %System32%\arkggxaq.ini -> [Ver = | Size = 960404 bytes | Modified Date = 28.6.2007 8:05:28 | Attr = HS]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 30.6.2007 15:49:54 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 21.6.2007 8:57:24 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 28.6.2007 14:48:24 | Attr = ]
gjkkj.bak1 -> %System32%\gjkkj.bak1 -> [Ver = | Size = 6369 bytes | Modified Date = 27.6.2007 15:10:16 | Attr = HS]
gjkkj.ini2 -> %System32%\gjkkj.ini2 -> [Ver = | Size = 15860 bytes | Modified Date = 27.6.2007 16:10:10 | Attr = HS]
gjkkj.tmp -> %System32%\gjkkj.tmp -> [Ver = | Size = 15860 bytes | Modified Date = 27.6.2007 16:00:42 | Attr = HS]
jyrhvhep.ini -> %System32%\jyrhvhep.ini -> [Ver = | Size = 960135 bytes | Modified Date = 28.6.2007 14:11:06 | Attr = HS]
kmrtncnx.ini -> %System32%\kmrtncnx.ini -> [Ver = | Size = 960119 bytes | Modified Date = 28.6.2007 14:08:30 | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 0 bytes | Modified Date = 27.6.2007 22:49:44 | Attr = ]
messmshn.ini -> %System32%\messmshn.ini -> [Ver = | Size = 930122 bytes | Modified Date = 28.6.2007 8:05:28 | Attr = HS]
pehvhryj.dll -> %System32%\pehvhryj.dll -> [Ver = | Size = 128576 bytes | Modified Date = 28.6.2007 14:10:34 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 59770 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
perfc00B.dat -> %System32%\perfc00B.dat -> [Ver = | Size = 74002 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 402748 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
perfh00B.dat -> %System32%\perfh00B.dat -> [Ver = | Size = 379112 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 926242 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
sbiccloh.ini -> %System32%\sbiccloh.ini -> [Ver = | Size = 914525 bytes | Modified Date = 24.6.2007 20:38:04 | Attr = HS]
tuvwtrp.dll -> %System32%\tuvwtrp.dll -> [Ver = | Size = 31254 bytes | Modified Date = 23.6.2007 12:35:20 | Attr = ]
txabovkw.ini -> %System32%\txabovkw.ini -> [Ver = | Size = 959999 bytes | Modified Date = 28.6.2007 8:18:28 | Attr = HS]
xoeukbwb.ini -> %System32%\xoeukbwb.ini -> [Ver = | Size = 914647 bytes | Modified Date = 25.6.2007 8:16:36 | Attr = HS]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\daemon.dll -> [Ver = 3.47.0.0 | Size = 69120 bytes | Modified Date = 22.8.2004 18:04:56 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\GizmoZone Screensaver.scr -> [Ver = | Size = 104960 bytes | Modified Date = 12.9.2000 12:30:18 | Attr = ]
UPX! , UPX0 , -> %System32%\bsqt.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 20.12.2004 17:19:14 | Attr = ]
SAHAgent , -> %System32%\clsid.log -> [Ver = | Size = 69027 bytes | Modified Date = 28.2.2003 19:26:36 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41113 bytes | Modified Date = 16.9.2002 15:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 26.1.2006 21:36:02 | Attr = ]
UPX! , UPX0 , -> %System32%\ezStub3.dlltmp -> [Ver = | Size = 32768 bytes | Modified Date = 30.4.2004 21:50:56 | Attr = ]
UPX! , UPX0 , -> %System32%\gp4tweak.dll -> HTECH [Ver = 1.0.4.2 FINAL | Size = 16384 bytes | Modified Date = 3.5.2003 22:38:34 | Attr = ]
UPX! , UPX0 , -> %System32%\lame_enc.dll -> [Ver = | Size = 99840 bytes | Modified Date = 19.7.2002 19:16:06 | Attr = ]
PEC2 , PECompact2 , -> %System32%\pehvhryj.dll -> [Ver = | Size = 128576 bytes | Modified Date = 28.6.2007 14:10:34 | Attr = ]
PEC2 , PECompact2 , -> %System32%\qaxggkra.dll -> [Ver = | Size = 128576 bytes | Modified Date = 1.1.2002 0:07:46 | Attr = ]
UPX! , UPX0 , -> %System32%\TFTP748 -> [Ver = | Size = 1024 bytes | Modified Date = 22.8.2003 0:06:44 | Attr = R ]
PEC2 , PECompact2 , -> %System32%\tuvwtrp.dll -> [Ver = | Size = 31254 bytes | Modified Date = 23.6.2007 12:35:20 | Attr = ]
UPX! , UPX0 , -> %System32%\vbskpro2.ocx -> JB [Ver = 2.01 | Size = 412672 bytes | Modified Date = 9.8.2005 1:07:00 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 16.9.2002 15:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 16.9.2002 12:00:00 | Attr = ]

< End of report >

Auttaja · 03.07.2007

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

==========

1) Lataa http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
2) Tallenna VirtumundoBeGone.exe työpöydällesi.
3) Aja VirtumundoBeGone.exe ja seuraa ohjeita. Älä huoli jos näet sinisen ruudun "Fatal Error" viestin, tämä on normaalia.
4) Kun työkalu on valmis, käynnistä kone uudelleen.

Se luo työpöydällesi lokin nimeltä VBvG.TXT, kopioi ja liitä sen sisältö vastaukseesi.

==========

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\WINDOWS\system32\arkggxaq.ini
C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\gjkkj.tmp
C:\WINDOWS\system32\jyrhvhep.ini
C:\WINDOWS\system32\kmrtncnx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\messmshn.ini
C:\WINDOWS\system32\pehvhryj.dll
C:\WINDOWS\system32\tuvwtrp.dll
C:\WINDOWS\system32\txabovkw.ini
C:\WINDOWS\system32\xoeukbwb.ini
C:\WINDOWS\system32\tuvwtrp.dll
C:\WINDOWS\system32\pehvhryj.dll
C:\WINDOWS\system32\qaxggkra.dll
C:\WINDOWS\system32\tuvwtrp.dll
C:\WINDOWS\system32\dllcache\hwxjpn.dll

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

========

Lataa GMER ja tallenna se työpöydällesi:
[*]Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
[*]Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
[*]Älä rastita "Show All" boksia skannauksen aikana!
[*]Kun skannaus on valmis, klikkaa Copy.
[*]Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
[*]Liitä loki sitten viestiketjuusi.

========

Poista ohjauspaneelin lisää/poista sovelluksen kautta

Trend Micro HijackThis v2.0.0 (BETA)

Sitten lataat viimeisen vakaan version tästä

Asenna, naputtelemalla numerot järjestyksessä.

1.Unzip
2.OK
3.Close

Se ilmestyy tuonne C:\hjt\HiJackThis.exe

Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin:
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.

2. Valitse Uudelleennineä/ Rename.

3. Kirjoita scanner.exe

Vaihtamalla HJT:n nimeä saamme varmuuden, onko koneellasi Vundo-infektiota.

4. Laita uusi Hijackthis-logi

Myös uusi vundo ja virtumonden ja gmer sekä uusi windpfindin logi, aika paljon hommaa mut tulos on hyvä.

aleksi336 · 03.07.2007

Hjt-logi:

Logfile of HijackThis v1.99.1
Scan saved at 19:31:58, on 3.7.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120462482515
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.237.18.99/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6C3B51-5BDC-4A8C-ADD7-51A0E8D55231}: NameServer = 192.168.0.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: PAVWAIT.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Vundofix-logi:

VundoFix V6.5.4

Checking Java version...

Scan started at 15:58:27 3.7.2007

Listing files found while scanning....

C:\windows\system32\arkggxaq.ini
C:\windows\system32\jyrhvhep.ini
C:\windows\system32\pehvhryj.dll
C:\windows\system32\qaxggkra.dll
C:\windows\system32\tuvwtrp.dll

Beginning removal...

Attempting to delete C:\windows\system32\arkggxaq.ini
C:\windows\system32\arkggxaq.ini Has been deleted!

Attempting to delete C:\windows\system32\jyrhvhep.ini
C:\windows\system32\jyrhvhep.ini Has been deleted!

Attempting to delete C:\windows\system32\pehvhryj.dll
C:\windows\system32\pehvhryj.dll Has been deleted!

Attempting to delete C:\windows\system32\qaxggkra.dll
C:\windows\system32\qaxggkra.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvwtrp.dll
C:\windows\system32\tuvwtrp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Auttaja · 03.07.2007

virtumonden ja gmer sekä uusi windpfindin logi?

nuo kaks logia näytti hyvältä

aleksi336 · 03.07.2007

Virtumonde-logi:

[07/03/2007, 16:10:03] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\käyttäjä\Työpöytä\VirtumundoBeGone.exe" )
[07/03/2007, 16:10:11] - Detected System Information:
[07/03/2007, 16:10:11] - Windows Version: 5.1.2600, Service Pack 1
[07/03/2007, 16:10:11] - Current Username: käyttäjä (Admin)
[07/03/2007, 16:10:11] - Windows is in NORMAL mode.
[07/03/2007, 16:10:11] - Searching for Browser Helper Objects:
[07/03/2007, 16:10:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/03/2007, 16:10:12] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/03/2007, 16:10:12] - Finished Searching Browser Helper Objects
[07/03/2007, 16:10:12] - Finishing up...
[07/03/2007, 16:10:12] - Nothing found! Exiting...

Gmer-logi:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-03 19:23:04
Windows 5.1.2600 Service Pack 1

---- System - GMER 1.0.13 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcess
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcessEx
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateSection
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwWriteVirtualMemory

INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys EF38F16D
INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys EF38EFC2

Code \WINDOWS\System32\drivers\fsndis5.sys IoCreateDevice

---- Kernel code sections - GMER 1.0.13 ----

PAGE ntoskrnl.exe!IoCreateDevice 8058D4FE 5 Bytes JMP F9C66FBE \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisRegisterProtocol F9A64B05 5 Bytes JMP F9C66C37 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisOpenAdapter F9A650C3 5 Bytes JMP F9C66EA2 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisCloseAdapter F9A6DD4B 5 Bytes JMP F9C66ED2 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisDeregisterProtocol F9A6DF0A 5 Bytes JMP F9C66C9E \WINDOWS\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisReturnPackets F9A70D00 5 Bytes JMP F9C6AFB8 \WINDOWS\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisRequest F9A70EB6 5 Bytes JMP F9C693F6 \WINDOWS\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisSend F9A7392C 5 Bytes JMP F9C6B27C \WINDOWS\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisSendPackets F9A73941 5 Bytes JMP F9C6B34E \WINDOWS\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisTransferData F9A73954 5 Bytes JMP F9C6B0DA \WINDOWS\System32\drivers\fsndis5.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 847DD960

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F9FEEED0] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F9FEF0B0] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F9FEF2C0] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F9FEF020] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F9FEEFE0] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F9FEEE60] FSrec.sys

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8414D730
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F9A8E812] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP [F9A8E812] fsdfw.sys
Device \Device\NTPNP_PCI0011 IRP_MJ_DEVICE_CONTROL [F9BF7100] pci.sys
Device \Device\NTPNP_PCI0011 IRP_MJ_POWER [F9BF7100] pci.sys
Device \Device\NTPNP_PCI0011 IRP_MJ_SYSTEM_CONTROL [F9BF7100] pci.sys
Device \Device\NTPNP_PCI0011 IRP_MJ_PNP [F9BF7100] pci.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8414D730

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F9FEEED0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F9FEF0B0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F9FEF2C0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F9FEF020] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F9FEEFE0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F9FEEE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F9FEEE60] FSrec.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 84072B70
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 84072B70
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 84072B70
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 84072B70
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 84072B70
Device \FileSystem\InCDfs \GLOBAL??\BsUDF IRP_MJ_READ 841AAA78
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 84240D20

---- Modules - GMER 1.0.13 ----

Module _________ F9B4E000-F9B64000 (90112 bytes)

tarpeetonta tekstiä poistettu välistä sivun leveyden korjaamiseen, käyttäjät, varmistattehan ettette näiden lokien seassa postailisi sähköpostejanne, tässä ainakin löytyi jo kaksi, jotka on nyt poistettu tämän tekstin yhteydessä.
Jannejt

WinPFind-logi:

WinPFind3 logfile created on: 3.7.2007 19:38:28
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\käyttäjä\Työpöytä\Ohjelmia\Puhdistusohjelmat\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

511,49 Mb Total Physical Memory | 119,71 Mb Available Physical Memory | 23,40% Memory free
1,20 Gb Paging File | 0,91 Gb Available in Paging File | 76,04% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,33 Gb Total Space | 19,88 Gb Free Space | 26,05% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-381S7BAPMV
Current User Name: käyttäjä
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
cappswk.exe -> %System32%\spool\drivers\w32x86\3\CAPPSWK.EXE -> CANON INC. [Ver = 1.00.1.012 | Size = 113664 bytes | Modified Date = 15.2.2001 12:00:00 | Attr = ]
caprpcsk.exe -> %System32%\CAPRPCSK.EXE -> CANON INC. [Ver = 1.00.1.012 | Size = 28160 bytes | Modified Date = 15.2.2001 12:00:00 | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.030 | Size = 54784 bytes | Modified Date = 24.6.2004 21:39:42 | Attr = ]
datalayer.exe -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 60, 109, 2 | Size = 819712 bytes | Modified Date = 7.6.2005 11:31:00 | Attr = ]
easyclea.exe -> %ProgramFiles%\ToniArts\EasyCleaner\EasyClea.exe -> ToniArts [Ver = 2.0.6.380 | Size = 2117632 bytes | Modified Date = 15.1.2005 0:38:02 | Attr = ]
f-secure automatic update.exe -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe -> F-Secure Automatic Update [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 29.8.2005 18:47:46 | Attr = ]
fameh32.exe -> %ProgramFiles%\F-Secure\Common\FAMEH32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 270387 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fch32.exe -> %ProgramFiles%\F-Secure\Common\FCH32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 65585 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fih32.exe -> %ProgramFiles%\F-Secure\Common\FIH32.exe -> F-Secure Corporation [Ver = 6.0.8314 | Size = 57393 bytes | Modified Date = 3.6.2005 1:39:40 | Attr = ]
fnrb32.exe -> %ProgramFiles%\F-Secure\Common\FNRB32.exe -> F-Secure Corporation [Ver = 6.0.8314 | Size = 110642 bytes | Modified Date = 3.6.2005 1:39:40 | Attr = ]
fsav32.exe -> %ProgramFiles%\F-Secure\Anti-Virus\FSAV32.exe -> F-Secure Corporation [Ver = 6.00.11210 | Size = 176128 bytes | Modified Date = 24.5.2005 18:24:28 | Attr = ]
fsaw.exe -> %ProgramFiles%\F-Secure\Anti-Spyware\FSAW.exe -> F-Secure Corporation [Ver = 1.1.192 | Size = 86064 bytes | Modified Date = 9.5.2005 11:52:52 | Attr = ]
fsbwsys.exe -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\fsbwsys.exe -> F-Secure Corp. [Ver = 7.00.1 | Size = 270411 bytes | Modified Date = 22.6.2005 20:09:14 | Attr = ]
fsdfwd.exe -> %ProgramFiles%\F-Secure\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 6.00.480 | Size = 208959 bytes | Modified Date = 21.6.2005 18:31:18 | Attr = ]
fsgk32.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 6.00.11191 | Size = 239104 bytes | Modified Date = 10.5.2005 18:44:52 | Attr = ]
fsgk32st.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 4.9.2001 12:15:22 | Attr = ]
fsguidll.exe -> %ProgramFiles%\F-Secure\FSGUI\fsguidll.exe -> F-Secure Corporation [Ver = 6, 20, 11, 0 | Size = 233538 bytes | Modified Date = 15.6.2005 13:30:02 | Attr = ]
fsm32.exe -> %ProgramFiles%\F-Secure\Common\FSM32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 122929 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fsma32.exe -> %ProgramFiles%\F-Secure\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 61490 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fsmb32.exe -> %ProgramFiles%\F-Secure\Common\FSMB32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 180274 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
fsqh.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsqh.exe -> F-Secure Corporation [Ver = 6.00.6.00.11150 | Size = 32826 bytes | Modified Date = 13.4.2005 16:02:40 | Attr = ]
fsrw.exe -> %ProgramFiles%\F-Secure\Anti-Virus\FSRW.exe -> F-Secure Corporation [Ver = 1.1.216 | Size = 159792 bytes | Modified Date = 27.5.2005 8:47:36 | Attr = ]
fssm32.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 6.00.11200 | Size = 183296 bytes | Modified Date = 19.5.2005 15:10:52 | Attr = ]
fwupdate.exe -> %ProgramFiles%\lg_fwupdate\fwupdate.exe -> CST [Ver = 1.00 | Size = 229376 bytes | Modified Date = 12.4.2005 11:11:26 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30.5.2007 15:31:10 | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 18, 0 | Size = 871424 bytes | Modified Date = 8.7.2005 18:24:46 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14.3.2007 3:43:44 | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 60, 25, 5 | Size = 176128 bytes | Modified Date = 29.6.2005 15:29:26 | Attr = ]
mmerefresh.exe -> %ProgramFiles%\Digidesign\Drivers\MMERefresh.exe -> Digidesign, A Division of Avid Technology, Inc. [Ver = 6.1.1.53 | Size = 45056 bytes | Modified Date = 2.9.2003 1:00:00 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 69632 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
servic~1.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 60, 33, 1 | Size = 103424 bytes | Modified Date = 31.5.2005 14:32:28 | Attr = ]
servic~1.exe -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\ServiceWrapper-7681197.exe -> F-Secure Automatic Update [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 29.8.2005 18:47:46 | Attr = ]
winpfind3u.exe -> %UserDesktop%\Ohjelmia\Puhdistusohjelmat\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 23.6.2007 15:15:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 22.7.2005 10:33:22 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30.5.2007 15:31:10 | Attr = ]
(BackWeb Plug-in - 7681197) F-Secure Automatic Update [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\ServiceWrapper-7681197.exe -> F-Secure Automatic Update [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 29.8.2005 18:47:46 | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.030 | Size = 54784 bytes | Modified Date = 24.6.2004 21:39:42 | Attr = ]
(DigiRefresh) Digidesign MME Refresh Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\Digidesign\Drivers\MMERefresh.exe -> Digidesign, A Division of Avid Technology, Inc. [Ver = 6.1.1.53 | Size = 45056 bytes | Modified Date = 2.9.2003 1:00:00 | Attr = ]
(dmadmin) Loogisen levyn hallinnan valvontapalvelu [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 16.9.2002 15:00:00 | Attr = ]
(F-Secure Gatekeeper Handler Starter) FSGKHS [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\Anti-Virus\fsgk32st.exe -> F-Secure Corp. [Ver = 1, 0, 7360, 0 | Size = 45056 bytes | Modified Date = 4.9.2001 12:15:22 | Attr = ]
(F-Secure Network Request Broker) F-Secure Network Request Broker [Win32_Own | On_Demand | Running] -> %ProgramFiles%\F-Secure\Common\FNRB32.exe -> F-Secure Corporation [Ver = 6.0.8314 | Size = 110642 bytes | Modified Date = 3.6.2005 1:39:40 | Attr = ]
(fsbwsys) fsbwsys [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\fsbwsys.exe -> F-Secure Corp. [Ver = 7.00.1 | Size = 270411 bytes | Modified Date = 22.6.2005 20:09:14 | Attr = ]
(FSDFWD) F-Secure Anti-Virus Firewall Daemon [Win32_Own | On_Demand | Running] -> %ProgramFiles%\F-Secure\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 6.00.480 | Size = 208959 bytes | Modified Date = 21.6.2005 18:31:18 | Attr = ]
(FSMA) F-Secure Management Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 61490 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 18, 0 | Size = 871424 bytes | Modified Date = 8.7.2005 18:24:46 | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 69632 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
(StyleXPService) StyleXPService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CAPON -> %System32%\spool\drivers\w32x86\3\CAPONN.EXE -> CANON INC. [Ver = 1.00.1.012 | Size = 22528 bytes | Modified Date = 15.2.2001 12:00:00 | Attr = ]
DataLayer -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 60, 109, 2 | Size = 819712 bytes | Modified Date = 7.6.2005 11:31:00 | Attr = ]
F-Secure Manager -> %ProgramFiles%\F-Secure\Common\FSM32.EXE -> F-Secure Corporation [Ver = 6.0.8314 | Size = 122929 bytes | Modified Date = 3.6.2005 1:37:44 | Attr = ]
F-Secure TNB -> %ProgramFiles%\F-Secure\TNB\tnbutil.exe -> F-Secure Corporation [Ver = 1.05.014 | Size = 684032 bytes | Modified Date = 27.5.2004 11:57:00 | Attr = ]
LGODDFU -> %ProgramFiles%\lg_fwupdate\fwupdate.exe -> CST [Ver = 1.00 | Size = 229376 bytes | Modified Date = 12.4.2005 11:11:26 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9.7.2001 12:50:42 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 4616192 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 323584 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.01.4345 | Size = 49152 bytes | Modified Date = 20.3.2003 17:13:00 | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 60, 25, 5 | Size = 176128 bytes | Modified Date = 29.6.2005 15:29:26 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14.3.2007 3:43:44 | Attr = ]
ToniArts EasyCleaner -> %ProgramFiles%\ToniArts\EasyCleaner\EasyClea.exe -> ToniArts [Ver = 2.0.6.380 | Size = 2117632 bytes | Modified Date = 15.1.2005 0:38:02 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Common Startup > -> C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys ->
%AllUsersStartup%\F-Secure Automatic Update.lnk -> %ProgramFiles%\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe -> F-Secure Automatic Update [Ver = Version 6.3.2 (Build 116R) | Size = 32807 bytes | Modified Date = 29.8.2005 18:47:46 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
PAVWAIT.DLL -> PAVWAIT.DLL -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30.5.2007 15:29:58 | Attr = ]
{7C24493F-3D23-4258-9426-42C5FC3B8211} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (731 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Bar -> ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.fi/ ->
HKCU: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
koti_mbnet.fi [https] -> ->
www_mtv3.fi [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12.1.2006 21:38:22 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14.3.2007 3:43:40 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{70DE7956-479D-4EB7-8641-2B45774C350E} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14.3.2007 3:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14.3.2007 3:43:40 | Attr = ]
{300DB664-75B5-47c0-8B45-A44ACCF73C00} -> Reg Data - Value does not exist [ButtonText: IE Shield] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Block this popup -> %ProgramFiles%\F-Secure\Anti-Spyware\blockpopups.htm -> [Ver = | Size = 380 bytes | Modified Date = 18.11.2004 15:51:56 | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 1.8.2001 18:05:42 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
-> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0ACBACAA-E615-423B-949E-F20237FDAB65} -> () ->
{9E6C3B51-5BDC-4A8C-ADD7-51A0E8D55231} -> 192.168.0.254 (VIA PCI 10/100Mb Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0B79F48A-E8D6-11DB-9283-E25056D89593} -> F-Secure Online Scanner 3.1 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{483912CF-8995-4434-AD61-6163756E05DF} -> AXTNS Control - CodeBase = http://download.livemath.com/activex/AXTNS.ocx ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120462482515 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.4180439815 ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{DE625294-70E6-45ED-B895-CFFA13AEB044} -> AxisMediaControlEmb Class - CodeBase = http://195.237.18.99/activex/AMC.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Created Date = 3.7.2007 16:14:12 | Attr = ]
combo.vbs -> %SystemDrive%\combo.vbs -> [Ver = | Size = 170 bytes | Created Date = 27.6.2007 15:29:43 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 27.6.2007 15:29:40 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 28.6.2007 17:31:06 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536403968 bytes | Created Date = 2.1.1601 22:00:00 | Attr = HS]
HJT -> %SystemDrive%\HJT -> [Folder | Created Date = 3.7.2007 18:30:31 | Attr = ]
loc.cf -> %SystemDrive%\loc.cf -> [Ver = | Size = 0 bytes | Created Date = 27.6.2007 15:29:44 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 26.6.2007 19:58:10 | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Created Date = 3.7.2007 16:21:55 | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 13, 12551 | Size = 581632 bytes | Created Date = 3.7.2007 16:21:54 | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 3.7.2007 16:21:58 | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 3.7.2007 16:21:55 | Attr = ]
vorbis.acm -> %System32%\vorbis.acm -> HMS http://hp.vector.co.jp/authors/VA012897/ [Ver = 0, 0, 3, 6 | Size = 1294336 bytes | Created Date = 22.6.2007 17:16:42 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 28.6.2007 13:48:23 | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Created Date = 3.7.2007 16:21:55 | Attr = ]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 3.7.2007 17:15:34 | Attr = ]
combo.vbs -> %SystemDrive%\combo.vbs -> [Ver = | Size = 170 bytes | Modified Date = 27.6.2007 16:40:20 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 27.6.2007 16:40:22 | Attr = ]
DC jako -> %SystemDrive%\DC jako -> [Folder | Modified Date = 30.6.2007 15:31:02 | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 28.6.2007 18:31:08 | Attr = ]
DeusEx -> %SystemDrive%\DeusEx -> [Folder | Modified Date = 19.6.2007 20:04:02 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536403968 bytes | Modified Date = 3.7.2007 17:18:44 | Attr = HS]
HJT -> %SystemDrive%\HJT -> [Folder | Modified Date = 3.7.2007 19:31:58 | Attr = ]
loc.cf -> %SystemDrive%\loc.cf -> [Ver = | Size = 0 bytes | Modified Date = 27.6.2007 16:40:20 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3.7.2007 13:38:52 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 30.6.2007 16:00:52 | Attr = HS]
Tabs -> %SystemDrive%\Tabs -> [Folder | Modified Date = 3.7.2007 13:25:30 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 3.7.2007 15:58:20 | Attr = ]
Wincam -> %SystemDrive%\Wincam -> [Folder | Modified Date = 2.7.2007 18:42:54 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3.7.2007 17:22:00 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3.7.2007 17:18:46 | Attr = S]
cncscore.ini -> %SystemRoot%\cncscore.ini -> [Ver = | Size = 785 bytes | Modified Date = 30.6.2007 21:05:36 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 28.6.2007 18:27:32 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 29.6.2007 8:38:22 | Attr = S]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Modified Date = 3.7.2007 17:21:56 | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 13, 12551 | Size = 581632 bytes | Modified Date = 29.6.2007 9:38:18 | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 3.7.2007 17:22:00 | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 3.7.2007 17:21:56 | Attr = ]
goldwave.ini -> %SystemRoot%\goldwave.ini -> [Ver = | Size = 2017 bytes | Modified Date = 25.6.2007 18:40:24 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 21.6.2007 8:57:40 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 24.6.2007 21:05:26 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 28.6.2007 19:20:42 | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 28.6.2007 19:34:22 | Attr = ]
lgfwup.ini -> %SystemRoot%\lgfwup.ini -> [Ver = | Size = 288 bytes | Modified Date = 3.7.2007 17:18:56 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3.7.2007 19:33:00 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 20.6.2007 8:34:00 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 21.6.2007 8:57:40 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3.7.2007 17:18:42 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3.7.2007 19:37:06 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1567 bytes | Modified Date = 26.6.2007 15:36:06 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3.7.2007 17:18:48 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 30.6.2007 15:49:54 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3.7.2007 17:18:42 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3.7.2007 17:21:56 | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 3.7.2007 17:20:48 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 59770 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
perfc00B.dat -> %System32%\perfc00B.dat -> [Ver = | Size = 74002 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 402748 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
perfh00B.dat -> %System32%\perfh00B.dat -> [Ver = | Size = 379112 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 926242 bytes | Modified Date = 3.7.2007 9:40:16 | Attr = ]
sbiccloh.ini -> %System32%\sbiccloh.ini -> [Ver = | Size = 914525 bytes | Modified Date = 24.6.2007 20:38:04 | Attr = HS]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1374 bytes | Modified Date = 3.7.2007 16:05:50 | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Modified Date = 3.7.2007 17:21:56 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\daemon.dll -> [Ver = 3.47.0.0 | Size = 69120 bytes | Modified Date = 22.8.2004 18:04:56 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\GizmoZone Screensaver.scr -> [Ver = | Size = 104960 bytes | Modified Date = 12.9.2000 12:30:18 | Attr = ]
UPX! , UPX0 , -> %System32%\bsqt.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 20.12.2004 17:19:14 | Attr = ]
SAHAgent , -> %System32%\clsid.log -> [Ver = | Size = 69027 bytes | Modified Date = 28.2.2003 19:26:36 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41113 bytes | Modified Date = 16.9.2002 15:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.1.1.1031 | Size = 574976 bytes | Modified Date = 26.1.2006 21:36:02 | Attr = ]
UPX! , UPX0 , -> %System32%\ezStub3.dlltmp -> [Ver = | Size = 32768 bytes | Modified Date = 30.4.2004 21:50:56 | Attr = ]
UPX! , UPX0 , -> %System32%\gp4tweak.dll -> HTECH [Ver = 1.0.4.2 FINAL | Size = 16384 bytes | Modified Date = 3.5.2003 22:38:34 | Attr = ]
UPX! , UPX0 , -> %System32%\lame_enc.dll -> [Ver = | Size = 99840 bytes | Modified Date = 19.7.2002 19:16:06 | Attr = ]
UPX! , UPX0 , -> %System32%\TFTP748 -> [Ver = | Size = 1024 bytes | Modified Date = 22.8.2003 0:06:44 | Attr = R ]
UPX! , UPX0 , -> %System32%\vbskpro2.ocx -> JB [Ver = 2.01 | Size = 412672 bytes | Modified Date = 9.8.2005 1:07:00 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 16.9.2002 15:00:00 | Attr = ]

< End of report >

Joo tässä nämä, ku aattelin laittaa eri viestiin notta mahtuis.

Auttaja · 03.07.2007

ok, mielestäni olet nyt melko puhdas

======

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

-> Rekistöröidy. -> Virustorjunta.net
Virustorjunta.net on suomalainen haittaohjelmien poistoon keskittyvä sivusto joka kykenee auttamaan sinua mitä erilaisimmissa ongelmissa. Lisäksi siellä on suomen ainut HJT-koulu. Koulussa syvennytään HJT-ohjelman tuottaman informaation analysoimiseen sekä analysoinnin jälkeiseen tietokoneen puhdistamiseen.

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

aleksi336 · 03.07.2007

Kiitokset avunannosta

Kirjaudu tai liity jäseneksi

Hjt-login tarkastus

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Hjt-login tarkastus

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Auttaja Guest

aleksi336 Member

Jaa tämä sivu

Hyödyllisiä hakuja